- Managing shared mailboxes in Office 365 with PowerShell - Thu, May 5 2016
- Managing shared mailboxes in Office 365 with the GUI - Wed, May 4 2016
- Installing and configuring the Enhanced Mitigation Experience Toolkit (EMET) - Wed, Mar 16 2016
Windows Updates work flawlessly every time and never cause problems, right? Unfortunately, no. Despite all of the testing that goes into updates that are eventually pushed out to Microsoft’s public update infrastructure, some updates occasionally break things and have to be uninstalled until an updated version can be made available. When an update breaks something, what do you do?
Manual removal
If you’re working in a small environment or still tracking down the issue, removing the update manually is the quickest way to go. In Programs and Features, click on “View installed updates.”
View installed updates
Select the update you want to remove and then click the Uninstall option.
Uninstall an update
When prompted, click Yes to accept the uninstall and then let the process run. When the process completes, reboot if necessary.
Uninstall in WSUS
If you’re running WSUS, removing updates is easy, but not necessarily intuitive. In the WSUS console, right-click on the Updates area and choose “Search.”
Seach updates
In the Search window, type in the KB article number associated with the update and click “Find Now.” When the list of updates is returned, you’ll probably see updates for multiple versions of Windows and both bitness levels (x86 and x64). Right-click on the right version of the update and click “Approve.”
Approve update
For each group that will need the update removed, click the pulldown next to the group name and choose “Approved for Removal.”
Approve for removal
On the client side, the Windows Update Control Panel applet will reflect the removal by showing “(Uninstall:)” before the name of the update.
Select updates you want to uninstall
The update will be removed at the normally scheduled time that you’ve set in Group Policy. Should you need the update to uninstall sooner, you can set a Deadline just like you would when installing an update.
Removing via command line
Windows Updates can be removed rather easily via the command line with wusa.exe, the Windows Update Standalone Installer.
Using the wusa.exe command, we can uninstall the update KB1212121 quietly and prompt the user for a restart with the following command:
C:\Windows\System32\wusa.exe /quiet /uninstall /kb:1212121 /promptrestart
Uninstall with wsua command
Using PsExec (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx), we can do the same thing to remote PC’s. In the case of remote PC’s, you may want to include the /warnrestart switch to ensure the user is warned before a reboot happens:
psexec.exe \\computername C:\Windows\System32\wusa.exe /quiet /uninstall /kb:1212121 /warnrestart:600
Uninstalling via Startup/Shutdown script
If you need to remove an update across a larger group of computers that are part of an Active Directory domain, you can uninstall the update as part of a startup or shutdown script.
In the Group Policy Management Console, open the GPO that will contain the script and go to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown).
Startup/Shutdown scripts
Click Add and then Browse. This will open the GPO in the Sysvol share for you to create the batch file.
Add Shutdown script
Personally, I like to use Shutdown scripts when I need to remove an update en masse. Typically, updates require a reboot after removal. By using a Shutdown script, the script can run at the next system shutdown/reboot event and the update removal process gets the reboot it needs. By using a Startup script, you may end up needing two reboots to remove the update: one reboot so that the script runs at the next system start and a possible second reboot if the update removal process requires it.
For the script, I use:
C:\Windows\System32\wusa.exe /uninstall /kb:1212121 /quiet /norestart /log
Script to uninstall an update
By adding the optional, /log, you can go into the Setup Event Log and check that your update was removed.
Event Log- Windows update was successfully uninstalled
