locked
Block 1607 feature update from windows update RRS feed

  • Question

  • Hi, is there a to prevent the 1607 feature update from being seen on Enterprise domain joined machines managed by SCCM CB when a user goes directly on WIndows updates instead of software center to get their updates.

    I think that previous build weren't available on domain joined machines, but now 1607 build is available on windows updates on our domain joined systems.

    We don't want to completly disable windows updates for our users. Just hide/remove 1607 feature update.

    Thks in advance and don't hesitate if you have any questions.

    Steph


    joeblow

    Thursday, December 1, 2016 6:53 PM

Answers

All replies

  • Hi,

    I haven't tested this myself but you should be able to use the 1511 setting of defering an upgrade for x number of months then it should not show up..

    It is described here: https://4sysops.com/archives/the-new-defer-upgrades-and-update-group-policy-in-detail/

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    • Proposed as answer by Frank Dong Wednesday, January 4, 2017 1:58 PM
    • Marked as answer by Gerry HampsonMVP Wednesday, February 1, 2017 11:15 AM
    Thursday, December 1, 2016 10:13 PM
  • As a side note here, 1607 has just been made Current Branch for Business and the maximum you can defer is for 8 months, just to give you sort of a timetable.
    Friday, December 2, 2016 1:56 AM
  • Hello, this is an intresting topic, because actually, we have a unknown situation, that in our enviroment there is more 1607 machines now, than those who ran 1607 upgrade task sequence. I have tried to do some research based on logs, like systeminfo-install date -> compared to last smsts.log and dates do not match. I had one end-user´s machine under investigation, where install date is newer than smsts.log, and it even does not belong to Inplace Upgrade collection. We have both 1507 and 1607 computers in that domain+sccm enviroment.

    Theoretically, what should supposed to happen is, that when you have Software Update Point configured and in use, SCCM client sets registry to Windows client, that it would use only SCCM. There is also 2-3 different Group Policies (not in Windows Update node), that prohibits entering Windows Update service. Still, I have heard some rumors elsewhere, that 1607 has been pushed through even it should not.

    Unfortunatelly I can´t demonstrate this behavior in my lab enviroment, where 1607 would be available from Microsoft Update. But my customer enviroment with same GPOs basically is acting strange...


    Saturday, December 3, 2016 8:27 AM