03/25/2016 3098 views
Hi Again:
First, thanks for the help on figuring out which workstations have KB3035583 installed.  Turns out it's 169 out of 400.  I'm working on setting up Group Policy not to allow these, but the horse has left the barn on 169 of them.
I should note that we don't do any kind of patch management at all here (I'm working on that, but first things first).
I'm looking under Security -> Patch Management -> Schedules.
I create a new schedule to Detect and Rollback on all devices.
Where I'm getting confused Is under "Detect" I can select "All Patches" or "Manage Associated Labels"
Is there a way to specify KB3035583?
Thanks again for answering my noob questions!
0 Comments   [ + ] Show comments


Community Chosen Answer

1. Does KB3035583 support roll back? You can find that out by finding and clicking the patch to open it up in the KBOX and see if it says supported under Rollback
2. Then you have to put a manual label on it. Something like Rollback
3. In the Detect area you don't select  All Patches you would select the Rollback Label you created and assigned to that one patch. You don't need to detect for all patches, just the ones with the Rollback label.
4. Select the "Rollback" label in the Rollback area as well. 
5. Make sure you select "Detect and Rollback" in your Actions drop down at the top of the schedule

Answered 03/28/2016 by: nshah
Red Belt

All Answers

It's usually not enough to just create a Kscript that uses WUSA to remove this patch, as doing so does not prevent WUSA from automatically reinstalling the update the next time it runs.

We addressed this issue in the following manner:

  1. I wrote this PowerShell script to uninstall and hide the patch.  This script removes the update, then hides it to prevent re-installation.  This is a template script used to remove other bad Microsoft patches as necessary (e.g. when they don't support rollback).
  2. Locate the Update for Microsoft Windows (KB3035583) software item under Software inventory.
  3. Customize the PowerShell script for your own use (particularly the log output), then upload and associate the file with the KB3035583 software inventory item.
  4. Create a new Managed Installer with the following configuration:

    It's important to note here that the Uninstall option is selected.
  5. Use a Smart Label to refine your targets as necessary.
  6. Set Execution type to best suit your environment (Anytime for fastest deployment).

Answered 04/04/2016 by: taylor-madeak
Yellow Belt

 I have never tried the Rollback option with my patching so I can't speak to that. Typically, you can uninstall Windows Updates using a .bat file and run that as a script from the K1000.

@echo off 
wusa /uninstall /kb:3035583 /quiet /norestart 


@echo off 
wusa /uninstall /kb:3035583 /quiet /forcerestart 

You can save either of those as a .bat and run as a script. That's one way to remove the update. From there, you can make the patch Inactive on the K1000 to prevent it from being deployed again. 

As for your Managed Associated Labels question, to target the devices you want, I would create a smart label to find machines with the particular update installed, something like

Go to Inventory-Devices-Smart Label

Software Titles  =  Update for Microsoft Windows (KB3035583)

That way the machines that have the update will get placed into that label the next time they inventory. Then, target that label with your uninstall script. 
Answered 03/25/2016 by: rockhead44
Red Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login