Turn off all access to windows update features.
This dual scan feature in Win10 just updated some of our machines to 2004. Not liking that. I found a GPO setting that disables Dual Scan as well as access to all things WindowsUpdate. If this policy is turned on company wide, will this prevent KACE from pulling down updates as well?
If you enable this policy setting, all Windows Update features are removed. This includes blocking access to the Windows Update website at http://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.
Thanks
Cris
Answers (1)
Rather than disabling the functionality, which is a bit like taking a hammer to the system, can you not run the script to point all your systems to a dummy WSUS service? There is a wizard script to do this in your SMA. Then when your devices look to update they address the dummy server, not go out to the internet Windows update server, and you can just use your SMA to provide the updates.
Comments:
-
Hi,
I was facing the same issue when we were in 1903. They add the possibility to "Check online for updates from Microsoft Updates" and some of my users were installing unapproved builds. In fact, this option bypass the whole configuration we've set to point on our WSUS and allow users to check updates on Microsoft servers directly.
Aren't Windows updates directly download in the appliance to be deployed on computers after ? If yes, blocking access to Microsoft Update services shouldn't be an issue. - Nioky 3 years ago