I would like to know if its possible to exclude specific M$ updates from being deployed while still deploying all remaining updates and keeping the computers up-to-date?  


I am also open to suggestions on how to handle this situation.  We currently use detect and deploy all patch distribution in K1000 enviorment.  


Answer Summary:
1 Comment   [ + ] Show Comment


Please log in to comment

Community Chosen Answer


I belive you can go into Security -> Patch Listing ... Go into the patches you do not want installed and select the Inactivate option.


According to the Kace Notes on the right of this page:

"Marking a Patch Inactive will prevent it from detecting or deploying on any targeted machines, regardless of Label selections."

Answered 01/13/2014 by: young020
Black Belt

Please log in to comment



I know this question is answered but you can also create a manual label called  "blocked" and add it to the patches that are causing you an issue. Then when you build your smart label out , include a line that states " Label Name" "Does not contain" "Blocked". 

This way:

1. no patches with that label get added to your production smart label.

2. you can easily search for the ones that were blocked, where as making them inactive makes finding them touch without searches by their KB number, one at a time.

3. if you need to apply it, you can just remove the "blocked" label and it will get deployed out on the next schedule, if the patch is still active. 

Answered 01/13/2014 by: nshah
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity