Jump to content


Ocelaris

Client Push Warning, Disable Windows Updates to update.microsoft.com !

Recommended Posts

So we're about 80% complete with our migration of clients from 2007 to 2012. We discovered about 40 machines out of 2300 that have managed to be rebooted in the middle of the client update. The problem is that our WSUS point was the 2007 environment, once you uninstall the 2007 client they are free agents, and can go do updates to update.microsoft.com and download Internet Explorer 10 etc... and we have strict rules about which updates get pushed, particularly for the browser. We confirmed on a hanful of these machines that they dropped the old WSUS SCUP point, and got interrupted, and the CM 2012 server didn't pick them up until a few hours later and completed the client upgrade.

 

We've pushed a ADM "don't install IE 10" GPO, and are in the midst of doing a DNS blackhole for update.microsoft.com so clients at least on our network can't reach out to the web for updates. Eventually we'll roll back the DNS Blackhole, but just a warning to people out there if they manage their updates very carefully that you can get some rogue clients if you're doing client push.

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.