WSUS – Throttle Bandwidth Utilisation

Just had an issue today where I approved WSUS updates for maintenance and came to the realisation that as soon as you approve new updates WSUS automatically begins to download them. Here I am trying to isolate why the browsing internet, reviewed the gateway, noted download traffic was massive from the WSUS server, logged on and noticed…. akamai.

WSUS - Akamai

 

Yep, I didn’t even realise (noob I know) but I’ve found a way to manage the downloads by WSUS (and other Microsoft services that are chucking a sneaky). BITS is a sneaky little service that most people may not even realise is affecting the performance of their internet use. Here’s an acrostic poem I prepared earlier:

Background
Intelligent
Transfer
Service

All we need to do is throttle the amount of bandwidth the service uses during a certain time frame.

  1. Open Group Policy Management
  2. Browse to Computer Configuration > Policies > Administrative Templates > Network > Background Intelligent Transfer Serice
  3. Double click Limit the maximum network bandwidth for BITS background transfers
    WSUS - BITS GPO
  4. Enable the settings and configure as per your requirements
    WSUS - BITS GPO Details
  5. Hit OK, associate the GPO to your WSUS server.
  6. If you want it to take effect immediately, logon to the WSUS server and run a gpupdate /force
  7. You’ll notice the bandwidth utilisation drop within seconds.

 

TL;DR: Configure GPO to throttle BITS utilisation and force update on WSUS server.

 

 

 

 

Force all VPN traffic out the remote gateway

Have you ever needed to connect to a remote site and tried a whatsmyip, and realised that “Hey my IP is still the same. All the internetz sites will know where I’m browsing from”. A bit of an extreme scenario but by default Windows VPN does not force ALL your VPN traffic out the remote gateway. Instead it will pass traffic not required in the remote network through your own gateway, for example, web traffic. So how do you force all VPN traffic out the remote gateway? Here’s how you can do it on a Windows 7/8 machine (very similar to XP so don’t stress)

  1. Open up Network and Sharing Center.
  2. Click on Change adapter settings.
  3. Locate the VPN adapter that you’ve configured previously. Right click and select Properties.
  4. Here comes the good stuff… When the properties Window appears, go to the “Networking” tab.
    VPN_Networking
  5. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties
  6. Click on the Advanced button
    VPN_Advanced
  7. In the IP Settings Tab, select the check box next to Use default gateway on remote network.
    VPN_Gateway
  8. If you are using an IPv6 IP scheme then make sure you make the changes for the IPv6 protocol from Step 5.
  9. Click OK, OK and OK!
  10. Try a whatsmyip again and voila your IP will now be that of the remote network. Note: you may need to disconnect the VPN and reconnect for the changes to take effect

Great work 🙂