News

Windows 10 Update Service Poses Client Management Issues

Administrators managing PC updates and network bandwidth issues could run into some snags when using Microsoft's Windows 10 update services.

Organizations typically use Microsoft's Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) to tightly manage Windows 10 clients, including limiting when those clients update. However, IT pros can lose control over when these updates arrive if they use certain values in the registry that are associated with Microsoft's Windows Update for Business solution.

Using those values will cause Windows 10 clients "to also reach out to Microsoft Update online to fetch update bypassing your WSUS/SCCM end-point," explained Shadab Rasheed, a technical advisor for Windows devices and deployment at Microsoft, in a blog post this month.

Rasheed noted that the following registry values are intended for use with the Windows Update for Business service, but they will invoke the Microsoft Update service if used with WSUS or SCCM:

  • DeferFeatureUpdate
  • DeferFeatureUpdatePeriodInDays
  • DeferQualityUpdate
  • DeferQualityUpdatePeriodInDays
  • PauseFeatureUpdate
  • PauseQualityUpdate
  • DeferUpgrade
  • ExcludeWUDriversInQualityUpdate

WSUS or SCCM users wanting to regain control over Windows 10 client updates should verify that those Windows Update for Business values aren't showing up in the Group Policy for Windows Update, Rasheed added.

Windows Update for Business has client management capabilities but it's mostly focused on ensuring that Windows 10 clients are "always up to date with the latest security defenses and Windows features," Rasheed explained. It does so "by directly connecting these [Windows 10 client] systems to Windows Update service." Consequently, it can trip up organizations whose intent was to restrict Windows 10 updates by using WSUS or SCCM management tools.

The issue came up because some organizations found that their Windows 10 clients managed by WSUS or SCCM were still dialing out to get content from Microsoft's content delivery networks.

Rasheed noted another possible reason why an organization's bandwidth gets tapped to connect with Microsoft's content delivery network. Organizations could have Windows Store applications installed. Windows Store apps typically will try to download updates at various times. They tap Microsoft's URL known as "tlu.dl.delivery.mp.microsoft.com." However, a rule has to be in place for the proxy server so that just the changed bits get delivered for Windows Store apps, instead of all of the bits.

Rasheed explained how to set up that rule. An organization's proxy server should support HTTP RANGE requests for the following URLs:

  • .download.windowsupdate.com
  • .au.windowsupdate.com
  • .tlu.dl.delivery.mp.microsoft.com

With those HTTP RANGE request settings in place, just the "deltas," or the changed bits, for the applications will get delivered.

Microsoft doesn't recommend trying to disable the Windows Store as an approach to such bandwidth issues. Doing so "breaks the entire store and makes it inaccessible for the clients," Rasheed explained.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.