Group Policy Edit is the way to restrict many things. Disabling automatic updates helps. I have had forced reboots very rarely, I believe that were severe vulnerability fixes.
But my use case is never 24/7, I hibernate it overnight and every time I leave for longer than going to a grocery shop, and I have several Proxmox boxes with proper OSes for hosting stuff. Windows + WSL is my dev/media/web/files/OneDrive machine, a compact silent SFF box that is powerful enough for 90+% of my daily tasks. Lately I try Linux Desktop on Fedora/Ubuntu with every major version, however RDP server and secure boot that I can trust to work and not break myself - these things remain unsatisfactory.
I disabled auto updates by pinning the target version in group policy and then finding some hacks on the web to make it always ask before download. I've run many other random scripts and then found Windhawk to remove more annoyances (taskbar and sections of start menu).
I then shut down more things and disabled Bluetooth on lock. It is now usable and doesn't crash but feels very fragile. I will soon face dilemma of allowing "feature" updates or be out of security ones.
But my use case is never 24/7, I hibernate it overnight and every time I leave for longer than going to a grocery shop, and I have several Proxmox boxes with proper OSes for hosting stuff. Windows + WSL is my dev/media/web/files/OneDrive machine, a compact silent SFF box that is powerful enough for 90+% of my daily tasks. Lately I try Linux Desktop on Fedora/Ubuntu with every major version, however RDP server and secure boot that I can trust to work and not break myself - these things remain unsatisfactory.