- Install Ansible on Windows - Thu, Jul 20 2023
- Use Azure Bastion as a jump host for RDP and SSH - Tue, Apr 18 2023
- Azure Virtual Desktop: Getting started - Fri, Apr 14 2023
While I agree that Microsoft may be a bit misguided in how it has implemented privacy settings in Windows 10 thus far, we can discuss Windows Update Delivery Optimization intelligently, reasonably, and without fearmongering.
What Windows Update Delivery Optimization is
Windows Update Delivery Optimization, also affectionately called WUDO, is one component in a larger feature set known as Windows Update for Business. Contrary to popular belief, Windows Update for Business is not a product as such, and it will not replace Windows Server Update Services (WSUS) or System Center Configuration Manager as your operating system updating solution.
As of this writing in October 2015, WUDO and deferred updates are the only Windows Update for Business features that are surfaced in Windows 10. We’re expecting additional features and functionality in November’s “Threshold 2” update—we’ll have to wait and see on that.
Specifically, WUDO allows businesses to save Internet bandwidth by using a peer-to-peer model for delivering Windows updates. The idea is that one Windows 10 box actually downloads the updates, either directly from Microsoft or from a local WSUS server, and then serves the bits with other Windows 10 clients on the same network.
In some ways, WUDO is similar to the BranchCache Distributed Cache Mode we already have in Windows Server and Windows Client OSs.
Potential problems
The first common complaint with WUDO is that the feature is enabled by default in all editions of Windows 10. Depending on the Windows 10 edition, WUDO functions in one of two modes:
- Windows 10 Enterprise and Education Editions: WUDO works only with Windows 10 computers on the local network.
- All other Editions: WUDO sends and receives Windows updates both from local LAN hosts and from Windows 10 hosts all over the public Internet.
Ouch! I agree that opening up my private Windows 10 machines to receive Windows updates from random Internet hosts disturbs me a bit. Microsoft explains in its literature that cached updates are encrypted, verified, and authenticated to ensure that only original, non-tampered bits make their way from a stranger’s PC to yours. Nevertheless, you probably want to learn how to override the defaults.
Meanwhile, the second popular WUDO criticism is that computers with metered Internet connections may consume more bandwidth than the owner expected due to the background participation in WUDO peer-to-peer updates. Again, Microsoft presents us with a (partial) fix to the problem, which I’ll get to in a moment.
Taking control of WUDO
Don’t worry about clicking through numerous Control Panel screens to find the appropriate option. Instead, click in Windows 10’s universal search box, type windows update advanced, and press ENTER as shown below.
Don’t bother clicking through dialog boxes. Ain’t nobody got time for that.
On the Advanced Options window, click Choose how updates are delivered. As is shown in my combined screen capture in the screenshot below, you have three choices:
- Globally enable or disable WUDO.
- Constrain WUDO to work with peers only on your LAN.
- Allow WUDO to work with any peer, anywhere.
Configure WUDO to work the way that YOU want it to.
Specifying metered connections
Now, let’s the address the issue of conserving potentially expensive Internet bandwidth. For example, your laptop may use a carrier mobile Internet card, and you’re charged exorbitant usage fees if you exceed your monthly bandwidth quota.
The good news is that we can set Wi-Fi connections as metered, which (according to Microsoft) effectively disables WUDO on that network interface.
Return to the Search box, type wifi, and press ENTER. Select your WLAN in the Network & Internet dialog box and click Advanced options. As shown below, move the Set as metered connection slider to match your preference.
Setting a metered Wi-Fi connection
I’ve done quite a bit of research on this subject, and as of this writing Microsoft hasn’t said anything at all whether it will allow wired Ethernet connections to be marked as metered.
Controlling WUDO through Group Policy
Fortunately, we can use Group Policy to control Windows Update Delivery Optimization in Windows 10. First, download the Windows 10 GPO administrative templates. Second, install the templates on the SYSVOL central store on one of your domain controllers.
For instance, on my Windows Server 2012 R2 domain controller, I copied the two WUDO-related administrative template resources:
- DeliveryOptimization.admx from C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions
- DeliveryOptimization.adml from C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions\en-US
to my SYSVOL Central Store in the path \\dc1\SYSVOL\company.pri\Policies\PolicyDefinitions.
Note: Make sure to copy the .adml resource file along with its enclosing en-US folder. Your PolicyDefinitions folder should look like the one in the screenshot below.
The WUDO Group Policy template in the AD Central Store
I’m sure that Windows Server 2016 will have the Windows 10 templates already “baked into” the Group Policy Editor. Anyway, open your handy dandy Group Policy Management Console (GPMC) and load up the DeliveryOptimization.admx administrative template by browsing to where the actual policies are stored:
Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization
The key Group Policy setting here is Download Mode.
Controlling WUDO centrally through Group Policy
Controlling WUDO through the Windows Registry
Recall that both Control Panel and Group Policy do the same thing—namely, they adjust Registry values on client devices.
To that point, you can use Windows PowerShell or your other favorite administrative scripting language to set WUDO properties by interacting with the Registry directly.
