Jump to content


LionelB

SUP IE11 Blocker

By LionelB, in Software Update Point

Recommended Posts

LionelB    0

LionelB
Posted

Hi everyone,

 

I have an issue with IE 11, IE blocker and Windows updates.

I want to prevent users from installing IE11 from Windows Updates (We have SCCM 2012 R2 and SUP is deployed).

I created a software update group that contains all Windows 7 updates but excludes IE11.

Our users are local administrators of their computers.

 

I tried to add the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\11.0\ DWORD DoNotAllowIE11 value 1 but it doesn’t seem to work.

If a user clicks on Windows updates, he will see the IE11 update available.

I attached some screenshots.

I also don’t understand why so many updates are available whereas I have not deployed any of them to any collection?

Is it because users are administrators and they can see all the updates available on the SUP ?

Internet explorer 11 is not available neither in the software group nor in the package.

 

Thank you for your help !

 

 

post-17351-0-37500700-1406396689_thumb.png

post-17351-0-01248700-1406396696_thumb.png

post-17351-0-36497700-1406396701_thumb.png

Share this post

Link to post
Share on other sites


LionelB    0

LionelB
Posted

Ok, from what I see, it looks like if I click on "Check for updates", it going to send a request directly to the WSUS and don't use the software update point.

Moreover if I try to install an update, it is downloaded directly from WSUS and not from the distribution point.

I didn't install WSUS and SCCM, do you think SUP/WSUS could have been installed incorrectly or something is missing ?

Thanks.

Share this post

Link to post
Share on other sites

anyweb    461

anyweb
Posted

well it sounds like the clients are using WSUS or the Internet to download their updates, have you verified any of the settings in your Software Update Collections, for example add some virtual machines to those collections and test deploying updates to them, what happens (if anything)

Share this post

Link to post
Share on other sites

LionelB    0

LionelB
Posted

Hi,

 

You were right, clients were using WSUS directly instead of the SUP.

Apparently ,the WSUS role had been configured directly...

To make it work properly, I had to uninstall WSUS and SUP and then re-install the role WSUS and SUP.

Everything is back to normal now.

 

Thanks

Share this post

Link to post
Share on other sites

anyweb    461

anyweb
Posted

great stuff Lionel,

for the benefit of others coming to this thread, please share with them how you determined the clients were getting their updates from WSUS

Share this post

Link to post
Share on other sites

LionelB    0

LionelB
Posted

Thanks.

In the control panel, when I was clicking on "Check updates", I could see a list of updates whereas I didn't advertise any updates to the collection which the computer belongs to.

For testing, I installed one of the updates and ran a network trace with wireshark.

I could identify (with the IP address) that the computer was downloading the updates from the WSUS server and not from my local distribution point.

Share this post

Link to post
Share on other sites

HBacon    0

HBacon
Posted

Hi Lionel,

 

How dit you prevent your users from installng IE11 and do you use an Automatic Deployment Rule (ADR) for you monthly MS updates?

 

Regard,

Hans

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go To Topic Listing
×
×
  • Create New...