WSUS Dual scan

Antonio Calamonici 1 Reputation point
2020-12-18T01:05:12.847+00:00

I had a few questions regarding Office 365 updates as well as dual scan.

  1. We use volume licenses for Office. Why is it some folks can log in and get an option to edit update cadence, while others are missing this feature? (I am talking about going to "file", selecting "account" and seeing an option for updates)
  2. We have been grappling with a feature called Dual Scan. What actually causes Dual Scan to embed itself onto a system? Is it a specific KB that enables it?
  3. Assuming we cannot change local or domain GPOs, what is the best way to completely disable Dual Scan? I have seen "DisableDualScan" in regedit as one option. Is this the best way to go?
  4. If we do disable Dual Scan, can our server still get those small auto updates it occasionally downloads, or is the server totally cut off from Windows update once DS is disabled?

Thank you

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,110 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Adam J. Marshall 8,621 Reputation points MVP
    2020-12-18T01:14:39.767+00:00

    Review my guides:

    https://www.ajtek.ca/wsus/dual-scan-making-sense-of-why-so-many-admins-have-issues/
    https://www.ajtek.ca/wsus/windows-update-for-business-why-should-i-choose-it/

    Yes, regedit (remove the entries if they are existing).

    4 has no resemblence with Dual Scan.

  2. Adam J. Marshall 8,621 Reputation points MVP
    2020-12-18T01:23:40.763+00:00

    GPP? if it exists, it will remove it :)

    .REG file - if it exists, it will remove it - just execute on each system once if not able to use GPP (GPO Preferences) (assuming no other GPOs keep putting it back - in which case, fix that GPO)

    Add the DisableDualScan key - you still have to modify the registry through one of the ways above - in my opinion, better to remove the entries.

    0 comments
  3. Rita Hu -MSFT 9,626 Reputation points
    2020-12-18T08:02:56.797+00:00

    Hi AntonioCalamonici-0950,

    Thank you for posting on Q&A.

    Here are mu opinions of the above questions:

    1. Please get support on the Microsoft 365

    2 and 3. As we all know, the clients which are pointed to the WSUS will scan updates and get updates from WSUS Server. In my opinion, the Dual Scan means that the clients will scan from both WSUS Server and Windows Updates. The clients who enabled the one of the policies in the Windows Updates for Business will enable dual scan:
    Select when Feature Updates are received
    Select when Quality Updates are received

    In addition, we could enable the below policy on the clients to prevent from getting updates from the Windows Update and disable dual scan:
    Do not allow update deferral policies to cause scans against Windows Update

    Please remember to inform if there are any updates about this issue. Thanks for your time and have a great day.

    Regards,
    Rita

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments