WSUS is offering Windows 11 22H2 2023-05B to all ineligible PCs.

Hello,

If your WSUS server is attempting to offer Windows 11 updates to ineligible Windows 10 computers every month, you need to adjust the update approvals and settings to prevent this behavior. Here's how you can stop Windows 11 updates from being offered to ineligible computers while still allowing the updates for eligible Windows 11 computers:

Check Update Classifications:

Ensure that you have the appropriate update classifications selected in your WSUS server. To do this, go to the WSUS console, click on "Options," then "Products and Classifications." Make sure that only the necessary products and classifications are selected. For Windows 11, you should have "Windows 11" selected under "Products."

Targeting Rules:

You can use targeting rules in WSUS to specify which computers should receive specific updates. Create a targeting rule to target Windows 11 computers based on specific criteria, such as OS version, and ensure that the targeting rule includes only eligible Windows 11 computers.

Decline Windows 11 Updates for Ineligible Computers:

In the WSUS console, go to "Updates" > "All Updates." Search for the Windows 11 updates that are being offered to ineligible computers. Right-click on those updates and select "Decline." This will prevent the updates from being offered to any computers in the future.

Approve Updates for Specific Computer Groups:

Create a computer group in WSUS for eligible Windows 11 computers. Approve the Windows 11 updates only for this specific computer group. To do this, right-click on the updates, select "Approve," and choose the computer group where the updates should be approved.

Exclude Ineligible Computers from Automatic Approvals:

If you have automatic approval rules in WSUS, modify them to exclude ineligible computers from being included in those rules. This way, the updates won't be automatically approved for those computers.

Check Auto-Approval Rules for Windows 11:

If you have auto-approval rules for Windows 11 updates, review and adjust them to ensure they only apply to eligible computers.

Monitor Deployment Status:

Regularly monitor the deployment status in WSUS to verify that the Windows 11 updates are only being installed on eligible computers.

By following these steps, you can prevent Windows 11 updates from being offered to ineligible computers while still allowing them to be approved for the computers that actually need them. This approach ensures that only the appropriate updates are deployed to the correct target groups and reduces the risk of failed installations on ineligible systems.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer–