locked
Delivery Optimization GPO RRS feed

  • Question

  • Hello All,

    I'm new to the delivery optimization and I would like to know the capability of delivery optimization for patch deployment using WSUS.

    Our environment has a single WSUS server for patching machines located in same geographical region but unfortunately our network infra is not strong enough to handle the Windows 10 cumulative updates. Recently I came across an article about delivery optimization which I believe has the capability of fixing the throttling network. As far as I'm aware this requires a GPO to be configured and need your help on configuring two settings Download Mode and Group ID. I prefer to use Download Mode as Group, in that case how can I configure the group ID? The group ID seems to be a GUID, how can I generate a Group ID. Also I do not want my client machines to go in internet and look for contents, how can I limit this to my network only. Are there any firewalls needs to be configured for delivery optimization?

    Thanks,

    Wednesday, March 18, 2020 9:28 AM

All replies

  • I prefer to use Download Mode as Group, in that case how can I configure the group ID? The group ID seems to be a GUID, how can I generate a Group ID. Also I do not want my client machines to go in internet and look for contents, how can I limit this to my network only. Are there any firewalls needs to be configured for delivery optimization?

    Hi,
      

    Based on your description, I did some research on the Delivery Optimization feature of Windows 10.
    When we set the mode of Delivery Optimization to "Group (2)", it will limit the population of PCs that can be considered peers to just those in a particular group:
       

    • With Windows 10 1511, groupings are based on the AD domain and an optional group ID that you can set via policy.
    • With Windows 10 1607, the groups are based on AD domain and AD site, and can also add in an optional group ID.
         

    So, regarding the GUID of the group in AD, you can query it in Powershell on the domain controller with the following command:
        

    Get-ADGroup -Identity %ADGROUPNAME%
                  

    As shown in the screenshot below, I tried to query the GUID of a group I created.


       

    Then, regarding the actions of the organization client accessing the Internet for updates, you can consider enabling this by enabling the following group policies:
       

    • Turn off access to all Windows Update features
      (Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\)
          

    This will prevent clients from accessing Windows Update.
    Hope the above can help you.
       

    Regards,
    Yic


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 19, 2020 2:14 AM