A few months back, an administrator working an older job reached out to a colleague of mine named Todd Lamothe to ask how they might reduce the bandwidth Windows Update was taking on their network. Todd has been working in the IT field for more than 20 years and he is the principal consultant for Nattrac Consulting Ltd. where he does IT consulting focusing on Windows deployments, Windows Server technology, Azure Cloud and Exchange / Office 365 deployments. The admin who reached out to Todd said his company had about 90 locations connected hub and spoke to the central office all sharing the same Internet connection, and they wanted to reduce the amount of bandwidth being used between the sub-offices and the central location. Both I and Todd knew immediately that the answer to this person’s problem would be Delivery Optimization.
So what exactly is Delivery Optimization? I asked Todd and he replied that “Microsoft defines it as follows: Windows Update Delivery Optimization lets you get Windows updates and Microsoft Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection but can also help you reduce the amount of bandwidth needed to keep all of your organization’s PCs up to date.” I said that sounded rather vague and simple and Todd agreed, saying, “This is oversimplified, but essentially it means your Windows 10 computer will reach out to the Delivery Optimization service located in the cloud and asks for Windows Updates and will get back information about other peers you may download Windows Updates from along with receiving the updates from the Windows Update service.”
Since Todd has had more experience with this particular Windows feature than I myself have, I asked him if he could briefly explain how to set up and configure Delivery Optimization in an Active Directory environment. “You can set the policies using Group Policy or through MDM settings.” Which would be the best approach for the admin who contacted you? “In this case, they are heavily invested in GPO, so we need to use Group Policy to set the settings.” I asked Todd to explain for us how this is done and he responded with the following brief tutorial:
Settings in GPO reside in Computer Configuration under Administrative Templates under Windows Components under Delivery Optimization. The first option that needs to be set is Download mode. We have six options here:
At first glance, one might think LAN would be the best method but, in this case, it is not. Let me explain. In LAN mode, all the machines check in with the cloud and because they all use the same Internet connection, to the service they will all be peers. But in fact, one machine may be in Toronto, another may be in Los Angeles and in fact those two machines cannot speak to one another (basic premise of peer to peer). For my customer, the best option is the setting called Group. Using this mode, Windows 10 1607 and above respects Active Directory Sites and will limit the peers to machines within an AD Site and on the same Domain. Exactly what I need for this customer and their situation.
Now with this configured and GPO applied correctly, let us test out the configuration. On a desktop running Windows 10 1803, I open into updates and check for Windows Updates. There was a few to install so I chose to download and install them and then reboot. I then check the Delivery Optimization stats of my machine using PowerShell and the Get-DeliveryOptimizationPerfSnap cmdlet. Here is a screenshot of what was reported:
We can see in the screenshot that the number of files downloaded was five and files uploaded was 0. Great. Now I fire up my laptop and tell it to update. The machine checks for updates and installs a few. After I check the stats of my desktop PC again, I see the following:
I now see files uploaded at a value of 1, which means my machine uploaded one file to the laptop when it checked for updates.
For more information, a good PowerShell command to use is Get-DeliveryOptimizationStatus | ft.
So that’s the basics of Delivery Optimization!
At this point, I told Todd this all seemed really simple so it must be a no-brainer for Windows admins to implement Delivery Optimization for reducing Windows Update bandwidth and making updating their systems more reliable on networks that have unreliable Internet connections. Todd replied by saying, “Well, as with all things Microsoft, you may want to make a few changes from the default. Here is a screenshot of all the settings that can be applied using GPO.”
I responded by saying that it looked like there are a lot of different policy settings one can fiddle around with and asked Todd which settings might be the best ones to tweak to make Delivery Optimization work best. He responded with some useful tips based on his own personal experience using this feature. “Some of those changes I usually make are:
I ended by telling Todd I was grateful for him covering the basics and some of the customizations around Delivery Optimization, and I asked him where our readers can find out more about this Windows feature if they’re interested in implementing it. He suggested checking out Session BRK3019 from Microsoft Ignite 2018. You can find this and other useful sessions from Ignite 2018 linked in this post on Michael Niehaus’ blog.
Featured image: Shutterstock
RAID is a technique to virtualize independent disks into arrays for improved performance. Should you…
COVID-19 has changed everything, but once it disappears, we will not go back to how…
An Exchange server with a hybrid connection to Microsoft 365 is usually pretty seamless —…
Chatots are primarily thought of as consumer-facing solutions. They bring life to customer interactions by…
The newly uncovered Hakbit ransomware campaign spread via spear-phishing emails may indicate a shift in…
Credential stuffing is yet another weapon being used by cybercriminals. Here’s what credential stuffing is…