News

Windows 10 Update Service Poses Client Management Issues

Administrators managing PC updates and network bandwidth issues could run into some snags when using Microsoft's Windows 10 update services.

Organizations typically use Microsoft's Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) to tightly manage Windows 10 clients, including limiting when those clients update. However, IT pros can lose control over when these updates arrive if they use certain values in the registry that are associated with Microsoft's Windows Update for Business solution.

Using those values will cause Windows 10 clients "to also reach out to Microsoft Update online to fetch update bypassing your WSUS/SCCM end-point," explained Shadab Rasheed, a technical advisor for Windows devices and deployment at Microsoft, in a blog post this month.

Rasheed noted that the following registry values are intended for use with the Windows Update for Business service, but they will invoke the Microsoft Update service if used with WSUS or SCCM:

  • DeferFeatureUpdate
  • DeferFeatureUpdatePeriodInDays
  • DeferQualityUpdate
  • DeferQualityUpdatePeriodInDays
  • PauseFeatureUpdate
  • PauseQualityUpdate
  • DeferUpgrade
  • ExcludeWUDriversInQualityUpdate

WSUS or SCCM users wanting to regain control over Windows 10 client updates should verify that those Windows Update for Business values aren't showing up in the Group Policy for Windows Update, Rasheed added.

Windows Update for Business has client management capabilities but it's mostly focused on ensuring that Windows 10 clients are "always up to date with the latest security defenses and Windows features," Rasheed explained. It does so "by directly connecting these [Windows 10 client] systems to Windows Update service." Consequently, it can trip up organizations whose intent was to restrict Windows 10 updates by using WSUS or SCCM management tools.

The issue came up because some organizations found that their Windows 10 clients managed by WSUS or SCCM were still dialing out to get content from Microsoft's content delivery networks.

Rasheed noted another possible reason why an organization's bandwidth gets tapped to connect with Microsoft's content delivery network. Organizations could have Windows Store applications installed. Windows Store apps typically will try to download updates at various times. They tap Microsoft's URL known as "tlu.dl.delivery.mp.microsoft.com." However, a rule has to be in place for the proxy server so that just the changed bits get delivered for Windows Store apps, instead of all of the bits.

Rasheed explained how to set up that rule. An organization's proxy server should support HTTP RANGE requests for the following URLs:

  • .download.windowsupdate.com
  • .au.windowsupdate.com
  • .tlu.dl.delivery.mp.microsoft.com

With those HTTP RANGE request settings in place, just the "deltas," or the changed bits, for the applications will get delivered.

Microsoft doesn't recommend trying to disable the Windows Store as an approach to such bandwidth issues. Doing so "breaks the entire store and makes it inaccessible for the clients," Rasheed explained.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Starts Countdown to Dynamics GP End-of-Support

    Dynamics GP, Microsoft's venerable enterprise resource planning (ERP) solution for midsized businesses, is set to lose support in four years.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Windows Recall Preview Starts Rolling Out with Windows 11 24H2

    Microsoft on Tuesday began rolling out Windows 11 version 24H2, describing the update as a "full OS swap that contains new foundational elements required to deliver transformational Al experiences and exceptional performance."

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.