Limit Windows Update Bandwidth using GPO settings - so far not working RRS feed

  • Question

  • I am trying to prepare my organization for Win10.  One of the obstacles I have is that a single machine, downloading updates, consumes the entire bandwidth for my site and causes 10-30 other people to be unable to do anything at all on the wide area network.  I have 4 physical sites that are all routable on my internal network; none of them have very good bandwidth.  in fact the bandwidth limits are (10Mb, 4.5Mb, 3Mb, and 3Mb).  I have database servers, email servers, file servers, etc at the various sites and people need access to them from the other sites.  Also, sometimes people need the internet.

    For Win7 I have been able to use reg key settings to limit BITS to 1Mb per machine and this has proven sufficient to allow a machine to download windows updates during working hours and not saturate the bandwidth.  All the Win7 machines are configured through GPO to download and install updates at 3:00AM every day.  This has always worked fine.

    Based on my reading I was under the impression that I could use the GPO settings in Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization to customize how Win10 gets updates but they do not seem to be working correctly.

    Specifically, I am setting the Maximum Download Bandwidth (in KB/s) to 1024 to attempt to limit the machine to 1Mb and it is not working.  On a fresh install, with GPO applied (and confirmed in RSOP) kicking off a check for updates immediately causes the machine to saturate the entire site bandwidth.  I can verify in task manager that the NIC on the new Win10 machine is using as much bandwidth as the site has available.

    I have also tried setting the Download mode to 100 (Bypass) which is supposed to disable Delivery Optimization and fall back to BITS and then using the same Reg key setting that work in Win7 to limit BITS to 1Mb and this also does not work as expected.  The exact same thing happens when I go to check for updates, the machine immediately saturates the available bandwidth pipe and effectively DOS's everyone else.

    I absolutely can't roll out Win10 with this problem unresolved.  WSUS is not a great option for me based on infrastructure limitations and distributed site topology.

    Tuesday, May 8, 2018 9:00 PM

All replies

  • Hi,

    Disable your firewall and security software to check.

    If you use a metered or capped Internet connection, Delivery Optimization won’t automatically download or send parts of updates or apps to other PCs on the Internet.

    If you're on Windows 10 V1709, make sure Group Policy 'Allow updates to be downloaded automatically over metered connections' under Computer Configuration > Administrative Templates > Windows Components > Windows Update is set to Disabled or Not Configured.

    Check if we could use the registry to limit it.

    The settings for Delivery Optimization is stored in the registry key below


    REG_DWORD Value: DODownloadMode

    0 = Off

    1 = On, PCs on my local network

    3 = On, PCs on my local network, and PCs on the Internet

    Based on my check, Delivery Optimization should be working. Here is the link on configuration options for DO

    There is download mode where you can specify where the clients can get the updates from

    There are only ETL trace file for Delivery Optimization ( c:\windows\logs\dosvc) we could check.

    Hope it will be helpful to you

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Wednesday, May 9, 2018 7:54 AM
  • I am not using a metered connection.  I have the vast majority of the settings at default (or rather not configured) for the enterprise version of Win10.  So metered connection is not configured, download mode is default for enterprise which is 1.  I'm fine with downloading from PC's on the network, in fact it's a good thing.  But I have no PC's on the network running Win10 other than the single test box which I am using to try and work out these downloading issues so there are no peers to download from.  Irregardless it isn't an issue of the source of the update, the issue is that the Maximum Download Bandwidth (in KB/s) setting is not working at all.  It isn't limiting the download speed.  The other limiting settings are all based on percentage so they are useless since 1% of a Gb connection is still 10Mb which will still overwhelm the site bandwidth.

    I was already referencing the page you linked for my testing.  I don't see anything helpful there as to why the Maximum Download Bandwidth (in KB/s) is not working, hence the reason for my posting here.  I am unable to get anything useful from those logs.  Event viewer will load them but they are all showing something like "Unknown(<some number here>): GUID=<some GUID here> (No Format Information Found)."

    Wednesday, May 9, 2018 3:35 PM
  • I was able to make the fallback to BITS (download mode 100) and the BITS limitations work by putting it all in a GPO.  Previously I had been using a combination of local policies and .reg file merges so maybe something wasn't applying correctly.  At any rate this is working to limit the update bandwidth to 1Mb.  I would however like to use DO in the future because downloading from peers on the network has some real advantages.

    EDIT: Further testing shows that these settings do not work to limit bandwidth in 1709 for foreground updates, at least in regards to the feature update to 1803.  So these settings appear to work correctly for 1803 but there is no feature update past 1803 so maybe they don't work there either and I just don't know yet.  For background updates they do seem to work though.

    I want to test feature updates to see if certain annoyingly unnecessary pre-installed apps are going to reappear after I have already removed them when a feature update installs.  So I have a machine on 1709 with the settings mentioned above to fallback to BITS and BITS limit set to 1MB in the registry.  When I initiate an update (foreground update) the 1MB limit or the BITS fallback is ignored when it tries to get the feature update specifically.  Other updates seem to stay limited from what I can see so far.  I rebooted and did not initiate the update but looked at update status along with Ethernet usage in task manager and now it is downloading the feature update (background update) and observing the 1MB limit.

    • Edited by MnM Show Monday, May 14, 2018 6:13 PM
    Wednesday, May 9, 2018 5:23 PM

    After installing the feature update to 1803 the fallback to BITS and BITS limit are no-longer being respected for foreground updates at all but still seem to work for background updates. 

    I'm glad Microsoft finally understands that if there is one thing IT people hate, it's predictability and consistency /s

    • Edited by MnM Show Wednesday, May 16, 2018 4:47 PM
    Wednesday, May 16, 2018 4:37 PM
  • I'm running into this same issue. Limiting Windows Update bandwidth via BITS & GPO worked great with Windows 7 and that's what I'm trying to accomplish with Windows 10. I'm using the GPO settings below and setting the Delivery Optmization Download Mode to Bypass, but this doesn't seem to be working as expected. Regularly, multiple PCs at branch offices start downloading updates and it brings everything else to a crawl. 

    Wednesday, July 11, 2018 6:52 PM