While I agree that Microsoft may be a bit misguided in how it has implemented privacy settings in Windows 10 thus far, we can discuss Windows Update Delivery Optimization intelligently, reasonably, and without fearmongering.
What Windows Update Delivery Optimization is
Windows Update Delivery Optimization, also affectionately called WUDO, is one component in a larger feature set known as Windows Update for Business. Contrary to popular belief, Windows Update for Business is not a product as such, and it will not replace Windows Server Update Services (WSUS) or System Center Configuration Manager as your operating system updating solution.
As of this writing in October 2015, WUDO and deferred updates are the only Windows Update for Business features that are surfaced in Windows 10. We’re expecting additional features and functionality in November’s “Threshold 2” update—we’ll have to wait and see on that.
Specifically, WUDO allows businesses to save Internet bandwidth by using a peer-to-peer model for delivering Windows updates. The idea is that one Windows 10 box actually downloads the updates, either directly from Microsoft or from a local WSUS server, and then serves the bits with other Windows 10 clients on the same network.
In some ways, WUDO is similar to the BranchCache Distributed Cache Mode we already have in Windows Server and Windows Client OSs.
The first common complaint with WUDO is that the feature is enabled by default in all editions of Windows 10. Depending on the Windows 10 edition, WUDO functions in one of two modes:
- Windows 10 Enterprise and Education Editions: WUDO works only with Windows 10 computers on the local network.
- All other Editions: WUDO sends and receives Windows updates both from local LAN hosts and from Windows 10 hosts all over the public Internet.
Ouch! I agree that opening up my private Windows 10 machines to receive Windows updates from random Internet hosts disturbs me a bit. Microsoft explains in its literature that cached updates are encrypted, verified, and authenticated to ensure that only original, non-tampered bits make their way from a stranger’s PC to yours. Nevertheless, you probably want to learn how to override the defaults.
Meanwhile, the second popular WUDO criticism is that computers with metered Internet connections may consume more bandwidth than the owner expected due to the background participation in WUDO peer-to-peer updates. Again, Microsoft presents us with a (partial) fix to the problem, which I’ll get to in a moment.
Taking control of WUDO
Don’t worry about clicking through numerous Control Panel screens to find the appropriate option. Instead, click in Windows 10’s universal search box, type windows update advanced, and press ENTER as shown below.
Don’t bother clicking through dialog boxes. Ain’t nobody got time for that.
On the Advanced Options window, click Choose how updates are delivered. As is shown in my combined screen capture in the screenshot below, you have three choices:
- Globally enable or disable WUDO.
- Constrain WUDO to work with peers only on your LAN.
- Allow WUDO to work with any peer, anywhere.
Configure WUDO to work the way that YOU want it to.
Specifying metered connections
Now, let’s the address the issue of conserving potentially expensive Internet bandwidth. For example, your laptop may use a carrier mobile Internet card, and you’re charged exorbitant usage fees if you exceed your monthly bandwidth quota.
The good news is that we can set Wi-Fi connections as metered, which (according to Microsoft) effectively disables WUDO on that network interface.
Return to the Search box, type wifi, and press ENTER. Select your WLAN in the Network & Internet dialog box and click Advanced options. As shown below, move the Set as metered connection slider to match your preference.
Setting a metered Wi-Fi connection
I’ve done quite a bit of research on this subject, and as of this writing Microsoft hasn’t said anything at all whether it will allow wired Ethernet connections to be marked as metered.
Controlling WUDO through Group Policy
Fortunately, we can use Group Policy to control Windows Update Delivery Optimization in Windows 10. First, download the Windows 10 GPO administrative templates. Second, install the templates on the SYSVOL central store on one of your domain controllers.
For instance, on my Windows Server 2012 R2 domain controller, I copied the two WUDO-related administrative template resources:
- DeliveryOptimization.admx from C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions
- DeliveryOptimization.adml from C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions\en-US
to my SYSVOL Central Store in the path \\dc1\SYSVOL\company.pri\Policies\PolicyDefinitions.
Note: Make sure to copy the .adml resource file along with its enclosing en-US folder. Your PolicyDefinitions folder should look like the one in the screenshot below.
The WUDO Group Policy template in the AD Central Store
I’m sure that Windows Server 2016 will have the Windows 10 templates already “baked into” the Group Policy Editor. Anyway, open your handy dandy Group Policy Management Console (GPMC) and load up the DeliveryOptimization.admx administrative template by browsing to where the actual policies are stored:
Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization
The key Group Policy setting here is Download Mode.
Controlling WUDO centrally through Group Policy
Controlling WUDO through the Windows Registry
Recall that both Control Panel and Group Policy do the same thing—namely, they adjust Registry values on client devices.
To that point, you can use Windows PowerShell or your other favorite administrative scripting language to set WUDO properties by interacting with the Registry directly.
Here’s the key we’re interested in:
We need to modify the REG_DWORD value DODownloadMode; here are the legal values:
- 0 = Disable WUDO
- 1 = Enable WUDO (local peers only)
- 2 = Enable WUDO (any peer, anywhere)
I hope that this piece helps us tone down the hysteria and become better Windows 10 (and, ultimately, Windows Server 2016) administrators.