Dual Scan – Making Sense of Why So Many Admins Have Issues

What do the following have in common for WSUS Administrators?

  • Select when Preview Builds and Feature Updates are received (BranchReadinessLevel, DeferFeatureUpdates, DeferFeatureUpdatesPeriodInDays, PauseFeatureUpdatesStartTime)
  • Select when Quality Updates are received (DeferQualityUpdates, DeferQualityUpdatesPeriodInDays)

Besides being Windows Update for Business policies (a fundamental change of the way you think about updates), when specified in a WSUS network, they cause havoc because of that pesky little thing called dual scan.

Let’s take a step back.

When utilizing WSUS you are already ‘in control’; or should be. Because of this, in a WSUS network, there is zero reason to enable these policies. They may sound fantastic to the administrator, but the administrator doesn’t know why these policies exist, or how they interact with others (these are not the only policies that I’ve seen WSUS Administrators fumble over either).

An update will only reach a client machine when it is approved; not before. If you don’t want the feature upgrades to install right now, don’t approve them. If you don’t want the cumulative updates to install right away because you want a week or 2 ‘staying’ period to see if others are having issues with them, don’t approve them.

So, What Should I Do?

If you have WSUS, don’t set these polices. If you have them already set, set them to ‘Not configured’. Also make sure that in your WSUS server location settings that you specify ‘Set the alternate download server’ as explained in part 4 of my 8 part blog series on How to Setup, Manage, and Maintain WSUS.

If you’re setting the keys by registry edits, they have multiple places in the registry and can be located at:

HKLM\Software\Microsoft\PolicyManager\default\Update\BranchReadinessLevel
HKLM\Software\Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays
HKLM\Software\Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays
HKLM\Software\Microsoft\PolicyManager\default\Update\DeferUpdatePeriod
HKLM\Software\Microsoft\PolicyManager\default\Update\DeferUpgradePeriod
HKLM\Software\Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate
HKLM\Software\Microsoft\PolicyManager\default\Update\PauseDeferrals
HKLM\Software\Microsoft\PolicyManager\default\Update\PauseFeatureUpdates
HKLM\Software\Microsoft\PolicyManager\default\Update\PauseQualityUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartDate
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdatesPeriodInDays
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdatesStartTime
HKLM\Software\Microsoft\WindowsUpdate\UX\Settings\BranchReadinessLevel
HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings\DeferUpgrade
HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings\DeferFeatureUpdatesPeriodInDays
HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings\DeferQualityUpdatesPeriodInDays
HKLM\Software\Microsoft\WindowsUpdate\UX\Settings\ExcludeWUDriversInQualityUpdate
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate
/ Tags:

Share the Post

About the Author