562 votesAnonymous commented
When they make this solution then it might make sense to do it such that any update that is “removal deployed” would also be “blocked” for purposes of installation. This would not only help admins remove a problem patch but also prevent its reinstallation.
In my experience a problem patch doesn’t usually affect all clients, it’s usually a subset that needs uninstalled and/or blocked from installation.
Leaving status as Noted – see https://blogs.technet.microsoft.com/configmgreng/2016/03/11/configmrguv/
We don’t do anything explicit to block GPO processing, in earlier Windows versions that wasn’t the case but GPO apply was problematic in some instances
Our next step for this item is clear explanation of how GPO relates to OS Deployment Task Sequences and standalone Task Sequences.