locked
Update Rollout Based on Build RRS feed

  • Question

  • Hello!

    I'm new to WSUS, and a tad confused on how I can rollout updates to multiple computers with different Windows 10 builds.
    More specifically, I am attempting to rollout the Windows 10 patch from this Bulletin:
    https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

    At the bottom of that page, the updates for Windows 10 vary based on which build you have. In my environment we have multiple builds. In WSUS I can only simply approve an update for a group of computers- so will it simply not run the update if the builds do not match, in which case I can download the MSU for all windows builds and run them at once to cover my ground?

    Hopefully thats not too confusing, and I appreciate any assistance or time spent reading my post!

    Wednesday, May 17, 2017 7:48 PM

Answers

  • Hello!

    I'm new to WSUS, and a tad confused on how I can rollout updates to multiple computers with different Windows 10 builds.
    More specifically, I am attempting to rollout the Windows 10 patch from this Bulletin:
    https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

    At the bottom of that page, the updates for Windows 10 vary based on which build you have. In my environment we have multiple builds. In WSUS I can only simply approve an update for a group of computers- so will it simply not run the update if the builds do not match, in which case I can download the MSU for all windows builds and run them at once to cover my ground?

    Hopefully thats not too confusing, and I appreciate any assistance or time spent reading my post!


    for your example, MS17-010, for Win10;
    Windows 10 Version 1507, KB4012606 applies.
    Windows 10 Version 1511, KB4013198 applies.
    Windows 10 Version 1607, KB4013429 applies.
    If you were to approve those KBnumbers against your "mixed version" Win10 group in WSUS, when each Win10 PC connects to your WSUS and each PC performs a detection/scan, each PC will only perform detection/scan for suitable updates and will ignore unsuitable updates.
    Each PC is effectively filtering based on it's own situation and will ignore approvals for non-matching versions/products.

    In a similar way, if you approve a KBnumber for updating of Office2010, and a PC has no Office at all, or the PC has Office2013, the approval for that Office2010 update is ignored by that PC.

    e.g., you perform approval of Win8.1/KB123456 for a WSUS group containing a PC named "JACOB-PC", but JACOB-PC has Win10 and does not have Win8.1, then JACOB-PC will completely ignore Win8.1/KB123456, because the product/version is not matched i.e. it is NotApplicable.
    In this example, JACOB-PC will not even download the KB123456 to the C: drive, it will not attempt that update at all. (because in truth, JACOB-PC is not even performing a detection/scan for Win8.1/KB123456)

    Don [doesn't work for MSFT, and they're probably glad about that ;]

    • Marked as answer by Jacob Ya Thursday, May 18, 2017 4:51 PM
    Thursday, May 18, 2017 9:55 AM

All replies

  • Hi,
    If you are using WSUS for installing updates, WSUS don’t rollout updates to computers, it only keep the updates on it, and the clients will send report for WSUS to request their needed updates, after WSUS receive the report from clients, and then clients will download their requested updates from WSUS automatically if the updates are approved on WSUS.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, May 18, 2017 5:45 AM
  • Hello!

    I'm new to WSUS, and a tad confused on how I can rollout updates to multiple computers with different Windows 10 builds.
    More specifically, I am attempting to rollout the Windows 10 patch from this Bulletin:
    https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

    At the bottom of that page, the updates for Windows 10 vary based on which build you have. In my environment we have multiple builds. In WSUS I can only simply approve an update for a group of computers- so will it simply not run the update if the builds do not match, in which case I can download the MSU for all windows builds and run them at once to cover my ground?

    Hopefully thats not too confusing, and I appreciate any assistance or time spent reading my post!


    for your example, MS17-010, for Win10;
    Windows 10 Version 1507, KB4012606 applies.
    Windows 10 Version 1511, KB4013198 applies.
    Windows 10 Version 1607, KB4013429 applies.
    If you were to approve those KBnumbers against your "mixed version" Win10 group in WSUS, when each Win10 PC connects to your WSUS and each PC performs a detection/scan, each PC will only perform detection/scan for suitable updates and will ignore unsuitable updates.
    Each PC is effectively filtering based on it's own situation and will ignore approvals for non-matching versions/products.

    In a similar way, if you approve a KBnumber for updating of Office2010, and a PC has no Office at all, or the PC has Office2013, the approval for that Office2010 update is ignored by that PC.

    e.g., you perform approval of Win8.1/KB123456 for a WSUS group containing a PC named "JACOB-PC", but JACOB-PC has Win10 and does not have Win8.1, then JACOB-PC will completely ignore Win8.1/KB123456, because the product/version is not matched i.e. it is NotApplicable.
    In this example, JACOB-PC will not even download the KB123456 to the C: drive, it will not attempt that update at all. (because in truth, JACOB-PC is not even performing a detection/scan for Win8.1/KB123456)

    Don [doesn't work for MSFT, and they're probably glad about that ;]

    • Marked as answer by Jacob Ya Thursday, May 18, 2017 4:51 PM
    Thursday, May 18, 2017 9:55 AM
  • That is perfect! I greatly appreciate the time you have taken to write such a descriptive answer. I have approved each of the applicable KB updates listed under the MS17-010 bulletin for all affected computers.
    Thursday, May 18, 2017 4:53 PM