Does Windows 10 consistently respect Windows Update GPO settings?

I realize this is an open-ended question--I'm not asking on behalf of a particular customer--but we're wondering if Windows 10 always respects the GPOs we've set for Windows Update, which point all domain PCs to our on-premises WSUS server with specific maintenance windows and restart settings.

I'm hearing anecdotal evidence that 10 may bypass WSUS (and any other WU-related settings imposed by GP) and update and restart itself whenever Microsoft deems this necessary.  I don't have "smoking gun" proof yet, but cursory Googling suggests I'm not the only one who's getting suspicious, and we're seeing some erratic update behavior on our fleet of Win 10 Surfaces.

What has your experience been like?  Do you use WSUS, or a third-party patch management solution?
AA-in-CAAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Semantics matter here.yes, windows 10 is consistent in respecting policies and how it respects them. That does NOT mean it respects ALL policies. Particularly with 7 and previous  several policies no longer are used  so they are consistently IGNORED.

If you are seeing inconsistent behavior though, that is99. 99999% likely to be a configuration issue. There is no statistically relevant reports of windows 10 arbitrarily deciding to install updates outside of WSUS because "Microsoft" deemed it so.
0
AA-in-CAAuthor Commented:
How do I determine whether a policy will be ignored?  Is this labelled in the GP Editor?
0
Cliff GaliherCommented:
I don't recall any that aren't. Every policy has an applies to section. But since the editor can load policies from the central store if  if your templates are out of date, you could be misled.

If a template from windows 7 is used, it could say "windows XP and higher."

MS can change the behavior in windows 8. They also update their template to say "XP, Vista, and 7."* But if you do then update your templates, your editor still says "XP and higher." Thus is the burden of choosing to use a central store.  Same could be said of editing policies on an old OS without a central store truth be told.

So yes, you can tell. But you have to be cognizant of how group policies, the editor, and templates work.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PberSolutions ArchitectCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- Cliff Galiher (https:#a42350478)
-- Cliff Galiher (https:#a42350476)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Pber
Experts-Exchange Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.