Dual Scan – Making Sense of Why So Many Admins Have Issues

by | Last updated 2022.10.29 | Published on 2019.01.31 | Guides, WSUS

What do the following have in common for WSUS Administrators?

  • Select when Preview Builds and Feature Updates are received (BranchReadinessLevel, DeferFeatureUpdates, DeferFeatureUpdatesPeriodInDays, PauseFeatureUpdatesStartTime)
  • Select when Quality Updates are received (DeferQualityUpdates, DeferQualityUpdatesPeriodInDays)

Besides being Windows Update for Business policies (a fundamental change of the way you think about updates), when specified in a WSUS network, they cause havoc because of that pesky little thing called dual scan.

Let’s take a step back.

When utilizing WSUS you are already ‘in control’; or should be. Because of this, in a WSUS network, there is zero reason to enable these policies. They may sound fantastic to the administrator, but the administrator doesn’t know why these policies exist, or how they interact with others (these are not the only policies that I’ve seen WSUS Administrators fumble over either).

An update will only reach a client machine when it is approved; not before. If you don’t want the feature upgrades to install right now, don’t approve them. If you don’t want the cumulative updates to install right away because you want a week or 2 ‘staying’ period to see if others are having issues with them, don’t approve them.

So, What Should I Do?

If you have WSUS, don’t set these polices. If you have them already set, set them to ‘Not configured’. Also make sure that in your WSUS server location settings that you specify ‘Set the alternate download server’ as explained in part 4 of my 8 part blog series on How to Setup, Manage, and Maintain WSUS.

If you’re setting the keys by registry edits, they have multiple places in the registry and can be located at:

HKLM\Software\Microsoft\PolicyManager\default\Update\BranchReadinessLevel
HKLM\Software\Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays
HKLM\Software\Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays
HKLM\Software\Microsoft\PolicyManager\default\Update\DeferUpdatePeriod
HKLM\Software\Microsoft\PolicyManager\default\Update\DeferUpgradePeriod
HKLM\Software\Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate
HKLM\Software\Microsoft\PolicyManager\default\Update\PauseDeferrals
HKLM\Software\Microsoft\PolicyManager\default\Update\PauseFeatureUpdates
HKLM\Software\Microsoft\PolicyManager\default\Update\PauseQualityUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartDate
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdatesPeriodInDays
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdatesStartTime
HKLM\Software\Microsoft\WindowsUpdate\UX\Settings\BranchReadinessLevel
HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings\DeferUpgrade
HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings\DeferFeatureUpdatesPeriodInDays
HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings\DeferQualityUpdatesPeriodInDays
HKLM\Software\Microsoft\WindowsUpdate\UX\Settings\ExcludeWUDriversInQualityUpdate
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate
WSUS System Requirements – What Should I Plan For?

WSUS System Requirements – What Should I Plan For?

Microsoft's official system requirements are a good starting point, however, they don't give you the full picture. Let's look at this one by one. Processor: 1.4 gigahertz (GHz) x64 processor (2 Ghz or faster is recommended) So, 1.4-2.0 GHz is already in play by pretty...

Externally Facing WSUS Servers

Externally Facing WSUS Servers

Take the following questions into consideration: How can we solve the problem with controlling updates and reporting both internally and externally using WSUS? How do we make sure that all of our client systems receive updates whether they are inside or outside the...

How to Migrate or Upgrade WSUS

How to Migrate or Upgrade WSUS

There are 3 different types of ways to upgrade WSUS. Install the new Server OS, install the WSUS role synchronizing with Microsoft Update, creating your groups, adjusting your settings, and then changing your GPOs over to the new server. An In-place upgrade of the...