locked
WSUS on Server 2012 non-R2 and Windows 10 clients RRS feed

  • Question

  • I have an existing WSUS running on Server 2012 non-R2 which has been working fine with Windows 7. When Windows 7 clients connect they end up in the 'Unassigned Computers' group, I then manually move them to either a 'Servers' group or 'Workstations' group, and I have auto-approve rules that will approve updates for the 'Servers' and 'Workstations' groups, this gives me more control over which machines gets updates.   I have no auto-approve rules configured for the 'Unassigned Computers' group.

    I've now started with Windows 10, when these clients connect they also end up in the 'Unassigned Computers' group as expected however they're still getting updates even before I move them to either the 'Servers' or 'Workstations' groups.

    Is this expected?  Is it related to the pre-Windows 10 WSUS server I'm using, perhaps I need to update my WSUS server?  Please advise.

    Friday, January 6, 2017 4:01 PM

All replies

  • Hello,

    The Windows 10 is an upgrade from existing computers if is new computers there are registered in AD ?


    If this answer help please mark it as a answer :) Thanks, Ricardo Cabral


    Friday, January 6, 2017 4:05 PM
  • No, these are clean installs with new workstation objects that have never been in AD. I can see the Windows 10 workstation object in the unassigned computer group which has no approve rules yet it still gets updates.
    Friday, January 6, 2017 4:18 PM
  • That is normal.

    For Windows 10 clients I recommend to upgrade the WSUS https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx


    If this answer help please mark it as a answer :) Thanks, Ricardo Cabral

    Friday, January 6, 2017 4:32 PM
  • How do you mean this is normal?  Normal for Windows 10 clients on a Server 2012 non-R2 running WSUS?

    I have WSUS version 6.2.9200.16384, can you confirm what version this is?  I gather from my searching that this is WSUS 4, which is included as a role in Server 2012, the link you provided suggests v3 is the latest, but I believe this only applies for pre-Windows 2012 servers when WSUS was a separate install, not an included role

    Friday, January 6, 2017 5:10 PM
  • Hi J.Wall,

    As far as I'm concerned, this issue may related with delivery optimization for windows 10 updates. Please check windows update log of the windows 10 clients to check where do they download the updates.

    Reference about Delivery Optimization for windows 10 updates:

    https://technet.microsoft.com/en-us/itpro/windows/manage/waas-delivery-optimization

    https://privacy.microsoft.com/en-us/windows-10-windows-update-delivery-optimization

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 9, 2017 2:43 AM
  • Hi,

    Just to check if the above reply could be of help? If yes, you may mark useful reply as answer, if not, feel free to feedback.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 25, 2017 2:12 AM
  • Ok, maybe it could be delivery optimization but I've tried setting the delivery optimization mode to Http only and bypass, neither help.  I don't want to use delivery optimization, I just want my clients to pull approved updates from my WSUS server.  How do I disable delivery optimization?  Let's start with that and see what happens.
    Wednesday, February 15, 2017 8:20 PM
  • I also just tried simple mode after reading the comments below this post https://emeneye.wordpress.com/2016/10/19/delivery-optimisation-branchcache-and-windows-10/ and still I can see my vm going through my firewall to contact MS and now it's downloading updates, meanwhile I have not approved any updates for this machine on my WSUS.
    Wednesday, February 15, 2017 9:26 PM