Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, October 29, 2018 6:55 PM
Hi All,
Just wondering if anything has changed with the way the 'Configure Automatic Updates' being disabled affects the Windows Update Agent on devices? What are people's ways of managing this via SCCM?
If you disable it then the Windows Update Agent won't be updated so you will have to update this manually. Is this still the case with Windows 10 and Server 2016 because if you look at Microsoft's site to download this there are only versions for Windows 7 -8.1 and Server 2008 R2 - 2012?
I did find this but it seems a fairly long winded process. I would hope there is a simpler process:
Updating Windows Update Agent - 2018 post
Older excellent post on this (anything changed?):
https://home.configmgrftw.com/software-updates-management-and-group-policy-for-configmgr-cont/
Versions I can see are:
- 7.6.7601.23806
- 7.6.7601.24085
- 7.8.9200.17185
- 7.9.9600.18970
- 10.0.14393.2248
- 10.0.14393.2515
All replies (5)
Monday, October 29, 2018 8:13 PM ✅Answered | 1 vote
Technically you are talking about two different things. As far as the GPO settings are concerned the older post is still correct in so far as you should only be setting the configure automatic updates to disabled. This puts SCCM completely in charge of when updates are installed and downloaded. Now this doesn't prevent local admins from running the service manually, but it prevents auto updates and SCCM from stepping on each others toes.
The other issue you are dealing with is how to update the Windows update agent. This is a where it becomes more complicated. Prior to Windows 10 the agent was not updated nearly as much. However, in Windows 10 the agent is being updated on a pretty regular basis. As far as how it gets updated in SCCM you need to make sure that you are applying the monthly cumulative updates. The tricky part is that apparently if your Windows update agent gets too far out of whack than you may have issues where systems are reporting as compliant even though they aren't. You will probably want to create device collections with any specific versions of the update agent out there and than setup software deployments to get those systems up to the latest version. The initial process could be messy if you have a large number of versions out there, but once you have all of your systems up to date you should be able to just make sure that the monthly CU's get applied successfully to keep your systems up to date.
Tuesday, October 30, 2018 9:48 AM ✅Answered | 1 vote
The WUA is updated via a SSU:
"Both Windows 10 and Windows Server use the cumulative update mechanism, in which many fixes are packaged into a single update. Each cumulative update includes the changes and fixes from all previous updates.
However, there are some operating system fixes that aren’t included in a cumulative update but are still pre-requisites for the cumulative update. That is, the component that performs the actual updates sometimes itself requires an update."
Rolf Lidvall, Swedish Radio (Ltd)
Tuesday, October 30, 2018 7:07 PM ✅Answered | 1 vote
Take a look at this article that Microsoft released to describe the service stack vs the cumulative updates:
https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates
In essence it boils down to the monthly cumulative updates generally will include the latest service stack, including any updates to the Windows update agent. However, there are instances in which the service stack is released in a separate release and is a prerequisite before any further cumulative updates can be installed. Fun, huh?
Ultimately it comes down to making sure your ADR's are configured correctly so these separate service stack updates get downloaded and rolled up in your monthly deployments.
It used to be you could say all updates were released on patch Tuesday and be confident you weren't missing anything. However, now Microsoft releases updates at intermittent times. So what I do for my ADR is go back 60 days and remove any duplicate updates by hand. 60 days is probably overkill, but with situations like a servicing stack being a prerequisite for any further CU's a little manual leg work is worth it for me.
Last I looked there was a user voice item out there to help clear up this issue, but I am not sure where it is in the development pipeline.
Tuesday, October 30, 2018 4:28 PM
Thanks guys,
So it sounds like the Windows update Agent (WUA) update is not included int the Windows 10 monthly cumulative updates. That you have to use the Servicing Stack updates to update the WUA. Is that correct?
Tuesday, October 30, 2018 5:36 PM | 1 vote
Yes, that is what the article states and I have personally noticed the WUA version number increase after installing the 1607 (LTSB) SSU. I would not completely rule out though that MS some time could update the WUA via the CU.
Rolf Lidvall, Swedish Radio (Ltd)