Win10 WAAS - Update deployment approach

fonzee · 6 Apr 2018 at 15:29

Hi all,

Just interested in those of you with experience in deploying en mass the Win10 quality and feature updates. Specifically those of you with remote sites with poor WAN connectivity and using WSUS, not SCCM.

I'm more interested in what your P2P method is and what control methods you employ in terms of scheduling and throttling.

Are you employing DO or BranchCache and in what combo? e.g. Are you utilising bypass download mode to enable BITS for DO and why? Are you throttling your BITS for certain poorly-linked sites etc?

What sort of reporting are you using on the effect? I know SCCM has some fancy reporting analysis, are there any decent PS queries you are running? Any decent third party tools?

Have you employed ring deployment stages in WSUS as per technet pages? How has that worked out?

How are you dealing with remote users who are rarely in the office? Our VPN solution routes internet traffic locally outside of the tunnel for example, so I am looking at deploying a GPO to this user group to include internet PCs in their DO scope (as opposed to DO on LAN only). Anyone done similar?

Just interested in how some of you are handling this and any best practice / tips.

Thanks!

fonzee · 11 Apr 2018 at 16:58

Eney Wan?

Was hoping someone would have tackled this before!

glenimp617 · 2 May 2018 at 11:11

I don't think many people understand (or are interested) in the two year win10 refresh cycle! or they do, and have decided to use LTSB instead. also, remember many people are still using Windows 7.

any reason you are not using SCCM? The ability to do this, and also support clients over the internet (although I would look into direct access for that personally) would help you no end, as would the reporting. It's our bread and butter. We have weekly meetings on a Friday where we put up the SCCM reports on the big screen and look at percentages of patch/unpatched clients and servers. Windows 10 best feature is the new method of patching, a significant step up over windows 7 (as is server2016>2012). The reports we see show a near 100% patched environment each and every week. We have 100+ servers, 4,000+ clients and many laptops outside the company. SCCM (when done right) is pretty damn awesome.

How many clients are we talking about?

fonzee · 25 Jun 2018 at 16:25

Thanks for responding, apologies I had not checked in a while!

We have ~2k clients in the BU we look after, and from what I can tell (fairly new to the company) the SCCM argument has never been made from a global perspective further up the chain, so albeit out of our control atm. So until then we are having to battle with WSUS :/

leigh_boy · 26 Jun 2018 at 08:27

we uses wsus servers at 5 sites and you can set it so one is a master, so we do that and we use name space so that it gets updates from its most local server

fonzee · 10 Oct 2018 at 15:26

leigh_boy said:
we uses wsus servers at 5 sites and you can set it so one is a master, so we do that and we use name space so that it gets updates from its most local server

and how are you dealing with deploying the ~3.5GB Win10 quality updates via WSUS? Any remote users?