Keep my computer updating
Despite triple checking my work and banging my head against the wall, I could not for the life of me figure out why some of our Windows 10 devices were still downloading/installing their updates from Microsoft Update (directly – versus installing the updates I’m deploying over SCCM). Even though they were all receiving the exact same GPO’s – some devices were reaching out to Microsoft to download their updates even when a WSUS server was manually defined via SCCM. After finding a buried blog post from the Windows Server team back in January I have realized that Microsoft contradicted themselves. Because as mentioned above, Microsoft can’t seem to decide on a name for these features and each version of Windows has a different registry (or GPO setting) for the same functionality.
Instead of repeating their blog post, please see the attached image (my emphasis in red). If anyone at any time has modified the local machine’s settings for Windows Update for Business, e.g. Incredibly obnoxious, but this list is the only solution I could come up with to resolve the issue.
Unfortunately, if the setting was modified prior to the SCCM client being installed, it’s possible the setting remains.
Now, since we have a GPO configured that deletes all potential reg keys, this shouldn’t be a problem (in theory) – however I would advise against modifying these settings regardless if you intend to patch your devices via SCCM.
Update (10/23/17): Microsoft has provided a new GPO in 1709 ADMX that (helps) resolve this issue! So, this is an extremely frustrating situation I recently ran into within the organization I work for.
Following the Official Microsoft Installation Procedures, I installed SCCM CB 1702 and configured Windows 10 updates using System Center Configuration Manager (see here).
The starting point for improving data quality and integrity is deciding just what data source, or sources, should be regarded as holding the "truth" when considering any data record. Alas, it is rarely straightforward, not least because so few organisations maintain all essential information in a single data store or database.
Organisations also need to recognise that elements of internal politics may come into play.
Another instance could be different internal systems providing a senior manager with different results, meaning that they must then spend additional time working out which one is correct.
Given the fact that data cleansing and integrity checking involves effort and, therefore, costs, managers should bear in mind that not all data is of equal business value.
Which data belongs in which category (and why) should be a business decision, not an IT one. Impure data is like impure blood – not good for the system.
This is quite different to occasional attempts to cleanse data sets.
At heart, the objective is to build an IT environment which is supported by operational processes, where important data is verified and, where suitable, enriched at the time it is created, captured or updated.