locked
need a command to hide an update on client machine RRS feed

  • Question

  • Hi,

    I am deploying a new image of Windows 7 Enterprize.

    When worked on reference computer and fully updated OS and Office from MS, one update failed.

    It was KB Internet Explorer 11. Was no way to fix it and I found articles about the existing issue.

    So to finalaize I installed IE11 from MS package manually. The problem: when running Windows Update it doesn`t see IE installed and pushes as KB that fails.

    I captured the image and when deploy, it connects to WSUS on which I have IE11 KB. So it always fails, even IE11 is installed and receives all patches.

    I need to have this KB enabled since it allows me to find old IE11 deployments that failed and I can keep a track of failed installations.

    The question:

    is there a command for hiding a particular update?

    Thanks.


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Friday, January 5, 2018 1:33 PM

Answers

  • Hi,

    >>I captured the image and when deploy, it connects to WSUS on which I have IE11 KB. So it always fails, even IE11 is installed and receives all patches.

    I'd suggest you configure it on WSUS server side , such as  , put that win7 computer into "sub computer group" which doesn't approved IE11 KB (but other updates can be inherited ) .

    I mean this configuration :

    If you want to use command to hide a update on client side , the client needs to see the update , it means that command (hide update) should be executed after the client discovered that update .

    As for the VB script to hide update please check this thread:

    https://social.technet.microsoft.com/Forums/systemcenter/en-US/97522a1a-712a-466d-b45c-7140183f3ab9/hide-certain-windows-update-via-cmd-or-group-policy?forum=winserverGP

    Hope it is helpful to you .

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by pob579 Wednesday, January 24, 2018 12:24 PM
    Monday, January 8, 2018 3:10 AM

All replies

  • Hi,

    >>I captured the image and when deploy, it connects to WSUS on which I have IE11 KB. So it always fails, even IE11 is installed and receives all patches.

    I'd suggest you configure it on WSUS server side , such as  , put that win7 computer into "sub computer group" which doesn't approved IE11 KB (but other updates can be inherited ) .

    I mean this configuration :

    If you want to use command to hide a update on client side , the client needs to see the update , it means that command (hide update) should be executed after the client discovered that update .

    As for the VB script to hide update please check this thread:

    https://social.technet.microsoft.com/Forums/systemcenter/en-US/97522a1a-712a-466d-b45c-7140183f3ab9/hide-certain-windows-update-via-cmd-or-group-policy?forum=winserverGP

    Hope it is helpful to you .

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by pob579 Wednesday, January 24, 2018 12:24 PM
    Monday, January 8, 2018 3:10 AM
  • Elton,

    I have the structure similar to what you show.

    During deployment of IE11 back to 2016 (I know was late but decision for complete switch to IE11 was just by 2016) I created 12 groups and dropped by 50 computers to see the status - always were few machines that required manual installation/fix...

    Later I applied IE11 KB to Unassigned comps.

    So now during image deployment at Windows update phase even with IE11 installed, the approved KB always fails. It mess up  image deployment - takes 6 restarts for trying to apply IE11 and then gives up, terminates deployment with 6 errors...

    Why WSUS don't see that IE11 is install is a question.

    To resolve the situation I just unapproved IE11 KB on Unassigned group. That is it.

    But then if the computer will go to the network where this KB approved it will always will try to deploy it.

    I will just forget this for now .... too many more important things :) Melt and Spec on horizon :).

    Thanks.


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Saturday, January 13, 2018 1:06 PM