Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Issue 198 - Disable Dual Scan #225

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

brajjan
Copy link

@brajjan brajjan commented May 23, 2024

Add parameter disable_dual_scan (default undef) to be able to not allow update deferral policies to cause scans against Windows Update when using WSUS server

As I'm new to tests - please verify if more tests are needed.

Summary

Adds a new boolean parameter disable_dual_scan that defaults to undef. Set to true of you need to disable Dual Scan to prevent a client from trying to connect to Windows Update sources even though you have configured the server to get updates from WSUS

If this is not applied and Deferal settings has been set before in a GPO - The client will still have that settings in a cache that sets the client to fetch updates from Windows Update source instead of WSUS

If not applied - this could happen

PS C:\> Get-WUServiceManager

ServiceID                            IsManaged IsDefault Name
---------                            --------- --------- ----
7971f918-a847-4430-9279-4a52d1efe18d False     False     Microsoft Update
8b24b027-1dee-babb-9a95-3517dfb9c552 False     False     DCat Flighting Prod
855e8a7c-ecb4-4ca3-b045-1dfa50104289 False     False     Windows Store (DCat Prod)
3da21691-e39d-4da6-8a4b-b43877bcb1b7 True      False     Windows Server Update Service
9482f4b4-e343-43b6-b170-9a65bc822c77 False     True      Windows Update

When this property is set

PS C:\> Get-WUServiceManager

ServiceID                            IsManaged IsDefault Name
---------                            --------- --------- ----
7971f918-a847-4430-9279-4a52d1efe18d False     False     Microsoft Update
8b24b027-1dee-babb-9a95-3517dfb9c552 False     False     DCat Flighting Prod
855e8a7c-ecb4-4ca3-b045-1dfa50104289 False     False     Windows Store (DCat Prod)
3da21691-e39d-4da6-8a4b-b43877bcb1b7 True      True      Windows Server Update Service
9482f4b4-e343-43b6-b170-9a65bc822c77 False     False     Windows Update

Additional Context

Add any additional context about the problem here.

  • Root cause and the steps to reproduce. (If applicable)
  • Thought process behind the implementation.

Related Issues (if any)

Mention any related issues or pull requests.
closes #198

Checklist

  • 🟢 Spec tests.
  • 🟢 Acceptance tests.
  • Manually verified. (For example puppet apply)

@brajjan brajjan requested a review from a team as a code owner May 23, 2024 11:00
@CLAassistant
Copy link

CLAassistant commented May 23, 2024

CLA assistant check
All committers have signed the CLA.

Add parameter disable_dual_scan (default undef) to be able to not allow
update deferral policies to cause scans against Windows Update
when using WSUS server
@brajjan brajjan force-pushed the DisableDualScan branch from 4a59a1f to 5f825f0 Compare May 23, 2024 12:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Ensure that online 'dual scan' is mitigated
3 participants