Quick fix: Find the driver’s Hardware ID in Device Manager. Open gpedit.msc → Computer Configuration → Administrative Templates → System → Device Installation → Device Installation Restrictions. Set Prevent installation of devices that match any of these device IDs to Enabled and add the Hardware ID.

You installed a specific NVIDIA driver version that works perfectly. Windows Update keeps trying to install a newer (buggy for you) version. Or you have a printer driver you don’t want updated. Group Policy can block specific device class updates by hardware ID.

Symptom: You want to block updates to a specific driver while allowing other updates.
Affects: Windows 11 Pro/Enterprise with Group Policy access.
Fix time: 10 minutes.

How Hardware ID blocking works

Windows installers match drivers to devices via Hardware IDs (PCI, USB, etc.). The Device Installation Restrictions policy prevents Windows from installing any driver for hardware matching the listed IDs. Existing drivers stay; new ones are blocked.

Method 1: Find and block the Hardware ID

Device Manager → expand the device’s category → right-click the device → Properties → Details tab.
From the Property dropdown, select Hardware Ids. Note the topmost ID (most specific).
Open gpedit.msc → Computer Configuration → Administrative Templates → System → Device Installation → Device Installation Restrictions.
Open Prevent installation of devices that match any of these device IDs. Set to Enabled. Add the ID.
Also enable Also apply to matching devices that are already installed if you want the block to apply retroactively.
Run gpupdate /force.

Method 2: Registry equivalent for Home edition

Open regedit, navigate to HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions. Create the keys if needed.
Create DWORD DenyDeviceIDs = 1.
Create subkey DenyDeviceIDsList. Inside, create String values 1, 2, etc., each containing one Hardware ID.
Reboot.

Method 3: Combine with wushowhide for cleaner block

Use the Group Policy method for permanent blocking.
Additionally, run wushowhide.diagcab to hide any pending offers for the blocked driver.
Two layers ensure Windows Update doesn’t even offer the driver.

Verification

Run Windows Update → Check for updates. The blocked driver doesn’t appear in pending list.
Run gpresult /h gpresult.html and confirm the Device Installation Restrictions policy is applied.
Device Manager → the device → Driver tab shows the version you wanted to keep.

If none of these work

If the driver still updates, check whether you used the most-specific Hardware ID (deeper IDs are more selective; shallower may be too broad). For chronic update overrides on managed devices, coordinate with IT to add the policy at AD/Intune level.

Bottom line: Hardware ID-based block via Group Policy stops specific driver updates while leaving everything else alone. Find the ID, add it to the block list, gpupdate.