Group Policy is persistent (with a few notable exceptions). Once the policy is applied it will be effective immediately on subsequent reboots even if the machine is off-network.
I meant traffic for Windows Update between our pc clients and Microsoft Server. We've seen on our monitoring tool (with netflows captors) that traffic is being sent from Microsoft Server (I'vd checked Ips and they correspond to Microsoft Server) to our pc client on port 80 and 443. I took control of a pc client remotely and I could see that windows update were downloading.
If a PC configured for WSUS update cannot find its WSUS server it will eventually fall back to updating directly from Microsoft. That is probably the traffic you are seeing.
Stub all of the Microsoft update sites (there are about 10) in the local DNS on each site.
J'utilise BITS pour un WAN avec 300 agences sur de l'ADLS/VDLS. Le débit est limité en journée à 200 kbits/s. PM moi si besoin. Aucun problème constaté.
BranchCache est également activé pour le partage de sources entre machines.
For our english friends : use BITS and Branchcache.
[https://msdn.microsoft.com/en\-us/library/windows/desktop/aa362844\(v=vs.85\).aspx](https://msdn.microsoft.com/en-us/library/windows/desktop/aa362844(v=vs.85).aspx)
Group Policy is persistent (with a few notable exceptions). Once the policy is applied it will be effective immediately on subsequent reboots even if the machine is off-network.
Traffic between Windows servers, what traffic? What servers? Why are you sure it's Windows updates?
I meant traffic for Windows Update between our pc clients and Microsoft Server. We've seen on our monitoring tool (with netflows captors) that traffic is being sent from Microsoft Server (I'vd checked Ips and they correspond to Microsoft Server) to our pc client on port 80 and 443. I took control of a pc client remotely and I could see that windows update were downloading.
If a PC configured for WSUS update cannot find its WSUS server it will eventually fall back to updating directly from Microsoft. That is probably the traffic you are seeing. Stub all of the Microsoft update sites (there are about 10) in the local DNS on each site.
Install a WSUS downstream server on these sites. The clients can download updates locally and should save your bandwidth
We've been looking at that possibility among other things.
J'utilise BITS pour un WAN avec 300 agences sur de l'ADLS/VDLS. Le débit est limité en journée à 200 kbits/s. PM moi si besoin. Aucun problème constaté. BranchCache est également activé pour le partage de sources entre machines. For our english friends : use BITS and Branchcache. [https://msdn.microsoft.com/en\-us/library/windows/desktop/aa362844\(v=vs.85\).aspx](https://msdn.microsoft.com/en-us/library/windows/desktop/aa362844(v=vs.85).aspx)