Jump to content


Question

Hi everyone,

 

I have an issue with IE 11, IE blocker and Windows updates.

I want to prevent users from installing IE11 from Windows Updates (We have SCCM 2012 R2 and SUP is deployed).

I created a software update group that contains all Windows 7 updates but excludes IE11.

Our users are local administrators of their computers.

 

I tried to add the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\11.0\ DWORD DoNotAllowIE11 value 1 but it doesn’t seem to work.

If a user clicks on Windows updates, he will see the IE11 update available.

I attached some screenshots.

I also don’t understand why so many updates are available whereas I have not deployed any of them to any collection?

Is it because users are administrators and they can see all the updates available on the SUP ?

Internet explorer 11 is not available neither in the software group nor in the package.

 

Thank you for your help !

 

 

post-17351-0-37500700-1406396689_thumb.png

post-17351-0-01248700-1406396696_thumb.png

post-17351-0-36497700-1406396701_thumb.png

Share this post


Link to post
Share on other sites

7 answers to this question

Recommended Posts

  • 0

Ok, from what I see, it looks like if I click on "Check for updates", it going to send a request directly to the WSUS and don't use the software update point.

Moreover if I try to install an update, it is downloaded directly from WSUS and not from the distribution point.

I didn't install WSUS and SCCM, do you think SUP/WSUS could have been installed incorrectly or something is missing ?

Thanks.

Share this post


Link to post
Share on other sites

  • 0

well it sounds like the clients are using WSUS or the Internet to download their updates, have you verified any of the settings in your Software Update Collections, for example add some virtual machines to those collections and test deploying updates to them, what happens (if anything)

Share this post


Link to post
Share on other sites

  • 0

Hi,

 

You were right, clients were using WSUS directly instead of the SUP.

Apparently ,the WSUS role had been configured directly...

To make it work properly, I had to uninstall WSUS and SUP and then re-install the role WSUS and SUP.

Everything is back to normal now.

 

Thanks

Share this post


Link to post
Share on other sites

  • 0

great stuff Lionel,

for the benefit of others coming to this thread, please share with them how you determined the clients were getting their updates from WSUS

Share this post


Link to post
Share on other sites

  • 0

Thanks.

In the control panel, when I was clicking on "Check updates", I could see a list of updates whereas I didn't advertise any updates to the collection which the computer belongs to.

For testing, I installed one of the updates and ran a network trace with wireshark.

I could identify (with the IP address) that the computer was downloading the updates from the WSUS server and not from my local distribution point.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.