Leigh Kalbli
asked on
disable windows 10 upgrades remote office
I have about 10 "remote" offices that are actually mobile as our job sites move from one place to the other. The laptops on the job connect to a Cellular data modem (cradlepoint using verizon). The modems are on 10 GB plans.
After looking at some logs and high usage alerts, i determined that windows updates was kicking off and using the modems data.
How can i disabled the updates from even happening at these remote locations.
Our main static office uses a managed service for updates but we are getting killed with overage charges by verizon.
One thing to not is that all the remote sites modems are configured with site-to-site VPN so a GPO will work.
After looking at some logs and high usage alerts, i determined that windows updates was kicking off and using the modems data.
How can i disabled the updates from even happening at these remote locations.
Our main static office uses a managed service for updates but we are getting killed with overage charges by verizon.
One thing to not is that all the remote sites modems are configured with site-to-site VPN so a GPO will work.
John
Make sure in Settings, Network, that the device has been set as Metered so that updates will not use the connection.
ASKER
Can a gpo be used to set both the Ethernet and wireless adapters as metered ?
You can try. I think the option is there, but you should let updates happen over Ethernet. If not then, when?
The other thing to try in the remote office is to set Update Options to share updates across devices. This reduces update load.
ASKER
Updates would be applied when the job site closes down and equipment is turned into main office. Ill see what I can come up with.
Is there any way to leave the equipment on? You can set update for off-hours. I do this. But the computers need to be on (not logged on).
You can also just to leave them on and running (not logged in) on Patch Tuesdays.
ASKER
Thank you for the response but again the intent is to not allow the downloads period. The cellular modems are on a limited data plan.
You need some way to allow updates. Maybe increase the plan, set devices to share updates and do it that way.
You cannot turn Windows 10 update off.
You cannot turn Windows 10 update off.
Hi,
You might be able to achieve what you want by using WSUS and putting the machines into groups. You would then only authorise updates for a given group when that group was back in the office (or at least somewhere that gives you 'free' data).
Alan.
You might be able to achieve what you want by using WSUS and putting the machines into groups. You would then only authorise updates for a given group when that group was back in the office (or at least somewhere that gives you 'free' data).
Alan.
You cannot easily set ethernet connections as metered, however, there is a method. You can refer to this link for details:
https://www.windowscentral.com/how-set-ethernet-connection-metered-windows-10
(Unfortunately, it's a multi-step process that requires adjusting permissions and registry edits)
https://www.windowscentral.com/how-set-ethernet-connection-metered-windows-10
(Unfortunately, it's a multi-step process that requires adjusting permissions and registry edits)
All steps of LeeW's article can be automated using group policy preference registry items (actually, you will only deploy the registry setting, no permission editing needed) - please note that there is not predefined GPO for this. See if that works for you. Else, as you have been told, direct the devices to use a WSUS server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also take a look at "QOS"
https://docs.microsoft.com/en-us/windows-server/networking/technologies/qos/qos-policy-top
https://docs.microsoft.com/en-us/windows-server/networking/technologies/qos/qos-policy-top
If I were in your shoes, I would increase the plan to fit your needs. Overage charges are very expensive and a plan that fits will be cheaper and more efficient in the long run.
Then use your pick of WSUS or Windows 10 ability to share one download across devices.
Then use your pick of WSUS or Windows 10 ability to share one download across devices.
ASKER
Thanks all for the comments. The point of raising the plan is the center of issue. The sites only use moderate data, email and a work order portal. audio and video and basic web surfing are denied via the VPN policies so increasing the data plan is unnecessary. I have too many remote users complain about the windows updates taking up time for them and their day so suppressing them until back in the office is most ideal.
There is also another new GPO for windows 10 users where you can configure "Active hours" for windows updates to take place
https://docs.microsoft.com/en-us/windows/deployment/update/waas-restart
https://docs.microsoft.com/en-us/windows/deployment/update/waas-restart
The off-hours settings (noted farther back) works very well. Does not have to be GPO if you do not wish.
ASKER
i created a fake WSUS GPO for all remote devices to point to.
So how are you updating those now?
ASKER
The devices are updated when they come back to the main office when a job site is closed down.
Hi Leigh,
When I suggested using WSUS, I did not mean that you create a fake WSUS GPO.
I meant that you would put those machines into a group, and not approve updates for them until them come back to the office, then just approve the updates for those machines.
No need or desire for anything 'fake'.
Alan.
When I suggested using WSUS, I did not mean that you create a fake WSUS GPO.
I meant that you would put those machines into a group, and not approve updates for them until them come back to the office, then just approve the updates for those machines.
No need or desire for anything 'fake'.
Alan.
ASKER
The fake WSUs suites the need here. Each time the lasts come in they are Reinhard with an updated system image that contains the updates.
Okay - if it works, then that's great.
Alan.
Alan.
Leigh, please note that the solution you selected was not the first to mention WSUS, nor has it added additional steps that you adopted in your way of solving it. In the future, please be so kind to select either your own solution if you found it yourself or honor all solutions that helped you solve it. Thanks :-)
"nor has it added additional steps"
Hmmmm...... ".....and then leverage bandwidth throttling"
Looks like an additional step to me
Hmmmm...... ".....and then leverage bandwidth throttling"
Looks like an additional step to me
Sure, but not one he has used in his solution.
{Alan tips his hat to McKnife}
SMH
ASKER
I always enjoy all the sarcastic remarks from from people here.