cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Forced Upgrades on domain joined machines

Andrew Watson
Copper Contributor

‎Mar 21 2018 05:23 PM

‎Mar 21 2018 05:23 PM

Forced Upgrades on domain joined machines

I am absolutely defeated by Windows Update, after spending months trying to get it working how I want it, I now have the Upgrade Assistant installing itself onto PC's all over my network. I have WSUS policies in place and delivery optimization policies yet its bypassing these and going out to the internet and pulling in upgrades.

 

The upgrade assistant keeps reinstalling itself minutes after removing it.

The upgrade fails so its constantly looping on some PC's and also killing our WAN.

 

Its an absolute disgrace that this is happening.

 

Even if I disable the Windows Update Service it re-enables it constantly.

 

Does anyone at Microsoft care about the mental health of the poor people who have to deal with this **bleep** day in and day out.

 

If this ends up happening on our sales tablet fleet then I will probably lose my job over it due to massive lost productivity.

 

WHAT DO I HAVE TO DO TO STOP THIS HAPPENING???????????????????????????

Can someone from MS please respond and give me dam help!!!!!!

2,230 Views
1 Like
9 Replies
Reply
9 Replies
best response confirmed by Andrew Watson (Copper Contributor)
Andrew Watson

‎Mar 25 2018 03:30 PM

‎Mar 25 2018 03:30 PM

Solution

Re: Forced Upgrades on domain joined machines

https://www.captiongenerator.com/949572/Windows-Update-Hell

0 Likes
Reply
Susan Bradley

‎Mar 27 2018 11:05 AM

‎Mar 27 2018 11:05 AM

Re: Forced Upgrades on domain joined machines

Do you have the deferral set to push off CBB/Semi annual for XXX number of days?

0 Likes
Reply
Susan Bradley

‎Mar 27 2018 11:14 AM

‎Mar 27 2018 11:14 AM

Re: Forced Upgrades on domain joined machines

win10app.JPG  Is the upgrade assistant you are seeing the modern app one?(which if you are like me and have only Windows 10 pro, you can't control consumer apps installed from the store without upgrading to Enterprise)

0 Likes
Reply
Susan Bradley

‎Mar 27 2018 11:17 AM

‎Mar 27 2018 11:17 AM

Re: Forced Upgrades on domain joined machines

https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/   You can block the ability for workstations to download from WU

Other admins have been a bit more adventuresome in changing permissions on the upgrade folder: https://community.spiceworks.com/topic/2077036-how-to-block-1709-download-from-windows-update

0 Likes
Reply
Andrew Watson

‎Mar 27 2018 11:42 PM

‎Mar 27 2018 11:42 PM

Re: Forced Upgrades on domain joined machines

I already have the policies in place that are supposed to prevent this from happening.

I even have the policy 'Do not connect to any Windows Update Internet Locations' yet I still have the Update Assistant installing itself constantly onto random machines (not all) which are 1511 or 1607.

0 Likes
Reply
Andrew Watson

‎Mar 28 2018 01:14 AM

‎Mar 28 2018 01:14 AM

Re: Forced Upgrades on domain joined machines

It says it right here in the Servicing Tools section of this article.

https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview

 

  • Windows Server Update Services (WSUS) provides extensive control over Windows 10 updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready.

All I want to do is control this through WSUS, I need an explanation to why this Update Assistant is appearing so randomly around my network and not everywhere. Why is it not recognizing my "approval layer" from WSUS? This is all I am trying to achieve here and this has seemingly worked fine up until a week ago when this Update Assistant virus started raising its head.

 

Its crippling our Business and not even MS support can help, they told me that these upgrades will be forced and there is basically nothing I can do about it due to it being my fault for not planning for this better. They said this update assistant is eventually going to hit every machine in the environment and will ramp up once support for 1607 ends in 2 weeks.

 

Can someone from the Servicing Team please confirm this for me?

 

I need to stop this Update Assistant and I shouldn't need to do so through horrible workarounds.

 

0 Likes
Reply
Susan Bradley

‎Apr 02 2018 12:51 PM

‎Apr 02 2018 12:51 PM

Re: Forced Upgrades on domain joined machines

It is the one that is the store app?  As that wouldn't come through WU but through store.

0 Likes
Reply
Susan Bradley

‎Apr 02 2018 12:52 PM

‎Apr 02 2018 12:52 PM

Re: Forced Upgrades on domain joined machines

BTW 1607 does drop out of support after April unless you are running Enterprise or Education, do you have those versions?

0 Likes
Reply
1 best response

Accepted Solutions