Microsoft has given an all novel pregnant to update management amongst the combination of Windows Update for Business in addition to Windows equally a Service; hither comes Dual Scan. This is a Windows Update feature which does non require the administrators to approve every update manually.
“We believe that this automated management solution is the future, in addition to nosotros desire to ensure that everyone who wants to motility to modern (i.e., Cloud-first) update management tin hand the axe create so.” – Says Microsoft.
What is Dual Scan
Dual Scan is a Windows Update (WU) customer demeanour that was introduced amongst Windows 10 1607 to automatically create create the workflow of receiving updates straight from Windows Updates (WU) in addition to withal last able to dispense content such equally drivers or locally-published updates through WSUS.
Triggering dual scanning effectively agency getting Windows Updates from the cyberspace in addition to non-Windows updates from WSUS. Dual Scan is automatically enabled when a combination of Windows Update grouping policies is enabled:
- DeferQualityUpdate
- DeferQualityUpdatePeriodInDays
- PauseQualityUpdate
- DeferFeatureUpdate
- DeferFeatureUpdatePeriodInDays
- PauseFeatureUpdate
This model tin hand the axe last used exclusively past times those Enterprises who desire WU to last its principal update root piece Windows Server Update Services (WSUS) provides all other content.
Dual Scan’s Unwanted Loss of Control
Dual Scan introduces an unwanted loss of command for those who withal desire to proceed managing updates inwards their one-time way. Earlier to Windows 10, 1 couldn’t unintentionally upgrade a managed machine to a novel cook past times precisely scanning against Windows Update (WU). This was because exclusively character updates were provided past times that channel, typically because the administrators were unconcerned near their clients scanning against WU equally it could never Pb to whatsoever important changes inwards the solid soil of the client.
But amongst characteristic updates existence offered on WU, clients managed through WSUS or Configuration Manager tin hand the axe have characteristic update which was before disapproved past times its administrator past times clicking “Check online for updates from Microsoft Update” link.
Business Controls inwards the On-Premises Scenario
Since the on-premises admins were rightly concerned near the inwards a higher house scenario, they selected to enable the WU fo the Business policy which allowed them to guide when characteristic updates were received which had the planned effect: scans against Windows Update no longer pushed the unapproved characteristic updates.
Nevertheless, this configuration also fulfilled the criteria for enabling Dual Scan, which Pb to the machine existence non controlled past times WSUS or Configuration Manager for the purposes of Windows updates.
But how does a user maintain unapproved characteristic updates from installing piece maintaining command of update management amongst your existing on-premises tools?
Microsoft says-
“We’ve gotten plenty feedback on this scenario that nosotros bring committed to unloosen a character update for 1607 that allows you lot to leverage WU for Business controls fifty-fifty inwards the on-premises scenario; i.e., for “Check online for updates” scans. You’ll last able to defer characteristic updates without automatically shifting into Dual Scan behavior.”
The policy could non last configured past times default, the same needs to last enabled to ensure that the WU customer behaves equally intended. Microsoft plans to unloosen the character update to 1607 is released this Summer.
To Unblock this Scenario
Microsoft listed steps to unblock the scenario immediately. With these steps, the managed clients tin hand the axe perform scans against WSUS/Configuration Manager in addition to access the Microsoft Store. With this configuration, it volition trammel characteristic updates to teach automatically installed on the machines in addition to also trammel whatsoever update content to teach installed via Windows Update. For all managed clients, Microsoft recommend the next workarounds:
- Set all WU for Business policies to Not Configured. This ensures that you lot are non inwards Dual Scan mode.
- Verify that you lot bring installed the Nov 2016 Cumulative Update for 1607, or whatsoever Cumulative Update to a greater extent than recent.
- Enable the grouping policy System/Internet Communication Management/Internet Communication settings/Turn off access to all Windows Update features
- In an elevated command prompt, run “gpupdate /force”, followed past times “UsoClient.exe startscan”
- Open the Windows Update UI (wait for the scan to complete), in addition to observe:
Microsoft said activating “Remove access to all Windows Update features” would non last useful for this scenario. Dual Scan is also supported inwards the on-premises scenario. Group Policy includes a setting – Do non allow update deferral policies to crusade scans against Windows Update. For a amount read on the subject, view Microsoft.
Source: https://www.thewindowsclub.com/
comment 0 Comments
more_vert