none
Local Group policy not applying after Task Sequence completes - Win10 RRS feed

  • Question

  • When machine are build using sccm 1806 machine are missing local group policy for wsus.

    When machine is build and you login with a domain acount, i dont see any wsus settings under

    HKLM/Software/policy/micosoft/windows/windowsupdate

    I should have following settings

    Becasue these settings are not configure the the machine are talking to microsoft and download any updates which is avaiable including the updates which we havent approved in sccm.


    • Edited by lalaJee Thursday, January 23, 2020 7:43 PM
    Thursday, January 23, 2020 7:43 PM

Answers

  • The wsus local policy dont get apply when you build machine it takes time for wsus setting to be register in client machine.

    You can stop windows update by configureing below policy


    • Marked as answer by lalaJee Friday, February 7, 2020 8:05 PM
    Friday, February 7, 2020 8:04 PM

All replies

    • Marked as answer by lalaJee Wednesday, January 29, 2020 11:57 AM
    • Unmarked as answer by lalaJee Friday, February 7, 2020 8:05 PM
    Thursday, January 23, 2020 8:15 PM
  • This looks to be a follow on from https://social.technet.microsoft.com/Forums/en-US/7dccfdfa-731f-4c1e-841d-c684fd4c1184/windows-10-1709-upgrading-to-new-version-of-windows?forum=ConfigMgrCompliance#b1c6e3a5-2998-493a-92d3-64e0aba1d5cb.

    Have you reviewed wuahandler.log?

    Also, if you have a WSUS server set here as shown in your image, that means domain group policy is setting it which will always win which takes us back to the other post where it was discussed that you should not be using a domain group policy for this.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Marked as answer by lalaJee Wednesday, January 29, 2020 11:57 AM
    • Unmarked as answer by lalaJee Friday, February 7, 2020 8:05 PM
    Thursday, January 23, 2020 10:13 PM
  • Hi,

    >>When machine are build using sccm 1806 machine are missing local group policy for wsus.

    The OOBE reset the wsus settings?

    You could use script to modify the registry and force a restart at end of the Task Sequence.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 24, 2020 6:18 AM
    Moderator
  • This looks to be a follow on from https://social.technet.microsoft.com/Forums/en-US/7dccfdfa-731f-4c1e-841d-c684fd4c1184/windows-10-1709-upgrading-to-new-version-of-windows?forum=ConfigMgrCompliance#b1c6e3a5-2998-493a-92d3-64e0aba1d5cb.

    Have you reviewed wuahandler.log?

    Also, if you have a WSUS server set here as shown in your image, that means domain group policy is setting it which will always win which takes us back to the other post where it was discussed that you should not be using a domain group policy for this.


    Jason | https://home.configmgrftw.com | @jasonsandys

    We are not using windows 10 1909, we are using 1709 and soon will be moving to 1809

    I can see this policy

    -Join Microsoft MAPS

    but i dont know if this policy is configure or not as i dont see it. Does anyone know the location for this policy

    -Select cloud protection level

    Friday, January 24, 2020 8:40 AM
  • Hi,

    >>When machine are build using sccm 1806 machine are missing local group policy for wsus.

    The OOBE reset the wsus settings?

    You could use script to modify the registry and force a restart at end of the Task Sequence.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Do you mean after the system is build apply .reg file to add wsus settings into registry on the system and then reboot the machine.

    Friday, January 24, 2020 8:45 AM
  • What does this question have to do with this thread?

    I'm not even sure what you are asking here.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, January 24, 2020 2:29 PM
  • If you build a winows 10 1709 or 1803 or 1809 machine and login with domian account and go to following key "HKLM/Software/policy/micosoft/windows/windowsupdate"

    Do you see WSUS settings?

    Friday, January 24, 2020 3:26 PM
  • Not sure why you're asking me what I see.

    Settings will be in that registry key if you have a group policy applied, if someone manually edited the registry (in the image or as part of the deployment) or if the ConfigMgr client agent is installed and software updates are enabled.

    If you build a clean system without any of the above, then no, there won't be any settings in this key -- it won't even exist.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Marked as answer by lalaJee Wednesday, January 29, 2020 11:57 AM
    • Unmarked as answer by lalaJee Friday, February 7, 2020 8:04 PM
    Friday, January 24, 2020 4:50 PM
  • Hi,

    The key point is how do you want to control your client WSUS Settings? 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 27, 2020 3:12 AM
    Moderator
  • The wsus local policy dont get apply when you build machine it takes time for wsus setting to be register in client machine.

    You can stop windows update by configureing below policy


    • Marked as answer by lalaJee Friday, February 7, 2020 8:05 PM
    Friday, February 7, 2020 8:04 PM