Admins beware: Domain-attached PCs are sprouting Get Windows 10 ads

Microsoft is telling users that their admins are somehow guilty of blocking upgrades to their PCs

Admins beware: Domain-joined PCs are sprouting 'Get Windows 10' ads
Zoran Zeremski/Thinkstock

Admins all over the world are waking up to an unwelcome development: Microsoft has snuck a Get Windows 10 malware variant onto their customers' systems. All signs point to an infected Patch Tuesday update -- above and beyond the Internet Explorer "security" patch with its own Windows 10 ad.

I've seen three confirmed reports this morning -- with corroboration from Rod Trent on WindowsITPro and a burgeoning Reddit thread -- that domain-attached PCs with no admin rights, attached to the WSUS update server, are displaying the well-known Get Windows 10 icon in the system tray. If users click on the icon, they see a very disturbing ad:

gwx for admins

Must be those terrible system admins who are blocking your free upgrade to Win10

Your system administrator has blocked upgrades on this PC

Check with your system administrator about upgrading this PC to Windows 10.

Are you a system administrator? You can customize this app to get your organization upgraded to Windows 10. Find out how.

One admin reports that some domain-attached VLC-licensed PCs installed KB 3035583 -- the widely reviled Get Windows 10 app -- months ago, but that the Get Windows 10 icon didn't appear until now. Another says that the crapware-hiding c:\windows\system32\GWX folder has appeared.

The admins I know are livid. Microsoft's apparently trying to do an end run, telling users that their admins are somehow culpable for blocking upgrades to their PC.

I haven't seen a definitive report on how the embarrassing nag appeared, but I do know the old instructions for disabling it are wrong. In January I talked about the correct registry settings, and Microsoft subsequently revised its description of the settings in KB 3080351. Whether the revised description is correct is anybody's guess. Regardless, the settings don't appear to have any effect on the Get Windows 10 nag that Microsoft documents for this week's Internet Explorer "security" patch, KB 3139929. That nag is supposed to be internal to IE11, which is a different animal altogether.

Do you have any additional information on this "Your system administrator has blocked upgrades on this PC" name-and-shame game? If so, please post here or over on

Copyright © 2016 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon