WSUS 20H2 rollout

Topic

New Reply

[doriel]

We are experiencing difficulties with 20H2 rollout.
The thing is, that computers cannot upgrade, if they are not connected to the internet.

On affected computers without internet in the Windows Update section, I see “Waiting for download”.
If I log with user, that has the access to the internet, I can install update 20H2.

Before you suggest, that we should set updating PCs from other computers and WSUS, consider this:

All other updates are updated WITHOUT the internet! Defender, framework, cumulative updates, all works automatically.
But the 20H2 update refuses to install without the internet.Is our WSUS misconfigured? Does someone has the same experience, or does it meant to be that way?

Thanks for replies, D.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

• This topic was modified 2 years, 4 months ago by doriel.

Reply | Quote

Replies

EDIT: Some updates really seem to require connecting to the internet.. hmmmm..
How can I achieve updating from WSUS without connecting end stations to the internet?

BMHO, Its contradictory to connect to the internet to get updates to stay more secure. Its more secure to stay offline. Its less secure to be exposed to internet, but up-to-date.
Maybe someone could change my mind, but thats how I see it.

Imagine person, who is affraid to swim. Whats more secure?
a) let him stay on the ground
b) put him in the water and give him life buoy. Life bouy cant sink, right?

Please help to find solution for us.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

You shouldn’t need to be connected to the ‘full’ internet to do the upgrade. Just allow the MS upgrade servers access to your client PC’s, then do full virus and malware scans. You can cut off the net after that.

 

Of course, if you don’t like the way Microsoft does this, you could complain (good luck!). Or you could make long range plans to change OS’s…or not. One other alternative would be to look at Cloud systems.

1 user thanked author for this post.

doriel

Reply | Quote

You shouldn’t need to be connected to the ‘full’ internet to do the upgrade. Just allow the MS upgrade servers access to your client PC’s, then do full virus and malware scans. You can cut off the net after that.

Of course! Thats briliant solution, thanks a lot for your suggestion.

PS – another alternative is to stay unpatched and patch only servers for example, but Id like to have solid solution. Your suggestion is very nice. Thanks a lot.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote