I work in a computer service company and we have several clients connected to the internal network and servers, including one WSUS server. Now, we have entered a GPO that forces the client to perform automatic updates from the WSUS server.
The problem is the PC that come into assistance are updated through Windows Update from the internet because they're not part of the domain, and this saturates the band enormously (imagine doing teleservice with 3 pcs that make downloading updates from the internet ....)
Setting each PC manually or changing registry keys is impractical.
I was wondering ... If I redirect on Firewall all traffic from * update.microsoft.com to ipwsus: 8530 might work?
Or is there a way to force them?