read this https://blogs.technet.microsoft.com/windowsserver/2017/01/09/why-wsus-and-sccm-managed-clients-are-reaching-out-to-microsoft-online/
dual scan is the cause On Mon, Apr 10, 2017 at 7:54 PM, Hyatt, Dewayne <dehy...@ufl.edu> wrote: > Sorry to hijack but this is somewhat relevant. > > > > Since we rolled out 1607 we have noticed machines are automatically > getting updates from Microsoft update even though we have a GPO defining > our SUP as the WSUS server. I was looking into blocking Microsoft update > entirely (not sure that is what I want to do in our environment) and I ran > across this thread. > > > > Has anyone else seen behavior like this? We’ve had a few different > locations report this, then my own workstation did it this morning, at that > point I started to believe them J. > > > > Thanks, > > > > Dewayne > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Adam Juelich > *Sent:* Thursday, March 30, 2017 8:46 AM > *To:* mssms@lists.myitforum.com > *Subject:* Re: [mssms] GPO Update Disable Manual MS checks > > > > Yes, other than the GP setting to 'Disable Automatic Updates,' don't > configure anything else related to it. > > > > There is the User-Side GP Setting: > > "Remove access to use all Windows Update features" > > > > That should do the trick. > > > > On Thu, Mar 30, 2017 at 7:12 AM, Daniel Ratliff <dratl...@humana.com> > wrote: > > Never configure any of your windows update settings with GPO, let SCCM > handle that via local policy. > > > > I believe the setting you want is here for Win10: > https://miketerrill.net/2016/10/11/disable-check-online- > for-updates-from-microsoft-update-in-windows-10/ > > > > For Win7, we just disable the ability to check online: > https://weikingteh.wordpress.com/2012/09/20/how-to-disable- > the-check-online-for-updates-from-microsoft-update-link-in- > the-windows-update-icon-in-control-panel/ > > > > *Daniel Ratliff* > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *S ConfigMgr > *Sent:* Thursday, March 30, 2017 12:12 AM > *To:* mssms@lists.myitforum.com > *Subject:* [mssms] GPO Update Disable Manual MS checks > > > > Hello all, > > > > I have deployed SUP and Patching is working as expected. > > > > However my end users are able to use windows update, How can i block end > users to stop installing patches from internet, I have windows 10 > Enterprise and Professional Machines as end users. > > > > > > I have tried to deploy a group policy to disable > > > > Computer Configuration\Administrative Templates\Windows Components\Windows > Update. > > 1. Find and double-click *Configure Automatic Updates* > [image: 0711 group policy step 3] > <https://cms-images.idgesg.net/images/article/2016/06/0711-group-policy-step-3-100666831-orig.jpg> > > > > 2. In the resulting dialog box, select *Enabled.* > > 3. In the Options box, pull down the *Configure automatic updating* menu > and select your preferred option. > [image: 0711 group policy step 4 and 5] > > 4. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Still Updates are able to scan by user with ms site, How can I achieve > this ? > > > > > > -- > > Thanks, > > ED > > > > > The information transmitted is intended only for the person or entity to > which it is addressed > and may contain CONFIDENTIAL material. If you receive this > material/information in error, > please contact the sender and delete or destroy the material/information. > > > > > > > >