locked
How to make WSUS respect clients service channel RRS feed

  • Question

  • I've set up a new WSUS server for my (currently) Windows 10 1607 clients, I've created deployment rings, setup approval policies for each ring and disabled dual scan by setting ‘Do not allow update deferral policies to cause scans against Windows Update’ = Enabled. 

    If I run:

    $ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"
    $ServiceManager.Services

    I can see that WSUS is the default AU service, so that is good.  However, if I set a client to the Semi-Annual Channel (formerly known as Current Branch for Business) by setting HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel = DWORD 20, then approve the 1709 feature update for the client in WSUS, what should I expect?

    What I was expecting was for the client to NOT download 1709 because Microsoft has not yet targeted 1709 to the Semi-Annual Channel, however my client did install the update.  I mean I know I've approved it but shouldn't the client be smart enough to not take it?  Here https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wsus it says:

    Note 
    
    WSUS respects the client’s servicing branch. If you approve a feature update while it is still Current Branch (CB), WSUS will install the update only on PCs that are in the CB servicing branch. When Microsoft releases the build for Current Branch for Business (CBB), the PCs in the CBB servicing branch will install it.
    

    What does this mean?

    I'm finding Microsofts documentation to be very unclear, they're changing how things work with every Windows 10 release and many of the polices are dependent on this or that other policy to be enabled or not.  It seems to be impossible to do some reading then setup policies with expected results, I have to test everything first.  Is anyone else frustrated with this? 




    • Edited by J. Wall Friday, January 12, 2018 9:49 PM
    Friday, January 12, 2018 5:22 PM

All replies

  • Hi,

    >>However, if I set a client to the Semi-Annual Channel (formerly known as Current Branch for Business)

    >>What I was expecting was for the client to NOT download 1709 

    Based on my understanding , the Semi-Annual Channel (CBB ) is defined by MS , you may check the following article (build number "16299.192" of 1709 is in semi-annual channel option  ):

    https://technet.microsoft.com/en-us/windows/release-info.aspx

    To cover you needs , you may configure "defer" in GPO :

    Hope it is useful to you .

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Elton_Ji Sunday, January 28, 2018 11:40 AM
    Monday, January 15, 2018 6:52 AM
  • Hi Elton.  The link you provided does now show 1709 being in the Semi-Annual Channel as of Jan 18 2018, but when I made my original post on Jan 12 I don't believe it was, I fairly certain I checked that table before posting but I can't be sure now.

    Can you confirm whether my expectations on how WSUS should work are correct?  Should my WSUS offer Semi-Annual Channel (Targeted) updates to clients in the Semi-Annual Channel (NON-Targeted) channel?

    I've also read several places that setting the "Select when Feature updates are received" item automatically enables Windows Update for Business and causes WSUS clients to bypass WSUS entirely and go out to the internet for updates, is this true?  My clients are currently on 1609.

    Monday, January 29, 2018 3:34 PM