Undo Approval Rule Action


  • Hi,

    I was trying to sort out automatic approval for Windows 7 and Office patches on an SBS 2011 server using the inbuilt WSUS. When I did this though, obviously I didn't think the rule through well enough as obviously it approved everything, which seems to be around 2000 patches and counting and 40GB of patches to download.

    Can I reverse this change and all the approvals? They don't have a huge download quota for them to be downloading 40+GB of patches, and they don't have the drive space either. Most of these patches are obviously not required. Can I roll back to a previous copy of the database before this rule was run and a giant amount of updates approved? I can pull the files from a backup, but it is not a SQL backup, just through the hourly ShadowProtect image backups.

    At the moment, to stop the downloads the WSUSservice is stopped and disabled.

    This is a production server, so cannot roll back anything too quickly or easily, but the database restore should be OK.

    Thursday, November 21, 2013 11:11 PM


  • Hi,

    What did you choose when apply the Windows SBS 2011 Standard configuration settings for software updates, did you verify that Store update files locally on this server and Download update files to this server only when updates are approved are selected.

    We may refer to the below link for more details:

    If you don't want those updates, we may delete them from WSUS database.

    Hope this helps.

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Regards, Yan Li

    Monday, November 25, 2013 8:29 AM
  • So can I stop the huge download if I go through and make another rule that sets them to Not Approved?

    That's the start of the process, but not enough. After removing the approvals you'll need to terminate the download queue requests in the BITS Download Queue using PowerShell. Furthermore, because the PowerShell snap-in only allows access to the current context (and the jobs are created in the SYSTEM context), you'll need to script, and execute via Task Scheduler in the SYSTEM context, in order to terminate the jobs in the queue.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: R Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Sunday, December 01, 2013 9:03 PM

All replies