none
If I enable Windows Updates (pre and/or post applcation) do I have to use WSUS? RRS feed

  • Question

  • If I enable Windows Update in my TS, would MDT just look for them on the MS website as if you ran them manually? We have GPO's in place to allow/block preferred updates.

    I'm just wondering how to set up MDT to go out to MS site to get updates like you would by running Check For Updates manually. Do I need to change some settings, if WSUS is by default?

    Thursday, November 23, 2017 2:43 PM

Answers

  • You could disable driver updates via Microsoft Update should you wish to: https://www.howtogeek.com/302595/how-to-stop-windows-10-from-automatically-updating-hardware-drivers/

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Marked as answer by the1rickster Monday, November 27, 2017 3:24 PM
    Thursday, November 23, 2017 9:42 PM

All replies

  • If you have not added WSUSServer=yourwsusservername to customsettings.ini it will dl from MS.
    Thursday, November 23, 2017 2:56 PM
  • Yeah I have that removed. GPO blocks so many things, but it seems that automating Updates in a TS allows all updates we don't want. I figured GPO would apply and filter out Updates as it does when manually running it.
    Thursday, November 23, 2017 4:35 PM
  • How many times should Pre-Application Installation Updates run? It appears it runs 6 times in the pre-app step.
    Also, if I run updates from the desktop, outside of MDT, GPO controls the updates I get. During MDT, in the same OU, I get dozens of updates we block...mostly Office 2013 updates. I have 365 installed on the image. I know GPO kicks in once a pc is on the desktop, even during a TS. I am running Updates to get them from the MS site until we have a WSUS in place.
    One of the updates references some printer update from 2006 which throws 4 errors at my Summary Page.
    • Edited by the1rickster Thursday, November 23, 2017 6:34 PM
    • Marked as answer by the1rickster Thursday, November 23, 2017 7:41 PM
    • Unmarked as answer by the1rickster Friday, November 24, 2017 3:01 AM
    Thursday, November 23, 2017 5:55 PM
  • You could disable driver updates via Microsoft Update should you wish to: https://www.howtogeek.com/302595/how-to-stop-windows-10-from-automatically-updating-hardware-drivers/

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Marked as answer by the1rickster Monday, November 27, 2017 3:24 PM
    Thursday, November 23, 2017 9:42 PM
  • Thanks. Must MDT run updates a total of 8 times? Can I reduce that to, well, one? I looked into the ZTIUpdates file but I didn't figure it out. I always get an error after about 5 trips to MS that it exceed reboots or some such.
    Thursday, November 23, 2017 9:45 PM
  • Could you post the exact error message here? Normally, if you are deploying Windows 10, MDT shouldn‘t need that many Windows Update passes, unless something goes wrong. On Windows 7, however, that‘s a totally different story.

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Sunday, November 26, 2017 11:40 AM
  • Hello,
    I believe I'm going to let this go. I was starting to make a WSUS and found out our server unit is in the process of making one for their servers, so they will add some rules which will apply to our pc's and MDT will access it at that time.
    Meanwhile, I was asked if MDT could get Updates from MS and install them as we do manually. What I see is that half the time I get all sorts of updates, many which are Office 2013 related (I have Office 365 installed). The other times, I get the expected updates.
    When I turned off driver updates and edited the ZTI file (I changed the max to 2), it no longer runs 8 times. But it remains inconsistent whether domain GPO applies to control the updates or not. It is likely best we just manually run updates until the WSUS is in place. I'm pretty OCD and work on things until they work. This one can sit idle.

    Monday, November 27, 2017 3:24 PM