locked
Windows 10 Cu updates RRS feed

  • Question

  • Hi,

    multiple Cumulative updates 

    Is there any way to automatically deny old cumulative update and keep the latest only ?

    Thanks 

    Friday, September 7, 2018 1:52 AM

All replies

  • Hello,
     
    Glad to provide my help and hope it is useful.
      
    Normally, the latest cumulative updates would supersede old updates released in earlier months. You could review the supersedence in the WSUS or Windows Updates Catalog.
     
    So if you are facing multiple updates, you could patch the latest update, then no longer need the older ones. 
     
    I feel a little confused about "automatically deny old cumulative update" you mentioned. It would be helpful if you could provide some details about the issue you facing.
     
    For best practice, we usually auto approve important updates such as Security and Critical, and clients could automatic detect and install them via Group Policy. In this way, clients security is guaranteed and they are kept up to date. 
     
    Looking forward to your feedback.
     
    Best Regards,
    Ray

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 7, 2018 5:41 AM
  • Hi,

    "automatically deny old cumulative update"

    What I mean windows client machine installing  older build then installing the newer build .

    Thanks 

    Friday, September 7, 2018 3:37 PM
  • WSUS itself does not have an automated method of doing what you're asking. If you run through the proper WSUS maintenance(including but not limited to running the Server Cleanup Wizard (SCW), declining superseded updates, running the SQL Indexing script, etc.) then you don't need to worry about it because the older builds will already be declined as they are superseded by the new builds.

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-8-wsus-server-maintenance/


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Friday, September 7, 2018 6:14 PM
  • Hello,
     
    Sorry for delay.
     
    When you approve many updates at one time (manually or automatically), well, the clients can't see the supersedence between them, so they would try to install them all.
     
    It is a easy way and don't need to worry. Of course you could approve the latest update, and make sure that the clients no longer need the superseded updates after the clients are patched, then decline those supersede updates.
     
    However, WSUS won't decline the superseded updates automatically in case that the latest updates can't be installed on the clients.
     
    Consider the following scenarios in which you might need to deploy a superseded software update:
     
    •  If a superseding software update supports only newer versions of an operating system, and some of your client computers run earlier versions of the operating system.
     
    •  If a superseding software update has more restricted applicability than the software update it supersedes. This would make it inappropriate for some client computers.
     
    Hope my answer could help you and look forward to your feedback.
     
    Best Regards,
    Ray Jia
     
     

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 10, 2018 12:59 AM
  • Hi,

    Lets Say we have windows 1709 cu updates 
    and we have 1803 cu updates , does it mean 1709 updates are superseded by 1803 updates ?

    Thanks

    Thursday, September 13, 2018 7:02 AM
  • Hello,
     
    Thanks for the feedback.
     
    Your words are not accurate.
     
    1709 updates and 1803 updates are published for different products, one for Windows 1709 and one for Windows 1803. 1803 is the latest version of Windows 10 does not mean that you don't need 1709 updates because maybe there are still 1709 clients in your environment.
     
    Let's come back to your original question, "Is there any way to automatically deny old cumulative update and keep the latest only ?" 

     
    The answer is no. Although 1709 updates and 1803 updates are for different products, but in the WSUS and Windows Update Catalog, most of them are in the same category such as Windows 10 or Windows 10 GDR-DU. So there is not a filter to choose only updates for 1803 from them.
     
    Hope my answer could help you and looking forward to your feedback.
     
    Best Regards,
    Ray


    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 13, 2018 7:59 AM