• Win10 “Allow Telemetry” required for Update control on Win10 Enterprise, Education

    Posted on October 26, 2016 at 06:11 CDT by Comment in the Forums

    Very interesting note from ch100:

    This would be funny, but… it is not

    In Windows 10, there are 2 Group Policies which are supposed to be used for the so called CBB = Current Branch for Business, to allow deferring updates and upgrades in Windows 10 until such a time that is commonly accepted that they are safe to install for businesses – about 1 month for updates and more for upgrades. They can be used by anyone with version Pro or higher.

    They are under
    Computer Configuration\Administrative Templates\Windows Components\Windows Update\Defer Windows Updates
    The policies are:

    • Select when Feature Updates are received
    • Select when Quality Updates are received

    When reading the description for each policy, under both, this note comes up:

    “Note: If the “Allow Telemetry” policy is set to 0, this policy will have no effect.”

    For those who are not aware, Allow Telemetry set to 0 is the so called Security setting which limits the telemetry to minimum, available only for the Enterprise version with its variations, including LTSB and Education and for Server 2016.

    Those policies are actually useful only to stand-alone computers or computers updating directly from Windows Update which is normally not the case for most Enterprise or Education installations. The networked computers have other ways to defer installations, either using WSUS or SCCM which uses WSUS as installed component.

    However for those computers requiring those policies, which actually delay Automatic Windows Update for a number of days, what the description says is that if the user does not agree to be monitored via telemetry, they cannot use those very useful policies.

    Microsoft would probably explain that they have no way to know how to defer the updates for computers which are not monitored by them, which is possible with the current code, but this means that their implementation is flawed.

    What does anyone else think about this implementation?

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the AskWoody Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    March 2023
    S M T W T F S
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.