- New Group Policy settings in Windows 11 23H2 - Mon, Nov 20 2023
- Windows Server 2025 will support SMB over QUIC in all editions - Fri, Nov 17 2023
- Switch between Windows Terminal and the legacy console - Thu, Nov 16 2023
Windows 11 follows the same concept as its predecessor when it comes to categorizing updates into products, mainly because the service model has largely remained unchanged. However, up to this point, WSUS for Windows 11 includes only a relatively short list of products. This is partly due to the fact that only two releases of the OS have been published thus far.
Additionally, as of now, there has been no release in the Long-Term Service Channel (LTSC) for Windows 11; the first one is scheduled for 2024. The LTSC variant for Windows 10 is treated as a separate product in WSUS, and it is expected to be the same for Windows 11.
Avoid unnecessary updates
In principle, you could simply subscribe to all products for Windows 11 and approve only those that you actually need. But if you don't know what's in the products, you're merely shifting your decision from subscribing to approving.
In the worst-case scenario, this could lead to increased disk space usage and network traffic due to needlessly downloaded files. Superfluous updates also add to the maintenance workload for WSUS when, for instance, regular cleanup becomes necessary.
Regardless of the products you select, they are provided for all processors supported by Windows 11, including both Intel x86 and ARM. Microsoft does not offer separate updates based on hardware architecture.
Products for Windows 11
One way to limit the number of subscribed products is to look at the editions of Windows 11. Since most companies do not use Windows 11 S (Safe OS), this eliminates two products right away.
In any case, the Windows 11 option is a must if you want updates for this operating system. However, this still leaves four products whose significance may not be immediately self-evident.
Products in WSUS for getting updates for Windows 11
Windows 11 Dynamic Update: When installing a feature upgrade, the setup process searches for updates that optimize the installation of the new release. This category includes updates classified as "critical." In an interactive setup, the system prompts the user to retrieve such updates. When patch management is conducted through WSUS, you have the option of making these updates available through WSUS as well.
The Update Catalog shows that Windows 11 Dynamic Update only includes important updates and no security updates
Windows 11 GDR-DU: The abbreviation stands for General Distribution Release – Dynamic Updates. Unlike Limited Distribution Releases (LDR), GDRs address only issues of general significance, and they are delivered through Windows Update. Windows 11 GDR-DU also includes only critical updates.
Windows 11 Client, version 22H2 and later, Servicing Drivers: These are drivers required during dynamic updates. This product is available for individual releases, currently 22H2. They also assist in preparing Windows 10 for the upgrade.
Windows 11 Client, version 22H2 and later, Upgrade & Servicing Drivers: This product is identical to the one above, with the addition of "Upgrade." It's unclear what this refers to, as Microsoft doesn't provide documentation on it. However, when checking the Update Catalog, it is evident that all updates of this type also include those from "Servicing Drivers."
All updates under Servicing Drivers are also available through Upgrade Servicing Drivers
Language packs and features on demand
When comparing the products for Windows 11 in WSUS with those of its predecessor, it becomes evident that some are missing. These include Language Packs (Windows 10 Language Packs and Windows 10 GDR-DU LP) as well as Feature On Demand (FOD), such as for Remote Server Administration Tools (RSAT), including the variant for dynamic updates (Windows 10 GDR-DU FOD).
Microsoft stopped providing these products via WSUS with Windows 10 1809. As a result, you need to obtain them from alternative sources. Windows Update is a viable option for this purpose, and for FOD, you can also provide an internal network share. Language packs are available in the Microsoft Store.
For these updates to work in a WSUS environment, you must configure a group policy for them. The policy is called Specify settings for optional component installation and component repair and can be found under Computer configuration > Policies > Administrative templates > System.
Specifying alternative sources for FODs and language packs on WSUS clients using GPO
Conclusion
As a rule, it should generally suffice to select the Windows 11 product in WSUS. Dynamic updates are not strictly necessary, even during an in-place upgrade. Those who deploy new versions of Windows 11 through Wipe and Load won't need them anyway, as the latest updates and drivers should already be included in the image.
Subscribe to 4sysops newsletter!
Features on Demand and Language Packs can now be installed by standard users themselves. To ensure that the required files are accessible in a WSUS environment, configuring the designated group policy is recommended.
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
I use a ps script to check for updates against mixeosoft online, without applying the updates. I then put a count of those updates into the registry and a log of the specific updates in the mecm client log folder.
I placed that script into a compliance baseline. Then i check any machine with missing updates monthly. If the updates are not in my wsus/mecm console, i will find the products and enable them for deployment.