29 C
Dubai
Wednesday, December 11, 2024

Policies you should never configure on Windows 10 with WSUS

When you have windows 10 in your environment and machines are configured with Windows Server Update Services. You should never configure Branch readiness level or tried to delay or defer featureĀ  upgrades or quality updates using group policy.

If you do that . The moment any one of these policies are configured, even if these are set to be ā€œdisabledā€, a new behavior known as Dual Scan is invoked in the Windows Update agent. where windows will try to update from Online servers directly and from wsus. and you can see random clients getting feature upgrades.

image

Random clients will start getting feature upgrades in a windows environment like below. Causing inconsistent versions in the environment. when you have various clients computers using legacy applications. you never want to roll out something which you never tested.

image

Once you set these Policies to ā€œNot Configuredā€

Windows Updates Registry ā€“ When any of the policies configured.

image

When all the policies set to Not Configured. Requesting the Windows 10 clients to talk to Speak to wsus only for upgrades and updates.

image

 

Reference link –

https://cloudblogs.microsoft.com/windowsserver/2017/01/09/why-wsus-and-sccm-managed-clients-are-reaching-out-to-microsoft-online/

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

× How can I help you?