locked
WSUS Windows 10 definitions RRS feed

  • Question

  • I have recently upgraded all our Windows 10 PCs to 1703 (Creators) but my WSUS server is still downloading updates for all the Windows 10 versions.

    I only wish to download updates for 1703, this includes all types of updates i.e. Critical, Security etc. instead of having to decline unwanted updates for all obsolete versions i.e. 1511, 1607 etc.

    Which Products do I need to check in Products and Classifications, or more to the point which Windows 10 products can I uncheck? There are currently 3 product updates for Creators:

    - Windows 10 Creators Update and Later Servicing Drivers

    - Windows 10 Creators Update and Later Servicing Drivers (duplicate of the one above for some reason????)

    - Windows 10 Creators Update and Later Upgrade & Servicing Drivers

    Thanks.

    Monday, August 14, 2017 11:41 AM

All replies

  • Hello,

    You have to synchronize the updates for all of the Windows 10 versions. 

    For the 3 product types for Creators you mentioned, they are only including driver updates for the Windows 10 Creators Update.

    To download the updates for 1703 only, you can configure Automatic Approvals rules, which can define the approval of updates for 1703 only.



    Best regards,

    Andy Liu



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 15, 2017 2:27 AM
  • Hi Andy,

    Thank you for the response but either I didn't explain my self clearly or you didn't quite understand what I was asking.

    "You have to synchronize the updates for all of the Windows 10 versions. " -  I'm not sure what your referring to here? Are you trying to say I need to check every product relating to Windows 10, including the Anniversary Updates, despite me only having Creators in use?

    "For the 3 product types for Creators you mentioned, they are only including driver updates for the Windows 10 Creators Update." - As stated in my original post I'm aware that these 3 updates only apply to Creators. My question was, if I select all 3 of these categories for Creators will that cover all types of updates such as Security, Critical etc. as I don't want to miss any important updates by un-checking the other Windows 10 options i.e. Windows 10 Anniversary Update and Later Servicing Drivers.

    "To download the updates for 1703 only, you can configure Automatic Approvals rules, which can define the approval of updates for 1703 only" - That is true and I have rules in place to auto apply the updates to the required groups but this was not my question. I want to know about the options auto download of updates to the server.

    Just to clarify my requirements. I only want WSUS to download updates for Windows 10 Creators. At the moment it downloads updates for all versions i.e. 1511, 1607 etc. However I want to ensure that if I only leave the 3 Creators options checked which are listed in Products and Classifications, that I don't miss any important updates meant for Windows 10.

    Thanks.

    Tuesday, August 15, 2017 9:49 AM
  • Hello,

    Firstly, I'm sorry that I don't describe it clearly previously.

    >>> "You have to synchronize the updates for all of the Windows 10 versions. " -  I'm not sure what your referring to here? Are you trying to say I need to check every product relating to Windows 10, including the Anniversary Updates, despite me only having Creators in use?

    I mean that WSUS doesn't support for choosing updates with different Windows 10 versions, i.e. 1511, 1607 and 1703. Therefore, you have to download updates for all Windows 10 versions.

    >>> "For the 3 product types for Creators you mentioned, they are only including driver updates for the Windows 10 Creators Update." - As stated in my original post I'm aware that these 3 updates only apply to Creators. My question was, if I select all 3 of these categories for Creators will that cover all types of updates such as Security, Critical etc. as I don't want to miss any important updates by un-checking the other Windows 10 options i.e. Windows 10 Anniversary Update and Later Servicing Drivers.

    As far as I know, for the 3 product types for creators, that doesn't cover all types of updates, such as Security, Critical etc.



    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 31, 2017 8:25 AM
  • You should have the following selected:

    Windows 10 and later drivers
    Windows 10 and later upgrade & servicing drivers
    Windows 10 Creators Update and Later Servicing Drivers
    Windows 10 Creators Update and Later Servicing Drivers (yes, it's listed twice)
    Windows 10 Creators Update and Later Upgrade & Servicing Drivers
    Windows 10 Dynamic Update
    Windows 10 Feature On Demand
    Windows 10 GDR-DU (General Distribution Release - Dynamic Update)
    Windows 10 Language Interface Packs
    Windows 10 Language Packs
    Windows 10

    You then should use my WSUS Maintenance script to keep WSUS Clean and maintained.Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Saturday, September 2, 2017 1:32 AM