News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • The unholy mess that has emerged from Win10 WSUS Dual Scan

    Posted on April 16th, 2018 at 07:42 woody Comment on the AskWoody Lounge

    Those of you who just go about your business with Windows don’t need to worry. But the folks who are in charge of Windows Update servers should be conversant with the, uh, nuances of a feature called Dual Scan.

    Dual Scan first came to my attention back in July last year when Win10 1607 machines with “Defer feature updates” set were suddenly getting pushed onto 1703. As I said back then:

    one of the warnings I found surprising goes like this: If you have “Defer feature updates” checked on your machines, that setting triggers a dual-scan mode, where those machines will look for updates both through WSUS and directly through Windows Update — even if they are behind WSUS.

    which, to me, was a bit of dirty pool. Dirty almost-undocumented pool.

    Last Friday, we got a whole bunch of documentation in a Technet article called Windows 10 Updates and Store GPO behavior with DualScan disabled and SCCM SUP/WSUS managed. If you think that’s a mouthful, take a look at the chart that clarifies what’s up with the GPOs surrounding updates on machines that are attached to an update server.

    Do you think they could make this a bit more complicated?

    Just asking for a friend….