I am trying to clarify something which comes in the forum discussions here often, but I would say it was never clarified entirely. We have working instructions for this issue, but this post is trying to identify and ideally start a debate if that approach is the optimal approach. I don’t have the definitive solution, but I have an opinion about this subject.
If you look at the title, the commonality between those updates for Windows 7 is that most are offered as Recommended/Important but not ticked, while the Office non-security Updates are offered as true Important but not ticked for the first week immediately after release.
The general recommendation is if it is not ticked, do not install, as there may be unresolved issues, but which do not affect everyone, so those updates need to be treated with increased circumspection for that reason.
However, I noticed recently an unusual behaviour and this is mostly related to KB3021917, one of the so-called telemetry updates.
When the setting for Windows Update is Never check for updates or Check for updates but let me choose, then KB3021917 comes as unticked.
When the setting for Windows Update is Download updates but let me choose or Automatic updates, KB3021917 may come ticked or unticked following a random pattern as far as I can tell. However, when it comes as unticked, something similar is logged.
DnldMgr Regulation: {9482F4B4-E343-43B6-B170-9A65BC822C77} – Update <guid> is “PerUpdate” regulated and can NOT download.
Those who understand the WindowsUpdate.log in detail know that this means throttling at the back-end servers. This is certainly the case with the Office Important updates which are offered first to Windows 10 users and later to everyone as ticked by default.
However, some of those other updates have had this behaviour forever.
KB3021917 – randomly offered or not, never identified as offered if the settings are Never check for updates or Check but do not download
KB3102433 – .NET Framework 4.6.1 for Windows 7 – do not install this one, there is absolutely no point in doing so. Either stay with 4.5.2, install 4.6.2 from the download site or install 4.7
KB3186497 – .NET Framework 4.7 – I would suggest holding on for a little while on this one, but if the installation is handled correctly, it should be OK. There are dependencies which create issues with the installation in certain circumstances and which are in the process of being resolved in the next few weeks/months.
The .NET Framework 4.6.1 and 4.7 were never ticked by default, unlike 4.5.2 which is the safest and most solid.
4.6.1 and 4.7 have the same regulation log entries when unticked and they are always unticked.
Office Updates – week A – same behaviour, only that it is temporary and this fits better the regulation (throttling) pattern.
It is worth mentioning that now and then, other updates have been in this category, most notably the Outlook Security Updates for June 2017. I installed them, I know huge organisations which deployed them and other than a notification from Service Desk that there may be some issues caused by the June 2017 updates, there were no further issues. In general the largest organisations deploy this sort of problematic updates if they are not retired by Microsoft to be in compliance with their own SLAs and fix later if issues arise, but this is rather an exception.
Please comment here if you have any useful input and only if it addresses the subject.
