How to use the K1000 to roll back KB3035583

Hi Again:
First, thanks for the help on figuring out which workstations have KB3035583 installed.  Turns out it's 169 out of 400.  I'm working on setting up Group Policy not to allow these, but the horse has left the barn on 169 of them.
I should note that we don't do any kind of patch management at all here (I'm working on that, but first things first).
I'm looking under Security -> Patch Management -> Schedules.
I create a new schedule to Detect and Rollback on all devices.
Where I'm getting confused Is under "Detect" I can select "All Patches" or "Manage Associated Labels"
Is there a way to specify KB3035583?
Thanks again for answering my noob questions!

0 Comments   [ + ] Show comments

Answers (3)

Posted by: taylor-madeak 6 years ago
Yellow Belt
It's usually not enough to just create a Kscript that uses WUSA to remove this patch, as doing so does not prevent WUSA from automatically reinstalling the update the next time it runs.

We addressed this issue in the following manner:

  1. I wrote this PowerShell script to uninstall and hide the patch.  This script removes the update, then hides it to prevent re-installation.  This is a template script used to remove other bad Microsoft patches as necessary (e.g. when they don't support rollback).
  2. Locate the Update for Microsoft Windows (KB3035583) software item under Software inventory.
  3. Customize the PowerShell script for your own use (particularly the log output), then upload and associate the file with the KB3035583 software inventory item.
  4. Create a new Managed Installer with the following configuration:

    It's important to note here that the Uninstall option is selected.
  5. Use a Smart Label to refine your targets as necessary.
  6. Set Execution type to best suit your environment (Anytime for fastest deployment).

Posted by: rockhead44 6 years ago
Red Belt
 I have never tried the Rollback option with my patching so I can't speak to that. Typically, you can uninstall Windows Updates using a .bat file and run that as a script from the K1000.

@echo off 
wusa /uninstall /kb:3035583 /quiet /norestart 


@echo off 
wusa /uninstall /kb:3035583 /quiet /forcerestart 

You can save either of those as a .bat and run as a script. That's one way to remove the update. From there, you can make the patch Inactive on the K1000 to prevent it from being deployed again. 

As for your Managed Associated Labels question, to target the devices you want, I would create a smart label to find machines with the particular update installed, something like

Go to Inventory-Devices-Smart Label

Software Titles  =  Update for Microsoft Windows (KB3035583)

That way the machines that have the update will get placed into that label the next time they inventory. Then, target that label with your uninstall script. 
Posted by: nshah 6 years ago
Red Belt
1. Does KB3035583 support roll back? You can find that out by finding and clicking the patch to open it up in the KBOX and see if it says supported under Rollback
2. Then you have to put a manual label on it. Something like Rollback
3. In the Detect area you don't select  All Patches you would select the Rollback Label you created and assigned to that one patch. You don't need to detect for all patches, just the ones with the Rollback label.
4. Select the "Rollback" label in the Rollback area as well. 
5. Make sure you select "Detect and Rollback" in your Actions drop down at the top of the schedule

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