Hi, this is my issue,  we have remote sites which use a central internal server to run 'Windows Updates', everytime a PC starts to run 'Windows Updates' the network on that remote site gets congested then the phones stop working.  Is there any way to prevent 'Windows Updates' to utilize 100% of the available bandwidth?

I have a policy map configured and www(http) is set on the low priority, but it seems that is not enough... here is what I got.:

class-map match-all HI
 match access-group name hiclassacl
class-map match-all LO
 match access-group name loclassacl

class-map match-all RT
 match access-group name rtclassacl

policy-map AVPNCOS
 class RT
  set ip dscp ef
  priority 600
 class HI
  set ip dscp af31
  bandwidth remaining percent 60
 class LO
  set ip dscp af21
  bandwidth remaining percent 30
 class class-default
  set ip dscp default
  bandwidth remaining percent 10

ip access-list extended hiclassacl
 permit tcp any eq telnet any
 permit icmp any any
 permit tcp any eq lpd any
 permit tcp any eq 5020 any
 permit ip any 0.0.245.0 255.255.0.255
 permit tcp any 10.20.238.0 0.0.0.255
 permit tcp any eq 1100 any
 permit tcp any eq 1105 any
 permit tcp any eq 1106 any
 permit tcp any any eq 2000
 permit tcp any any range 11000 11999
 permit tcp any any eq 2428
 permit tcp any any eq 2427
 permit udp any eq tftp any
 permit tcp any eq ftp any
 permit tcp any 10.20.244.0 0.0.0.255

ip access-list extended loclassacl
 permit tcp any eq www any
 permit tcp any eq 1137 any
 permit tcp any eq 8080 any
 permit tcp any eq 1131 any
 permit tcp any eq 3389 any
 permit tcp any eq smtp any
 permit tcp any eq 143 any

ip access-list extended rtclassacl
 permit udp any any range 16384 32767