GPO: Block Dual Scan

less than 1 minute read

Description:

So many admins seem to be confused on how to block “Dual Scan Mode” in their environment. These settings stop WSUS clients from reaching out to the internet to get updates if the WSUS server doesn’t push them. These seem to be the settings you need to set to disable Dual Scan Mode.

To Resolve:

  1. Set the following:
    • Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update = all settings to Not Enabled except “Do not connect to any Windows Update Internet locations” to Enabled
    • Administrative Templates\System\Internet Communication Management\Internet Communication\ = Turn off access to all windows update features to Enabled

Reference:

“Demystifying Dual Scan”

-----------------------------------------------------------
Spotted a mistake in this article? Why not suggest an edit!
Did you like the article? Donations are always welcome!
-----------------------------------------------------------

Comments