1

I help manage the IT infrastructure at our small company. We have about 15 PCs here, most of them running windows 10. We also have a 15Mbps internet link.

Whenever a computer downloads a large windows 10 update (such as the recent anniversary update), it absolutely hammers our internet link and brings it to a crawl. This is not acceptable especially because we rely on multiple cloud based business applications and also use VoIP in our office.

I've done some googling but most solutions talk about sharing windows 10 updates between computers on the LAN (which doesnt seem to be working for us).

Has anyone out there managed to implement a throttle on windows 10 updates at the corporate firewall level?

Thanks, Dan

Daniel Tan
  • 13
  • 2

2 Answers2

4

The canonical solution to this is not to throttle this traffic. Rather, stand up a WSUS server in your network and point your clients to that for updates.

By doing this, you will not only solve your bandwidth problem (each update is only downloaded once, and you can control when this happens) but you will also solve another problem, which is how to control and audit patch levels on your client and server systems.

In regards to throttling traffic, it sounds like it's not only Windows update traffic that needs to be throttled, but all traffic, but that's another question.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • Yesterday decided to try installing the WSUS server and connect my computer, and guess what? Today there was a cumulative update! However my WSUS didnt pick up the update and my computer doesnt see it either... but that might be another question for another post... – Daniel Tan Aug 24 '16 at 01:45
  • Yes, you'll need to use the WSUS tools to approve the update and then it will be made available to your clients. – EEAA Aug 24 '16 at 01:47
  • ARGGG spent all morning grappling with the stupid KB3159706 update! Ahem... anyway... I've run a WSUS sync again and have approved the updates. I can see my computer and WSUS knows it needs 9 updates. But when I run Windows Update on my computer, it says that it is up to date! – Daniel Tan Aug 24 '16 at 04:16
0

You could look into running a web cache/proxy like Squid. There may be alternatives (maybe better), this is just the first I thought of.

It could also help save bandwidth on your connection in general if you had users browsers and other such things using it. The catch is that it needs to be configured properly to work well.

http://wiki.squid-cache.org/SquidFaq/WindowsUpdate

What firewall are you using? Perhaps there are some advanced things that can be done to control traffic. Especially something to allow VOIP traffic to override other traffic (QoS).

Ryan Babchishin
  • 6,260
  • 2
  • 17
  • 37