We just had confirmation on the back-end that not much changes here, the blog post is still valid, don’t set anything.
Question though, what do you mean tear down your servicing? Servicing in ConfigMgr has nothing to do with the issues being discussed. J From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Hyatt, Dewayne Sent: Tuesday, April 11, 2017 10:34 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] GPO Update Disable Manual MS checks So since it’s patch Tuesday it looks like I’m going to have to tear down all of my Windows 10 servicing in SCCM so that my clients don’t go to MS for updates today… what fun. I was hoping that something would be fixed at least by 1703 but your comments don’t make me very confident in that. I guess we’ll see? From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys Sent: Tuesday, April 11, 2017 11:13 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: RE: [mssms] GPO Update Disable Manual MS checks And of course, it’s changed in 1703 – the “defer” option is gone and now there is a “pause” option. No one knows if these are the same, different, or something else. J From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Hyatt, Dewayne Sent: Tuesday, April 11, 2017 10:01 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: RE: [mssms] GPO Update Disable Manual MS checks I’ll admit that I have been off task for a little while with other projects. I didn’t realize this was a daily thing ☹ From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Juelich Sent: Tuesday, April 11, 2017 10:49 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: Re: [mssms] GPO Update Disable Manual MS checks The fact that we are still having this conversation daily over the past few months means that Microsoft is really screwing the pooch here. On Tue, Apr 11, 2017 at 9:42 AM, Hyatt, Dewayne <dehy...@ufl.edu<mailto:dehy...@ufl.edu>> wrote: Whoops… I had read that blog a while back but apparently not well enough. I am confused now though. I am using a GPO to define what branch our Windows 10 clients are in for Windows 10 servicing in SCCM. I thought that was the correct way to do it. I saw 1607 used different policies but it looked like it was doing the same thing. This blog said not to enable those policies. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Niall Brady Sent: Monday, April 10, 2017 3:37 PM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: Re: [mssms] GPO Update Disable Manual MS checks read this https://blogs.technet.microsoft.com/windowsserver/2017/01/09/why-wsus-and-sccm-managed-clients-are-reaching-out-to-microsoft-online/ dual scan is the cause On Mon, Apr 10, 2017 at 7:54 PM, Hyatt, Dewayne <dehy...@ufl.edu<mailto:dehy...@ufl.edu>> wrote: Sorry to hijack but this is somewhat relevant. Since we rolled out 1607 we have noticed machines are automatically getting updates from Microsoft update even though we have a GPO defining our SUP as the WSUS server. I was looking into blocking Microsoft update entirely (not sure that is what I want to do in our environment) and I ran across this thread. Has anyone else seen behavior like this? We’ve had a few different locations report this, then my own workstation did it this morning, at that point I started to believe them ☺. Thanks, Dewayne From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Adam Juelich Sent: Thursday, March 30, 2017 8:46 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: Re: [mssms] GPO Update Disable Manual MS checks Yes, other than the GP setting to 'Disable Automatic Updates,' don't configure anything else related to it. There is the User-Side GP Setting: "Remove access to use all Windows Update features" That should do the trick. On Thu, Mar 30, 2017 at 7:12 AM, Daniel Ratliff <dratl...@humana.com<mailto:dratl...@humana.com>> wrote: Never configure any of your windows update settings with GPO, let SCCM handle that via local policy. I believe the setting you want is here for Win10: https://miketerrill.net/2016/10/11/disable-check-online-for-updates-from-microsoft-update-in-windows-10/ For Win7, we just disable the ability to check online: https://weikingteh.wordpress.com/2012/09/20/how-to-disable-the-check-online-for-updates-from-microsoft-update-link-in-the-windows-update-icon-in-control-panel/ Daniel Ratliff From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of S ConfigMgr Sent: Thursday, March 30, 2017 12:12 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] GPO Update Disable Manual MS checks Hello all, I have deployed SUP and Patching is working as expected. However my end users are able to use windows update, How can i block end users to stop installing patches from internet, I have windows 10 Enterprise and Professional Machines as end users. I have tried to deploy a group policy to disable Computer Configuration\Administrative Templates\Windows Components\Windows Update. 1. Find and double-click Configure Automatic Updates [0711 group policy step 3]<https://cms-images.idgesg.net/images/article/2016/06/0711-group-policy-step-3-100666831-orig.jpg> 2. In the resulting dialog box, select Enabled. 3. In the Options box, pull down the Configure automatic updating menu and select your preferred option. [0711 group policy step 4 and 5] 4. Still Updates are able to scan by user with ms site, How can I achieve this ? -- Thanks, ED The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
