You can use Windows Update Delivery Optimization (WUDO) in Windows 10 to more efficiently distribute Windows updates (received through Windows Update or WSUS) and Configuration Manager packages in a corporate network with multiple sites/branches. Thanks to the use of Delivery Optimization, you can significantly reduce traffic and channel load in your branch offices when deploying updates/packages.
In this article, we’ll look at how to configure Delivery Optimization in Windows 10 and 11 to optimize Windows Update, WSUS, and SCCM traffic on an enterprise LAN.
In modern Windows 11/10 builds, Delivery Optimization supports Windows updates and MS Store apps, as well as Microsoft Office updates (common ones, C2R, or MSIX) and SCCM packages.
How to Enable Delivery Optimization in Windows 10 or 11?
Delivery Optimization is enabled in all Windows 10 (build 1511 and newer) and Windows 11 versions. By default, it is allowed to get files from the computers in the current local network (LAN) only.
Delivery Optimization settings are available under Settings -> Windows Update -> Advanced Options -> Delivery Optimization.
As you can see, only two options are available:
- Allow downloads from other PCs – enables or disables Delivery Optimization
- Allow downloads from: device on my local network/device on the Internet and my local network – allows you to specify whether it is allowed to receive files from other devices on the Internet or only from devices on the local network.
The Delivery Optimization service (DoSvc
) is used for delivery optimization features on the client side. By default, the service is enabled and configured to start automatically:
Get-Service dosvc|Select-Object -Property Name,Status,StartType
Configuring Delivery Optimization via GPO
Advanced Delivery Optimization settings are located under the Computer Configuration -> Administrative Templates -> Windows Components -> Delivery Optimization section of Group Policy Editor.
To force Delivery Optimization on Windows clients, the Download Mode policy is used. The most commonly used values are:
- LAN (1) – HTTP Peering behind the same NAT — is recommended if all your computers are on the same LAN;
- Group (2) — HTTP blended with peering across a private group — is used in large networks that consist of multiple segments connected by WAN links. Domains and AD sites may be used as network boundaries
You can use the GroupID policy option to create update delivery groups in your network. For example, using GPO you can assign a unique GUID to computers in each OU. Computers with the same GUID will get updates only from computers with this GUID (i.e., in the same LAN without loading channels between sites). To generate a unique GUID, use the PowerShell command :
[guid]::NewGuid()
Or you can bind the WUDO group to Active Directory sites using Select the source of group IDs = AD Site policy.
A Windows device is working as a Delivery Optimization network peer if it has at least 4GB RAM and 32 GB of free space on the disk. You can change these settings via GPO:
- Minimum disk size allowed to use Peer Caching (in GB)
- Minimum RAM Capacity (inclusive) required to enable of Peer Caching (in GB)
By default, Delivery Optimization is not working on devices connected to your network over VPN. To allow VPN clients to get updates using Delivery Optimization, check the option Enable peer caching while the device is connected over a VPN.
Using Delivery Optimization to Optimize WSUS Traffic
Delivery Optimization is automatically supported for updates on a WSUS server. Create a regular GPO to get updates from your WSUS and assign it to your clients.
After scanning WSUS for updates, a client tries to find an update file in the cache of the clients in your LAN. To do it, it accesses the cloud WUDO service (over HTTP/HTTPS) and asks if there is a file with a certain hash on computers on the same LAN.
If the file is found, the client contacts the Delivery Optimization service on the neighboring computer (Port 7680) and starts downloading the file using BITS.
Test-NetConnection -ComputerName 192.168.100.15 -Port 7680
How to Use Delivery Optimization in Configuration Manager (SCCM)?
ConfigMgr 1910 and later supports Delivery Optimization to distribute updates and packages in the network.
Like BranchCache, Delivery Optimization is based on group boundaries. Enable the Allow peer downloads in this boundary group option in the settings of the group boundaries.
Enable two options in the settings of the Configuration Manager clients:
- In the Delivery Optimization section, enable Use Configuration Manager boundary Groups for Delivery optimization for group ID
- In the Software Update section, enable Allow Clients to download delta content when available
If Delivery Optimization is enabled and peers with the relevant content are found within the boundaries, Windows will download all file types from the peers regardless of a ConfigMgr client.
Optimization Delivery Statistics in Windows
You can get statistics about receiving files and updates through Delivery Optimization with Activity Monitor (Settings -> Update & Security -> Delivery Optimization). Here you can see how much traffic your computer received from different Delivery Optimization sources and who it shared files with.
To view DeliveryOptimization statistics, you can also use PowerShell.
Here is the command to get general Delivery Optimization statistics (how many files were downloaded or uploaded, their size, peer effectiveness):
Get-DeliveryOptimizationPerfSnap
Show the detailed information on the current Delivery Optimization tasks:
Get-DeliveryOptimizationStatus | ft
The cmdlet displays information about all files received by the computer. You can see file sizes, the percentage of a file got using DO (PercentPeerCaching), etc.
Using the command below, you can get information about the connected peers:
Get-DeliveryOptimizationStatus –PeerInfo
You can view Delivery Optimizations statistics on your device for the last month:
Get-DeliveryOptimizationPerfSnapThisMonth
Delivery Optimization is the most effective in companies with multiple branches connected to the central WSUS/SCCM infrastructure using WAN links. Also, Delivery Optimization allows to stop using WSUS replicas or SCCM distribution points (DPs) in remote offices.
2 comments
Could I use delivery optimization for updating a pc in a branch that are isolated from internet? I have some pc with internet connection that can download the updates from microsoft catalog (I haven’t wsus), I would like to use these pc as peer for the others without internet.
Delivery Optimization can not be applied to the disconnected environments. Each computer must have access to the Microsoft Delivery Optimization cloud service for coordination.
Access to the Delivery Optimization cloud services and the Internet, are both requirements for using the peer-to-peer functionality of Delivery Optimization.
https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization