locked
How to disable Windows Update when things go wrong RRS feed

  • Question

  • I've just finished setting up our new WSUS infrastructure, I've scheduled a couple of our sites to install updates each night so if we get a bad update it doesn't take down all of our clients. We had this problem back in October, Microsoft acknowledged it here https://support.microsoft.com/en-sg/help/4049094/windows-devices-may-fail-to-boot-after-installing-october-10-version-o

    My thinking is, if this morning clients at the sites that installed updates last night have problems, I can disable the update installation that's scheduled to happen at the next site tonight.  My problem is how to do this, what's the best way to abort the install of the problematic update, or even all updates, until we can determine the cause?  I currently have all critical and security updates being auto approved and I'm not interested in testing every update myself, Microsoft should be doing that.

    My WSUS is running on Server 2012 R2 and my clients are all Windows 10 1607 at the moment

    Wednesday, February 7, 2018 3:27 PM

All replies

  • Emergency cut off can be done by shuting down WSUS service on server.

    If you want just to revoke or hold latest updates make view to show them and sort by approval date. Then you can fast identify those approved Last.


    Best Regards,
    Łukasz Antoniak


    Please do take a moment to "Vote as Helpful" and/or "Mark as Answer", wherever applicable. Thanks!

    Wednesday, February 7, 2018 9:00 PM
  • Thanks for the reply Lukasz. I have to ask though, have you ever stopped the WSUS Service service  like this?

    I ask because back in October when KB4049094 caused some of our clients to boot to System Restore I shut down our WSUS server to limit exposure and then some clients, which I believe were in the middle of installing updates, locked up and we had to hard down them.  I'm assuming here that shutting down the server and shutting down the WSUS Service service would bring the same results.

    Wednesday, February 7, 2018 10:10 PM
  • Yes. But If you shutdown server your are totaly cut off and can’t do anything on it.

    Had simillar case with updates. We decided to turn off service on WSUS server and its replication to stop spreding bad updates. It was fastest and most realible way.

    I didn’t have any problems with workstations. Exept those from bad updates.

    Revoking updates will bring same effect but you need to know what to revoke.


    Best Regards,
    Łukasz Antoniak


    Please do take a moment to "Vote as Helpful" and/or "Mark as Answer", wherever applicable. Thanks!

    Wednesday, February 7, 2018 10:27 PM
  • Thanks for the reply Lukasz. I have to ask though, have you ever stopped the WSUS Service service  like this?

    I ask because back in October when KB4049094 caused some of our clients to boot to System Restore I shut down our WSUS server to limit exposure and then some clients, which I believe were in the middle of installing updates, locked up and we had to hard down them.  I'm assuming here that shutting down the server and shutting down the WSUS Service service would bring the same results.

    Hi,

    Actually , this depends on the setting of client .

    I mean , I'm afraid you need to do something on clients  if these clients have downloaded that updates .

    I assume these clients was managed by GPO .

    You may check the GPO  "configure automatic updates" to see "automatic automatic updating " and "schedule install time" setting .

    If you use "auto download" , I'd suggest you check if these updates was downloaded at client side .

    If update was downloaded , you may manually remove them .

    If update was not downloaded , you may decline updates in WSUS console .

    Hope it is useful to you .

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 8, 2018 2:22 AM
  • Simply Disable WSUS Service and Windows Update Service on Clients.
    Thursday, February 8, 2018 4:36 AM