How to have/allow notebooks to also check online for updates

F. McLion 1 Reputation point
2020-07-27T13:50:32.813+00:00

Hi,
I have configured all desktops and notebooks by GPO to check on our internal WSUS for managed updates.
I now want the notebooks to also check directly on line with MS for updates periodically.
Is there any setting that can accomplish that or is it only possible one or the other?
Thanks

btw.. where have all my stats and profile history/settings gone while moving from Technet to Q&A ?!?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,119 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andrei Stoica 11 Reputation points Microsoft Employee
    2020-07-27T17:39:41.257+00:00

    Hi,

    for Windows updates, one or the other is possible automatically. You can find a summary of all possible scenarios and what policies to configure here:
    https://learn.microsoft.com/en-us/archive/blogs/wsus/improving-dual-scan-on-1607

    You can have both at the same time, but searches on WU/MU will need to be triggered by hand by clicking on the "Check online for updates" link in the Settings page.

    HTH,
    Andrei

    1 person found this answer helpful.
    0 comments
  2. Rita Hu -MSFT 9,626 Reputation points
    2020-07-28T02:31:00.213+00:00

    Hi McLion,

    Thank you for posting on Q&A.

    If your laptop is connected to a WSUS server over a VPN, the laptop can get updates through WSUS. However, the laptop gets updates through the intranet.
    We could point the laptop to WSUS and get the updates from WSUS.

    Laptops can also get updates by checking online for updates from Microsoft Update. Please refer to the following picture:

    14001-%E5%AE%A2%E6%88%B7%E7%8E%AF%E5%A2%831.png

    Regards,
    Rita

    0 comments
  3. F. McLion 1 Reputation point
    2020-07-28T07:42:13.617+00:00

    Thank you guys.
    So, as expected, there is no setup to cover for that scenario that does not involve manual updating.
    Too bad, this is a common scenario i.e. for virus protection implemented by many brands. While at the office and joined to the domain, the local update server is active. While abroad (w/o VPN to office) updates are downloaded from the public web servers.

    Is it maybe an option to add the public MS update address as alternate server in the config GPO?

  4. Andrei Stoica 11 Reputation points Microsoft Employee
    2020-07-28T15:54:24.94+00:00

    Hey,

    this should be covered in the future by UUP:
    https://oofhours.com/2019/08/06/uup-is-still-coming-soon-and-dynamic-update-is-still-important/

    No, that is not possible. What some companies are doing is using a script which tried to reach a corpnet resource and if that does not resolved, remove the WSUS policies. Then the PC will go to MU/WU for updates instead of the WSUS server it cannot reach anyways. When the user is back in the corpnet, the WSUS policy will be reapplied.

    HTH,
    Andrei

    0 comments
  5. Anna N 1 Reputation point
    2021-08-12T20:21:41.477+00:00

    hej ny på detta försöker lära mig men är rädd för att göra fel

    0 comments