Wednesday , August 12 2020

Policies you should never configure on Windows 10 with WSUS

When you have windows 10 in your environment and machines are configured with Windows Server Update Services. You should never configure Branch readiness level or tried to delay or defer feature  upgrades or quality updates using group policy.

If you do that . The moment any one of these policies are configured, even if these are set to be “disabled”, a new behavior known as Dual Scan is invoked in the Windows Update agent. where windows will try to update from Online servers directly and from wsus. and you can see random clients getting feature upgrades.


Random clients will start getting feature upgrades in a windows environment like below. Causing inconsistent versions in the environment. when you have various clients computers using legacy applications. you never want to roll out something which you never tested.


Once you set these Policies to “Not Configured”

Windows Updates Registry – When any of the policies configured.


When all the policies set to Not Configured. Requesting the Windows 10 clients to talk to Speak to wsus only for upgrades and updates.



Reference link –

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

OAuth and Microsoft Graph on Exchange on-premises with Hybrid Modern Authentication

Hybrid Modern Authentication (HMA) for Exchange On-Premises is being there for while which has a …

Leave a Reply

Your email address will not be published.