Hiding Windows Updates Remotely In a Non-WSUS Environment

If you’re using BatchPatch in an environment that has no WSUS server, there might be times when computers show more available updates than you actually want to install. For example, perhaps you don’t want to install new versions of IE or .NET when you’re installing Windows Updates, but you do want to install updates to the existing versions of IE and .NET. Well, if you had a WSUS server, the procedure would be as simple as removing the approval for the particular update on your WSUS server. This approval removal would then be seen by computers that report the WSUS server, and it would then no longer appear in the list of available updates on those computers. However, for those of you working in environments that do not include a WSUS server, you need a way to hide these updates. Fortunately, with BatchPatch it’s a simple process to hide specific updates, by name, so that they no longer appear as available or visible updates on target computers. In the same way that updates can be hidden, they can also easily be unhidden at any time with just a few clicks.

To hide an update on target computers using BatchPatch:

  1. First, let’s check for the list of available updates, so that we can see the titles of all the updates that are ready to be installed on the computer. Highlight the host and then select Actions > Windows Updates > Check for available updates. In the screenshot below we can see the list of updates on available on my computer at the moment.
    CheckForAvailableUpdates
  2. For the sake of this example, let’s hide the first update in the list, titled “Update for Windows 7 for x64-based Systems (KB2952664).” Highlight the hosts that you want to hide the update on and then select Actions > Windows Updates > Hide / unhide updates > Create/modify list of specific updates for hiding.
  3. In the new windows that appears, we have the option of either listing the exact title of the update or just a piece of the title. We can enter one entry per line. BatchPatch will examine the list of updates that are available, and if any of those updates contains one of these entries in the update title, the update will be hidden. Generally speaking, the simplest way to proceed is to enter the KB ID number for each update that we want to hide. However, occasionally an update title might not contain the KB ID, in which case we would simply copy and paste the exact title into the list. In this example I’ve input the KB ID of the update that we want to hide.
    CreateListForHidingUpdates
  4. Once we’ve added the update(s) to our list, we are ready to execute the action to hide the update. There are two ways to do this. We can either simply click the Execute button, which will hide the update on all selected hosts, or we can click the Save button, which will save this “Hide list” for all of the highlighted rows. Once the “Hide list” has been saved for a given row or set of row(s), to actually hide the update we would click on Actions > Windows Updates > Hide / unhide updates > Hide updates.
    HideUpdates
  5. We can see in the screenshot above that the update has been hidden. Now when we execute a new “Check for available updates,” the hidden update doesn’t appear in the list. When we install the available updates, the hidden update will not be installed. If at some point we decide that we want to view the list of installed updates and/or unhide the update, we can do so very easily by using Actions > Windows Updates > Hide / unhide updates > List hidden updates along with Actions > Windows Updates > Hide / unhide updates > Unhide updates.

    ListHiddenUpdates

This entry was posted in Blog, General, Tutorials and tagged , , . Bookmark the permalink. Both comments and trackbacks are currently closed.