I've set up a new WSUS server for my (currently) Windows 10 1607 clients, I've created deployment rings, setup approval policies for each ring and disabled dual scan by setting ‘Do not allow update deferral policies to cause scans against
Windows Update’ = Enabled.
If I run:
$ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"
$ServiceManager.Services
I can see that WSUS is the default AU service, so that is good. However, if I set a client to the Semi-Annual Channel (formerly known as Current Branch for Business) by setting HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel
= DWORD 20, then approve the 1709 feature update for the client in WSUS, what should I expect?
What I was expecting was for the client to NOT download 1709 because Microsoft has not yet targeted 1709 to the Semi-Annual Channel, however my client did install the update. I mean I know I've approved it but shouldn't the client be smart enough
to not take it? Here
https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wsus it says:
Note
WSUS respects the client’s servicing branch. If you approve a feature update while it is still Current Branch (CB), WSUS will install the update only on PCs that are in the CB servicing branch. When Microsoft releases the build for Current Branch for Business (CBB), the PCs in the CBB servicing branch will install it.
What does this mean?
I'm finding Microsofts documentation to be very unclear, they're changing how things work with every Windows 10 release and many of the polices are dependent on this or that other policy to be enabled or not. It seems to be impossible to do some reading
then setup policies with expected results, I have to test everything first. Is anyone else frustrated with this?
How to make WSUS respect clients service channel
