Instead of repeating their blog post, please see the attached image (my emphasis in red). If anyone at any time has modified the local machine’s settings for Windows Update for Business, e.g. Incredibly obnoxious, but this list is the only solution I could come up with to resolve the issue.setting the configuration to Defer Upgrades (1507 & 1511), Defer Feature Upgrades (1607), changing to Current Branch for Business (1703), or even disabling these settings via GPO, the computer will now ALSO download updates directly from Microsoft? I’m frustrated because as mentioned in the beginning of this article, I followed the SCCM configuration steps outlined by Microsoft themselves. Not a single reply was given by Microsoft – and then comments were closed. See here Below are some screen shots our team sent out to the various office IT admins – asking them to never modify these settings when setting up a new machine.
Although automatic update is a very convenient way to keep Windows up to date, but I personally do not like Windows or any third party software to automatically do things in background without my knowledge, unless I schedule it to do that.Allegedly referred to as a “dual scan” scenario, what this truly is is a terrible bug that was not caught months ago. And despite following them to a T – our company was put into a terrible position where devices were saturating Internet links when Windows 10 updates were released. What’s further frustrating is reading the comment section on the Microsoft Blog that brought this to my attention. The problem here is that once a machine is managed by SCCM (and WSUS/updates are configured) these settings are supposed to be hidden.Unfortunately, if the setting was modified prior to the SCCM client being installed, it’s possible the setting remains. Windows update works fine when you apply the solution described below.However, you may wish to consider whether you want to apply the "Roll-up" update until you understand the implications.These days, we are monitoring this issue:when one was developing a utility that monitors log files as they are updated.On 2003, opening the log file folder in explorer, you can see the timestamp and files size change before your eyes each time the log is updated.Following the Official Microsoft Installation Procedures, I installed SCCM CB 1702 and configured Windows 10 updates using System Center Configuration Manager (see here).Despite triple checking my work and banging my head against the wall, I could not for the life of me figure out why some of our Windows 10 devices were still downloading/installing their updates from Microsoft Update (directly – versus installing the updates I’m deploying over SCCM). Even though they were all receiving the exact same GPO’s – some devices were reaching out to Microsoft to download their updates even when a WSUS server was manually defined via SCCM. After finding a buried blog post from the Windows Server team back in January I have realized that Microsoft contradicted themselves. Because as mentioned above, Microsoft can’t seem to decide on a name for these features and each version of Windows has a different registry (or GPO setting) for the same functionality.This convenience rollup package, available to download from q=3125574, contains all the security and non-security fixes released since the release of Windows 7 SP1 that are suitable for general distribution, up through April 2016.