In our environment, not every machine on the domain is managed the same way, so we’re talking here about a scenario without SCCM or WSUS, but on the domain. We are very federated.
I put it to patchmanagement list like this: Say I have an engineering department that is exclusively win 7 because of a piece of scientific apparatus’s control software requires windows 7, so can’t be upgraded, and the business school that wants to install windows 10, but doesn’t want them to update at the cadence Microsoft sets and wants to defer upgrades. With the settings being mutually exclusive, who “wins” here? Leave the 7/8 one to satisfy engineering, only to leave the business school out? Or update GPCS with the windows 10 admx only to leave the possibility of an engineering machine getting upgraded that shouldn’t? both have legitimate business reasons for their scenario. From: [email protected] [mailto:[email protected]] On Behalf Of Johns, Damon (DoJ) Sent: Tuesday, September 15, 2015 4:16 PM To: [email protected] Subject: RE: [mssms] RE: A little: windows 10 windowsupdate.admx Would you really need to enable this GP setting though? In theory you would already have a policy disabling the “Configure Automatic Updates” policy and have updates being delivered by Software Updates in Configuration Manager which sets the internal Intranet update service location GP setting. Or is there still some combination of events that could lead to not setting Defer Upgrade being a problem? If you enable this policy setting, in Pro and Enterprise SKUs you can defer upgrades till the next upgrade period (at least a few months). If you do not have it set you will receive upgrades once they are available that will be installed as part of your update policies. Cheers Damon From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Niall Brady Sent: Wednesday, 16 September 2015 12:58 AM To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] RE: A little: windows 10 windowsupdate.admx on a related note, you can set the registry option in a task sequence (to defer upgrades) on windows 10 like so: cmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" /v "DeferUpgrade" /t REG_DWORD /d 1 /f On Tue, Sep 15, 2015 at 4:41 PM, Jason Sandys <[email protected]<mailto:[email protected]>> wrote: Crack the ADMX file and look at the registry values they set. They are probably different values and thus not really mutually exclusive, they just aren’t both presented in the ADMXs at the same time. Probably a short-sighted decision by whomever created the Win10 ADMX but there’s no reason you can’t edit the same GPO using two different ADMX files. J From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Mote, Todd Sent: Tuesday, September 15, 2015 9:14 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] OT: A little: windows 10 windowsupdate.admx Not really CM related I know, but there are some knowledgeable folks here about all things MS so I thought I’d float this by you all too. I sent this to patchmanagement.org<http://patchmanagement.org> a little bit ago too. So, I’m looking into copying all the Windows 10 group policy admx’s to our domain central store and found this: On the left is the Windows 10 windowsupdate local policy from a windows 10 machine, on the right is the current windowsupdate policy from my central store. Notice the descriptions for “defer upgrade” and “turn off the upgrade to the latest version of windows through windows update”. The new one requires “At least Windows 10…”, and the old one requires “Windows 7 SP1, Windows 8.1 Update”. If I replace this admx in my domain central store, it is no longer possible to turn off the upgrade via policy for Windows 7 and 8? And if I replace windowsupdate.admx with the old one so it can, can Windows 10 no longer defer an upgrade? Should these really be mutually exclusive like this? We’re going to have a mix of 7, 8, and 10 for a long while… All other policies appear to be the same. [cid:[email protected]] Todd Todd Mote, MCP, MCSA+Messaging, MCSE | [email protected]<mailto:[email protected]> Enterprise Systems Management | Information Technology Services | The University of Texas at Austin ________________________________ CONFIDENTIALITY NOTICE AND DISCLAIMER The information in this transmission may be confidential and/or protected by legal professional privilege, and is intended only for the person or persons to whom it is addressed. If you are not such a person, you are warned that any disclosure, copying or dissemination of the information is unauthorised. If you have received the transmission in error, please immediately contact this office by telephone, fax or email, to inform us of the error and to enable arrangements to be made for the destruction of the transmission, or its return at our cost. No liability is accepted for any unauthorised use of the information contained in this transmission.
