I figure if you’re going to run Windows 10 just for games and the adobe stuff, run it through a whitelisted hardware firewall so the Spyware that is Windows 10 won’t phone home to the Mothership. It would still be a good idea to download updates from a trusted third party hosted updates because worms could still happen if it’s connected to the LAN and if MS ever makes an update that turns your machine into Windows 10 S or have an always online check-in, you can just block it.
I figure force installing Windows 7 and 8.1 updates on new hardware is only a short term solution because they’re not going to be supported forever and they’re blocking support for new CPUs an easy way to axe support with older OSes and you’re missing out on new features like HDR10.
There’s also this if you just want “de-spy” for 7/8.1:
another option is to make a squid cache for updates, blocking the same ones listed in the readme.md and hosts file of that repo, so that every win7/8/10 machine on your lan doesn’t install the malicious backports
Also I think the original posters idea won’t work because if you try to block the spy ware Windows 10 won’t work, the best thing to do is run Windows 10 in a virtual machine with just your games and only Windows programs installed.