cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Denying problematic updates

RahamimL
Iron Contributor

‎Apr 19 2021 04:27 AM

‎Apr 19 2021 04:27 AM

Denying problematic updates

Hi everyone,

 

My computer is co managed with SCCM and it gets updates from an Intune update ring.

Yesterday the computer had a BSOD because of update 5000808 which is caused when attempting to print to certain drivers.

The thing is, I didn't receive any fixes that were published as out of band updates.

My question is: I know I can't control windows updates the same way I control them in WSUS. But I understand that pausing the ring might help. So, if my ring is set to run after 3 of patch Tuesday weeks and I want to pause it, how long do I need to pause it?

 

Rahamim.

Labels:
2,229 Views
0 Likes
4 Replies
Reply
4 Replies
Rudy_Ooms_MVP

‎Apr 19 2021 07:44 AM

‎Apr 19 2021 07:44 AM

Re: Denying problematic updates

Hi,

Just another idea....
Maybe instead of pausing the update ring... maybe trying to exclude/hide the update itself with a PowerShell script?

Install-Module -Name PSWindowsUpdate -force -confirm:$False
Hide-WindowsUpdate -KBArticleID "kb" -Confirm:$false
0 Likes
Reply
RahamimL

‎Apr 20 2021 12:21 AM

‎Apr 20 2021 12:21 AM

Re: Denying problematic updates

Thanks for the idea, did you test this? Another problem I have is, I need to distribute the module to all computers. I would rather avoid that.
0 Likes
Reply
Rudy_Ooms_MVP

‎Apr 20 2021 02:05 AM

‎Apr 20 2021 02:05 AM

Re: Denying problematic updates

Hi, I did not test it lately. But it works when you want to hide an update.
What are the main reasons you don't want this module to be pushed to your endpoints?
If you don't blocked powershell, It could be a reason of course...
Take a look for some ideas, how to prevent the use of powershell

https://call4cloud.nl/2021/04/powershell-the-killer-queen/
0 Likes
Reply
RahamimL

‎Apr 20 2021 02:34 AM

‎Apr 20 2021 02:34 AM

Re: Denying problematic updates

My approach is to control it from the source rather than the destination. For example, In WSUS \ SCCM you can deny an update from being deployed. You don't need to run a script on each computer to stop the deployment. I want to do the same thing in this case since this is not just my computer but all enrolled devices. In this case, only I was affected from this bug but as an IT admin I want to make sure I can verify the update and not accidentally deploy problematic updates to end users.
0 Likes
Reply