Here’s the key we’re interested in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config
We need to modify the REG_DWORD value DODownloadMode; here are the legal values:
- 0 = Disable WUDO
- 1 = Enable WUDO (local peers only)
- 2 = Enable WUDO (any peer, anywhere)
I hope that this piece helps us tone down the hysteria and become better Windows 10 (and, ultimately, Windows Server 2016) administrators.
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
Incase its of interest to anyone I was certain that the LAN updates would be quite helpful
With this enabled on PRO by default in a Corporate environment ,
a new deployment of 2 new dozen computers on the same VLAN across different switches resulted in
a dozen computers on the same VLAN all downloading the updates from microsoft.com one at a time pulling 16GB each locking up the 20Mb internet for 2 days. yes it is proven by a Proxy
However what really was the result beyond that was surprising.
The computers 2 dozen had SSD cable of speeds in excess 300MB a second. Internet became saturated by downloads for hours.
further result the entire LAN infrastructure even 10Gb uplinks (was saturated by 12 computers each delivering theorically 125MB a second to the remaining dozen across different switches.)
As result the entire LAN was hanging and dropping out to local databases and file servers
Even the VLAN restriction feature of Enterprise edition will be a problem for more that half a dozen brand new installed computers needing updates
Recommendation only enable if all computers on high same throughput switch
or you enable limiting per VLAN and each VLAN is limited to one switch
or you have real slow computers
Exactly correct. WUDO has been broken since rollout and STILL is. Regardless of how you have it configured, via system settings or the registry, it will ALWAYS download from offsite Windows update servers.
Worse than that, somehow whatever it is doing to update itself destroys gateway connections. Even 100mb+ bandwidth speeds will start showing packetloss and eventually report offline (even if you are technically still connected).
This is beyond a nuisance and is a crippling issue for corporate and SMB implementation.
The fact Microsoft hasn’t addressed or fixed this is entirely unsurprising considering their atrocious behavior during Win10’s rollout, but the fact it’s a largely unreported issue outside of sysadmin and IT circles is frankly amazing imho.
hopefully the will offer a throttle option soon
Thanks, finally an article that contains some actual information instead of all the fear-mongering. Once managed, I feel this is a very useful feature that can make a local WSUS server mostly obsolete for small businesses.
Trying to update this, looks like the registry key listed here in wrong. See:
https://techjourney.net/enable-or-disable-peer-to-peer-p2p-apps-updates-download-from-more-than-one-place-in-windows-10/
Thank you for the correction, David. Post is updated! -Tim
I cannot seem to get this feature to work, I have two identical laptops, with one already updated over the internet completely.
I want the second laptop updated as well but it keeps on using the internet as its source and doesnt even touch the other laptop.
I have a router which is connected to the internet.
Both laptops connect to the router using wireless.
Both have different Computer Names and both are joined together in the same home group.
Delivery optimization is enabled for local network computers only.
I am viewing the wireless performance in task manager on the computer which already has the updates and then I press update on the laptop which doesn’t have the updates.
The laptop without the updates starts to download from the internet and nothing really happens with the other laptop, a very little bit of kb being moves now and then but hardly anything that could be assumed as updates being sent over the local network.
I wish this function worked.
Can you perhaps confirm if this feature is really working.
and where I might be going wrong?
This feature is not working as it should. I am managing Windows 10 WUDO settings through GPO (using central store with latest Templates). I have disabled sharing updates with Internet PCs (this definitely makes a difference in my upload bandwidth) However, When 2 Windows 10 devices are active, more than 100% of my download bandwidth is consumed (we have 100MB fiber). This is unacceptable obviously. The gateway is detecting the WUDO traffic as ‘Internet Download manager’, ie it’s using an HTTP range to get the updates; and also PKZIP of all things. It seems to be opening about a hundred connections or more per machine. I have had to restrict it to only 25% Max bandwidth although they still try and pull more (the packets over this are dropped). As a result, updates are slow but at least they work. I really hope they fix this in the next update by allowing me to throttle the update speed/number of simultaneous connections. 4 connections is more than enough for a IDM application.
Someone found some sort of logfile to be aware of what are these files that are being downloaded?
3 new computers deployed and Customer 10Mbps link is flooded by WUDO.
Are There Performance Counter Object about WUDO ?
Regards,
Yoshihiro Kawabata
Hey ! First of all million THANKS for the great article and also thanks to the people commented here for their valuable idea/knowledge/experiance. My favourite internet connection monitoring software is Networx from Softperfect, I was using this software from past atleast 5 years. It shows every single bit of both Up & Down link in realtime.
Now coming to the present topic, Regardless of how we set the options carefully in Windows settings and GPEDIT.MSC , I am seeing that Windows update does not follow the options I have set using either method and try stick with Windows beloved/preferred setting. Its very disappointing/frustrating. I am using mobile network with METRED CONNECTION ON but Windows update not respecting metered connection. This is very aggressive move of microsoft and intolerable. Sometimes I use VPN which creates Soft Ethernet on my PC over my mobile network at that time Windows update activate itself in uncontrolled manner. Is this ease or burden?? Using consumer time/effort/money/bandwidth just to keep Windows updated even end user dont want it all, Is this fair?? In my openion its “DISGUSTING”.
On top of that it also constantly adding bloatwares like facebook app and other unnecessary app in my computer without asking me.