I have a Windows Server 2019 providing RDS for users on thin clients. I recently discovered that any user (even without admin rights) can click Start - Settings - Update & Security and trigger download and install of updates. To make matters worse, the Event Log doesn't even appear to record which user triggered the update process. How do I restrict this to administrators only.