News

Windows 10 Update Service Poses Client Management Issues

Administrators managing PC updates and network bandwidth issues could run into some snags when using Microsoft's Windows 10 update services.

Organizations typically use Microsoft's Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) to tightly manage Windows 10 clients, including limiting when those clients update. However, IT pros can lose control over when these updates arrive if they use certain values in the registry that are associated with Microsoft's Windows Update for Business solution.

Using those values will cause Windows 10 clients "to also reach out to Microsoft Update online to fetch update bypassing your WSUS/SCCM end-point," explained Shadab Rasheed, a technical advisor for Windows devices and deployment at Microsoft, in a blog post this month.

Rasheed noted that the following registry values are intended for use with the Windows Update for Business service, but they will invoke the Microsoft Update service if used with WSUS or SCCM:

  • DeferFeatureUpdate
  • DeferFeatureUpdatePeriodInDays
  • DeferQualityUpdate
  • DeferQualityUpdatePeriodInDays
  • PauseFeatureUpdate
  • PauseQualityUpdate
  • DeferUpgrade
  • ExcludeWUDriversInQualityUpdate

WSUS or SCCM users wanting to regain control over Windows 10 client updates should verify that those Windows Update for Business values aren't showing up in the Group Policy for Windows Update, Rasheed added.

Windows Update for Business has client management capabilities but it's mostly focused on ensuring that Windows 10 clients are "always up to date with the latest security defenses and Windows features," Rasheed explained. It does so "by directly connecting these [Windows 10 client] systems to Windows Update service." Consequently, it can trip up organizations whose intent was to restrict Windows 10 updates by using WSUS or SCCM management tools.

The issue came up because some organizations found that their Windows 10 clients managed by WSUS or SCCM were still dialing out to get content from Microsoft's content delivery networks.

Rasheed noted another possible reason why an organization's bandwidth gets tapped to connect with Microsoft's content delivery network. Organizations could have Windows Store applications installed. Windows Store apps typically will try to download updates at various times. They tap Microsoft's URL known as "tlu.dl.delivery.mp.microsoft.com." However, a rule has to be in place for the proxy server so that just the changed bits get delivered for Windows Store apps, instead of all of the bits.

Rasheed explained how to set up that rule. An organization's proxy server should support HTTP RANGE requests for the following URLs:

  • .download.windowsupdate.com
  • .au.windowsupdate.com
  • .tlu.dl.delivery.mp.microsoft.com

With those HTTP RANGE request settings in place, just the "deltas," or the changed bits, for the applications will get delivered.

Microsoft doesn't recommend trying to disable the Windows Store as an approach to such bandwidth issues. Doing so "breaks the entire store and makes it inaccessible for the clients," Rasheed explained.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.