One new feature (let’s call it a fix) included in the October Cumulative Update for Windows 10 (1703), is the ability to manage the Dual Scan capability that was first introduced in Windows 10 version 1607. Dual Scan behavior gave enterprises the ability to select Windows Update (WU) to be their primary update source and then WSUS as a secondary source for all other update content. In making this function available, Microsoft broke software deployments for Configuration Manager customers. Microsoft quickly provided workarounds for enterprises that suffered from the oversight, but this month’s CU delivers new capabilities to finally solve it.
The fix is a Group Policy setting called “Do not allow update deferral policies to cause scans against Windows Update.”
This policy and the fix was described in an August post, called: Improving Dual Scan on 1607
The post also talks about how to use this new feature in relation to Configuration Manager.
Also, updated information, gives the following summary of how this works:
- To use WUfB deferral policies while disabling Dual Scan, use GPO to configure all required settings.
- To use Dual Scan with WUfB deferral policies, configure and deploy WUfB policy via ConfigMgr.
- And if you’re still managing some Windows 10 version 1607 clients, the August cumulative update for 1607 also includes the new Dual Scan policy. You can use GPO to set deferral polices and disable Dual Scan when running ConfigMgr version 1706.
BIG NOTE: Though this new CU provides a fix, Microsoft is still working on solving it completely. Unfortunately, currently the Group Policy setting can only be applied on the local machine. Domain-level application will be available when updated administrator template files are delivered later this year.
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!