Jump to content





Recommended Posts

Our Windows 10 Enterprise PCs were getting updates directly from the Internet saturating our pipe.

To stop this behavior we had to block a range of WindowsUpdate IP at the firewall but later just stopped the Windows Update service on every Windows 10 1607 PC.
We are using SCCM 1610 (WSUS installed same server) - Windows 7 PCs not a problem just Windows 10.

By doing an RSOP to a workstation, the Specify Intranet Microsoft Update Service Location points to http://server.contosto.com:8530, our GPOs are the following:

 

 

Administrative Templates/Windows Components/Windows Update/Defer Windows Update/Defer

Select when Feature Updates are received - Enabled - 180 days

Administrative Templates/Windows Components/Delivery Optimization

Download mode - bypass


Under Settings, Choose how updates are delivered - When this is turned on, your pc ... that settings is gray out, PCs on my local network and PCs on my local network and PCs on the Internet nothing (no option selected.)

How do you stop from Windows 10 1607 to get updates to the Internet? What am I missing? That shouldn't be the behavior, we like to control when updates are delivered.

Share this post


Link to post
Share on other sites


Hi

 

I've just discovered this as an issue when looking at the latest hotfix for 1610, apparently its a known issue when the defer updates option is set in GPO, Microsoft recomment that you DO NOT set these GPO's as it will cause a dual scan issue.

 

https://support.microsoft.com/help/4010155 is the article related to the hotfix, however I've also come accross these two article as well:-

https://blogs.technet.microsoft.com/windowsserver/2017/01/09/why-wsus-and-sccm-managed-clients-are-reaching-out-to-microsoft-online/

https://blogs.technet.microsoft.com/askpfeplat/2017/02/21/identifying-waas-systems-using-config-manager/

 

So that begs the question, how the hell do you set the machines up for CB and CBB? I've been on it the last two days tryign to work it out but cannot figure it out without setting these GPO's aarrggghhhh!!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×