Uninstall specific Windows Updates via Group Policy

If the server does not have WSUS installed & setup, there is he option to blacklist specific KBs via group policy by script.

1. Gather the specific KB of the update you seek to blacklist.

2. Create a batch file:

@echo off

wusa.exe /uninstall /kb:(KB number) /quiet /norestart

exit

3. Place it on a company share. Grant full access to domain users

4. Gather a test computer with the update installed. Create a test OU and place the computer in the test OU.

5. Open Group Policy, create a GPO, link to the test OU.

6. Edit the GPO in: Computer Configuration\Policies\Windows Settings\Scripts\. Add the batch file via the share in both startup and shutdown. No parameters needed.

7. Test by rebooting the test PC in the test OU. If it successfully uninstalls after the PC returns online, link the GPO to the PCs needed or global OU where the PCs are located.

Can't find what you're looking for?

Uninstall specific Windows Updates via Group Policy

Was this article helpful?

Can't find what you're looking for?

Uninstall specific Windows Updates via Group Policy

Was this article helpful?

Related Questions