I have some windows updates that cannot run for software dependencies in our organization. Such as new versions of IE and .NET 4.5.1.

 

Here are the 4 updates that need hidden:

 

1. IE9

 

2. IE10

 

3. IE11

 

4. .Net 4.5.1

 

Is there a way to run a .bat or some script to hide these updates for any user that logs in? This way when automatic updates run, they don’t get installed.

 

GPO at this point is NOT an option as the OU these computers go into while in post install tasks are run are not managed by GPO.

 

Other options I believe could work:

1. Disable Windows updates, and put the computer in the proper OU that will enable updates and not run those updates. However, honestly I don’t trust that GPO (or rather our windows update server) will hide these updates. I want to make sure they don’t run as it takes time to remove them after they are installed.

 

2. Hide them on the image, but I am not sure if that will persist through sysprep, and KACE.

 

 

1 Comment   [ + ] Show Comment

Comments

  • I spoke with my network team and I am not going to be worrying about the updates on the image. I am going to turn off auto updates and leave it up to the windows update server to block these updates.
Please log in to comment

Answers

0

They should stay hidden.  If not you will need to create a golden C:\Windows\SoftwareDistribution\DataStore\DataStore.edb file on one system that has the updates hidden and then copy that file to your images as a task.

Answered 05/21/2014 by: SMal.tmcc
Red Belt

  • Ok, I will report back after I try this. I hope it stays from the gold image. That would be nice.

    If it doesn't copy over, should I just copy the DataStore.edb from the gold image image before sysprep and copy it back in a post install task?
    • yes keep a copy and put it back if needed. You may have to do this as a midlevel task if you have updates enabled. that could lock this file so you cannot overwrite it
Please log in to comment
Answer this question or Comment on this question for clarity