How to quickly get new Windows 10 update

by ·

Recently, Windows 10 20H2 RTM was released, but under normal circumstances, Microsoft will only push to a small number of devices and then collect telemetry data while pushing.

Collecting telemetry data can determine which devices can be updated and which devices may fail after the update, and Microsoft will not push updates for the failed devices temporarily.

Recently, however, Microsoft has also added some group policies, which allow corporate IT administrators to bypass Microsoft’s lockdown and directly obtain the new version of Windows 10.

Microsoft’s new group policy is called the security measures for disabling feature updates. The so-called security measures mean that Microsoft locks some devices and temporarily prohibits upgrading to new versions.

Usually only when Microsoft discovers compatibility issues will it lock specific categories of devices to block updates, but the new group policy allows companies to bypass security measures directly.

According to Microsoft, if enterprise administrators need to test, they can bypass security measures through Group Policy. After bypassing security measures, they can quickly obtain version updates.

Of course, Microsoft only recommends that corporate administrators bypass security measures for testing purposes because bypassing security measures and directly upgrading may cause some unexpected problems.

For example, the driver compatibility issues will cause the audio cannot be played after the upgrade, and some drivers will also cause the system blue screen of death and many other issues.

To configure the Configure Automatic Updates and Intranet Microsoft Update Service Location Group Policy settings for your environment

  1. Open Group Policy Management Console (gpmc.msc).
  2. Expand Forest\Domains\Your_Domain.
  3. Right-click Your_Domain, and then select Create a GPO in this domain, and Link it here.

     Note

    In this example, the Configure Automatic Updates and Intranet Microsoft Update Service Location Group Policy settings are specified for the entire domain. This is not a requirement; you can target these settings to any security group by using Security Filtering or a specific OU.

  4. In the New GPO dialog box, name the new GPO WSUS – Auto Updates and Intranet Update Service Location.
  5. Right-click the WSUS – Auto Updates and Intranet Update Service Location GPO, and then click Edit.
  6. In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update.
  7. Right-click the Configure Automatic Updates setting, and then click Edit.

     

  8. In the Configure Automatic Updates dialog box, select Enable.
  9. Under Options, from the Configure automatic updating list, select 3 – Auto download and notify for install, and then click OK.

     Important

    Use Regedit.exe to check that the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations

     Note

    There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see Configure Automatic Updates by Using Group Policy.

  10. Right-click the Specify intranet Microsoft update service location setting, and then select Edit.
  11. In the Specify intranet Microsoft update service location dialog box, select Enable.
  12. Under Options, in the Set the intranet update service for detecting updates and Set the intranet statistics server options, type http://Your_WSUS_Server_FQDN:PortNumber, and then select OK.

     Note

    The URL http://CONTOSO-WSUS1.contoso.com:8530 in the following image is just an example. In your environment, be sure to use the server name and port number for your WSUS instance.

     Note

    The default HTTP port for WSUS is 8530, and the default HTTP over Secure Sockets Layer (HTTPS) port is 8531. (The other options are 80 and 443; no other ports are supported.)

As Windows clients refresh their computer policies (the default Group Policy refresh setting is 90 minutes and when a computer restarts), computers start to appear in WSUS. Now that clients are communicating with the WSUS server, create the computer groups that align with your deployment rings.

Tags: