Implement function to remove Windows Updates from clients with Software Update Point
With a standalone WSUS-Server deployed Windows Updates can be uninstalled/removed from clients. With SCCM SUP this is not possible,
Implement a function to remove installed Windows Updates from clients.
Chris Ecklar commented
With all the Microsoft Update issues over the past year or so it would be useful to have the built-in ability to push an uninstall of a KB from the SCCM console.
WSUS services already have this ability by declining an update and approving it for removal. No such functionality exists inside the SCCM console.
Simply waiting for a future update that may correct a bad KB is not viable for many enterprises.
Neither is instructing users on how to uninstall KBs on their own from Control Panel as all of our users do not have sufficient permissions to do so. Nor would we want folks to know how to tinker with installed updates ;).
Frank G commented
This is something that I get asked about regularly. Any news to report from the PG on this one?
Michael Boyd commented
Even doing it from a command line would be nice... maybe with DISM?
Any update on this?
Just see that i submitted a uservoice asking to see the software update download date in the console to know if i need to redownload the revisited bugged KB or not. :)
but that's a good idea.
Also, how about Microsoft has a page specifically for notifying us on any issues with updates and their resolution. So come patch Tuesday, or a few days after, you can check the website to see if any of the patches had issues. If there are issues you can pull the patch out before it does any damage rather than having to rely on your pilot deployment and google to find out if there are any issues that month.
This would be nice
J Brown commented
When they make this solution then it might make sense to do it such that any update that is “removal deployed” would also be “blocked” for purposes of installation. This would not only help admins remove a problem patch but also prevent its reinstallation.
In my experience a problem patch doesn’t usually affect all clients, it’s usually a subset that needs uninstalled and/or blocked from installation.
Bob Lamaster commented
This is my #1 wanted feature, and it's something that's been needed all along.
I can't count the number of times I've had to roll back client updates just in the last 6 months! having this ability would be a huge timesaver.
Being able to natively roll back Windows Updates for computers or collections from within SCCM is a MUST. Please implement
Giles Frankling commented
Got to vote for this one. To many times a windows update has rolled out from the SUP and caused Client Issues. Fast rollback/uninstall of specific KB's would be exclient.
Stefan Röll commented
Tony Peters commented
Also in WSUS but not CM SUP; the ability to 'hide' an update for a specific machine when the update breaks a production application.
Iain Fairbairn commented
I support this idea, it has been awkward in the past at times to script this with Wusa. It works but it is a bit clunky and relies on you having someone with more than basic admin experience to ensure success in a scenario that almost invariably happens with an incident outside of normal business hours and availability of the ideal administrator to action this may be limited and where you may need to work quickly to un-***** the situation before it deploys too far.
Vikram Midha commented
This is a very essential feature which should be in-built with SCCM if not released with the latest 1606 as well.
If we would be having an option to automate any of the issue patch would be grateful, which is time consuming and manual effort involved to create it as a package in SCCM.
Which is a pain in general to uninstall(Back-out) it from the estate when an issue patch has been rolled out.
It would be nice to have a software update group function/feature to deinstall updates from clients/servers instead of having to script wusa.exe commands for the KB numbers.
Greg Isett commented
We've recently had to un-install some failed patches. It would be nice to have SCCM do this for us quicker than building the package/application and deploying.