Distribution of drivers through Windows updates

weltgoldstrider 26 Reputation points
2021-04-28T11:10:33.33+00:00

Hello,

I am using WSUS on all my sites to distribute Windows updates.

I keep coming across computers in my company where if I click on "check for updates online", many drivers will be installed. It would be nice if this would happen automatically.

How would a suitable group policy have to look so that just Windows clients get their updates (security updates, feature updates, ...) from WSUS but driver updates from Microsoft Update Online?

Many greetings
weltgoldstrider

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,183 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rita Hu -MSFT 9,626 Reputation points
    2021-04-29T03:23:26.443+00:00

    Hello weltgoldstrider,

    Thanks for your posting on Q&A.

    I researched many articles and it is not recommended to deploy Drivers by WSUS. But it's theoretically possible. In order to analysis further, I would like to sharing the working principle of the WSUS first.

    WSUS has a caching mechanism whereby the first-time update metadata is requested by any client WSUS will store it in memory. Further requests for the same update revision will retrieve the update metadata from memory instead of reading it from the database. Some of the metadata in the database is compressed, so not only must it be retrieved, it must be decompressed into memory, which is an expensive operation.

    For large metadata packages and many simultaneous requests, it can take longer than ASP.NET’s default timeout of 110 seconds to retrieve all of the metadata the client needs. When the timeout is hit, ASP.NET disconnects the client and aborts the thread doing the metadata retrieval.

    While the driver category in WSUS contains drivers from some of these vendors, we don't recommend that you use the category as an update mechanism for drivers because the category includes over 100,000 drivers and this can be problematic. The huge list of drivers is not manageable and the metadata alone could be enough to cause scan traffic to spike in your environment.

    Hope the above will be helpful. Have a nice day.

    Regards,
    Rita

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Adam J. Marshall 8,706 Reputation points MVP
    2021-04-29T12:36:00.227+00:00

    If you have Drivers enabled in WSUS, AND the appropriate product selected, any driver for said product will show up in WSUS for approval.

    If you have Drivers enabled but NOT the appropriate products selected, you'll notice you're missing different drivers for different things.

    Drivers is a classification of updates, however updates are released to "Products" and therefore if you don't have said product enabled, even though you have the Drivers classification selected, you won't receive the driver for that product.