You know how it is, Windows 7 is going EOL, you have had a bit of Windows 10 in play, starting at 1511 and upgraded last year to 1703 and you looking at rolling out 1809 and getting off Windows 7 before January 2020. You have thousands of Windows 7 devices and 50 – 100 Windows 10 mobile devices that you have been piloting with Windows 10, they are well less that the margin of error for devices with faulty Windows Update or SCCM Clients
So now your starting to roll out more devices and your finding that Windows Updates on Windows 10 is not working. Why?
What has happened is that Microsoft, through their “evergreen” product did the dirty on you with Windows ADMX files. They pulled a bunch of settings out of the Windows 10 ADMX and did not tell you
Well they sorta did, buried in Why WSUS and SCCM managed clients are reaching out to Microsoft Online
is the fact they implemented Dual Scan Demystifying “Dual Scan”
So buried in here is a littel GEM
Ensure that the registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate doesn’t reflect any of these values.
- DeferFeatureUpdate
- DeferFeatureUpdatePeriodInDays
- DeferQualityUpdate
- DeferQualityUpdatePeriodInDays
- PauseFeatureUpdate
- PauseQualityUpdate
- DeferUpgrade
- ExcludeWUDriversInQualityUpdate
If you have any of these registry entries set, Windows Updates will not work
Q:Where did they come from?
A: 1511 ADMX – these in particular
Q:How do I get rid of them
A:You have to do two things
- Remove the extra registry settings friom the GPO
Follow article using “Remove-GPRegistryValue” to remove extra registry setting.
This will mean the extra registry settings will no longer be applied by the GPO - Use GPO to actively delete the registry settings Follow this article
Then follow SCCM – How do I Setup SCCM Properly for Windows Updates