question

McLion avatar image
0 Votes"
McLion asked AnnaN-0111 answered

How to have/allow notebooks to also check online for updates

Hi,
I have configured all desktops and notebooks by GPO to check on our internal WSUS for managed updates.
I now want the notebooks to also check directly on line with MS for updates periodically.
Is there any setting that can accomplish that or is it only possible one or the other?
Thanks

btw.. where have all my stats and profile history/settings gone while moving from Technet to Q&A ?!?

windows-server-update-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

andreiztm avatar image
1 Vote"
andreiztm answered

Hi,

for Windows updates, one or the other is possible automatically. You can find a summary of all possible scenarios and what policies to configure here:
https://docs.microsoft.com/en-us/archive/blogs/wsus/improving-dual-scan-on-1607

You can have both at the same time, but searches on WU/MU will need to be triggered by hand by clicking on the "Check online for updates" link in the Settings page.

HTH,
Andrei

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RitaHu-MSFT avatar image
0 Votes"
RitaHu-MSFT answered RitaHu-MSFT edited

Hi McLion,


Thank you for posting on Q&A.


If your laptop is connected to a WSUS server over a VPN, the laptop can get updates through WSUS. However, the laptop gets updates through the intranet.
We could point the laptop to WSUS and get the updates from WSUS.

Laptops can also get updates by checking online for updates from Microsoft Update. Please refer to the following picture:


14001-%E5%AE%A2%E6%88%B7%E7%8E%AF%E5%A2%831.png

Regards,
Rita



客户环境1.png (3.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

McLion avatar image
0 Votes"
McLion answered RitaHu-MSFT commented

Thank you guys.
So, as expected, there is no setup to cover for that scenario that does not involve manual updating.
Too bad, this is a common scenario i.e. for virus protection implemented by many brands. While at the office and joined to the domain, the local update server is active. While abroad (w/o VPN to office) updates are downloaded from the public web servers.

Is it maybe an option to add the public MS update address as alternate server in the config GPO?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi McL,


In my opinion, it is difficult to achieve this feature. But we could get updates from the Microsoft Update by clicking on the icon below.


14227-%E5%AE%A2%E6%88%B7%E7%8E%AF%E5%A2%83.png
Regards,
Rita


0 Votes 0 ·
客户环境.png (3.4 KiB)
andreiztm avatar image
0 Votes"
andreiztm answered

Hey,

this should be covered in the future by UUP:
https://oofhours.com/2019/08/06/uup-is-still-coming-soon-and-dynamic-update-is-still-important/

No, that is not possible. What some companies are doing is using a script which tried to reach a corpnet resource and if that does not resolved, remove the WSUS policies. Then the PC will go to MU/WU for updates instead of the WSUS server it cannot reach anyways. When the user is back in the corpnet, the WSUS policy will be reapplied.

HTH,
Andrei

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnnaN-0111 avatar image
0 Votes"
AnnaN-0111 answered

hej ny på detta försöker lära mig men är rädd för att göra fel

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.