This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
i've approved windows 11 upgrade for 1 WSUS group that i shouldn't approved. What is the quickest and most reliable way to unapprove that same update which was approved for aprox 3 hours and stop it to being installed?
I've done unapproval(Approve->Not approved for group) on the same update but bandwidth stayed the same so i guess the changes aren't prompt as i wanted them to be
The next thing we did is disabling network communication on that network segment over IP to the WSUS
What should we do next to be sure that update will not download and install?
Should we lower the interval for "Automatic Update Detecting Frequency" or if there is no network for longer period than AUDF will clients communicate with WSUS immediately after allowing network and see that the update its not approved now and will stop downloading?
Or should i connect to multiple pcs and clear software distribution folder and readd to same wsus group?
Any help would be great ASAP
Thanks in advance
edit:
I see that 1 pc that was in the group(but its not in production) and we didn't disable network traffic to wsus did downloaded full upgrade but it was scheduled to install tomorrow(by GPO setting) and was in state "Pending install" but after some time there is no more "Pending install" message so i guess unapproval works but not immediately
edit2:
Silly thing, 1hour after allowing network traffic i can see full bandwith consumption from specific group of pcs downloading from wsus
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Thanks, it's been solved.
There is sync period within GPO for WSUS that is minimum 1 hour so the unapprove is related to that period. It's just unclear how does it work when there is no network connection, why it didn't sync immediately after network was not blocked anymore. Does it have timestamps so it does sync in specific time whether it has network connection to WSUS or not
Hello Ivan Bajo,
thank you for posting on the Microsoft Community Forums.
Based on the description, I understand that your issue is related to WSUS.
Since there are no engineers dedicated to WSUS in this forum. In order to be able to deal with your questions quickly and efficiently, I recommend that you repost your questions in the Q&A forum, where there will be a dedicated engineer to provide you with a professional and effective response.
Here is a link to the Q&A forum: https://learn.microsoft.com/en-us/answers/questions/
Have a nice day.
Best regards,
Lei
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more