dsccommunity
xWindowsUpdateAgent: Category description is not accurate
This is from a review comment in PR #31 by @TravisEz13.
This is a comment of the description of the Category parameter for the resource xWindowsUpdateAgent in the README.md.
The description is not accurate. Please update the description. Please include the impact on Optional and Important updates.
It would be nice if this module could abstract away these categories altogether. These categories are confusing to begin with. As the system admin you're wondering if you are missing something by only patching for Security, Important, etc.
When I run 'yum update' on Redhat, I know it's updating all the existing software on my machine. One command, one thing to know.
It would be nice if as we move into the future with powershell and replace these older windows xp era binaries that would could boil all of this windows update mess into one powershell command.
Not sure we can remove that today. I think there are organizations that only install security updates on a regular basis and leaves out the other categories to be installed on other times.
even in yum, there is a yum upgrade --security for users that only want security updates. The initial request for this resource was ONLY to install security updates. I added the categories to allow people to install all updates. So, I know there are users that only want security updates.
I added the Optional in with Security,Important in conjunction with MicrosoftUpdate and it installed a lot of the updates I was missing.
When comparing against the PSWindowsUpdate module and the command 'get-windowsupdate -microsoftupdate' it was returning more updates being available.
So I think I was assuming more of the updates were going to be in the Important category, but actually there are a lot in the Optional category.
A lot of updates of small updates are considered optional. wuapp UI available in OS prior to Windows 10 shows the categories quite clearly. My understanding is that these updates are considered optional because, whoever created the updated, expected the update to affect a small number of users or there is some behavior change that should be considered before updating.
Enabling recommended updates moves some of these updates that don't have behavior changes from optional to important. Or to saying it another way, optional updates that the author of the updates recommends you install like important updates. So, saying you want recommended updates and not saying you want important updates would have no effect.
Here is a state table of the categories and the recommended setting and the results. Note, one state is theoretical, I'm not sure what would happen and I put the comment I've never seen one in the description. Also, I'm doing this from memory and I don't claim my memory to be perfect. This table should be enough for someone to write the documentation that this issue asks:
| security | important | optional | recommended | description |
|---|---|---|---|---|
| enabled | disabled | disabled | disabled | only security updates |
| enabled | enabled | disabled | disabled | security and important updates |
| enabled | enabled | enabled | disabled | all updates |
| enabled | enabled | enabled | enabled | all updates (same as above) |
| enabled | enabled | disabled | enabled | security, important and recommended optional updates |
| enabled | disabled | disabled | enabled | security, recommended optional security (I've never seen one) updates |
| disabled | disabled | disabled | enabled | no updates |
| disabled | enable | disabled | enabled | important and recommended optional updates |
| disabled | enable | disabled | disabled | important updates |
| disabled | disable | enabled | disabled | optional updates |
| disabled | disable | enabled | enabled | optional updates (same as above) |