locked
Windows 10 and WSUS RRS feed

  • Question

  • Hi All,

    I have had WSUS setup on my Server2008R2 for a few years now and it works great for patching my WIN 7 workstations.

    I now have rolled out just a few WIN 10 workstations to the network. I am able to approve of the WIn 10 updates in WSUS, but is this truely where WIN 10 is getting the updates?

    How can I make sure that WIN 10 is only getting updates from WSUS and not going out to the Internet or other local PCs for its updates?

    Tuesday, September 1, 2015 2:40 PM

Answers

All replies

  • Am 01.09.2015 schrieb decki:

    How can I make sure that WIN 10 is only getting updates from WSUS and not going out to the Internet or other local PCs for its updates?

    Did your W10 Clients get the GPO for your WSUS? You have to control
    this. And you can set a new GPO-Setting:

    No Connection to Windows Update-Internetadress > activate.


    Servus
    Winfried

    Gruppenrichtlinien
    HowTos zum WSUS Package Publisher
    WSUS Package Publisher
    HowTos zum Local Update Publisher
    NNTP-Bridge für MS-Foren

    • Proposed as answer by Steven_Lee0510 Sunday, October 11, 2015 1:57 PM
    • Marked as answer by Steven_Lee0510 Sunday, October 11, 2015 11:13 PM
    Tuesday, September 1, 2015 4:48 PM
  • yes, the win 10 stations have gotten the GPO for WSUS.

    registry settings and wsus hostname is correct.

    What do you mean by "no connection to windows update-internetaddress > activate"?

    Tuesday, September 1, 2015 6:48 PM
  • Am 01.09.2015 schrieb decki:

    What do you mean by "no connection to windows update-internetaddress > activate"?

    In Computerconfig > Windows Components > Windows Update you find this
    setting. You can set it for deactivate clients to connect to WU
    direct.


    Servus
    Winfried

    Gruppenrichtlinien
    HowTos zum WSUS Package Publisher
    WSUS Package Publisher
    HowTos zum Local Update Publisher
    NNTP-Bridge für MS-Foren

    Tuesday, September 1, 2015 8:26 PM
  • Also, in WIN 10 > Settings > Update & Security > Windows Update > Advanced > Choose how updates are delivered >

    How/where can I find the policy to disable the PC from sending updates out to other PCs on the Internet?

    • Proposed as answer by dawilk Thursday, October 15, 2015 8:35 PM
    • Unproposed as answer by dawilk Thursday, October 15, 2015 8:35 PM
    Wednesday, September 2, 2015 11:12 AM
  • New GPO settings in Windows 10.

    Grab the latest ADMX here: https://www.microsoft.com/en-us/download/details.aspx?id=48257

    The setting is Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization > Download Mode=0

    This setting specifically manages how downloads occur. The verbiage isn't clear as to whether it also manages uploads. If you don't want to assume that it covers both, touch the neighboring policies regarding Cache and Upload Bandwidth. I expect that setting those to zero will ensure no outbound connections.


    • Edited by dawilk Thursday, October 15, 2015 8:44 PM adding link
    Thursday, October 15, 2015 8:43 PM