Block specific Windows update hotfix
In a larger network you will want to use WSUS as DanBig pointed out. However, if you owant to block an individual hot fix you can do so with the hot fix ID using this script:
If Wscript.Arguments.Count = 0 Then
WScript.Echo "Syntax: HideWindowsUpdate.vbs [Hotfix Article ID]" & vbCRLF & _
"Examples:" & vbCRLF & _
" - Hide KB940157: HideWindowsUpdate.vbs 940157"
WScript.Quit 1
End If
Dim hotfixId
hotfixId = WScript.Arguments(0)
Dim updateSession, updateSearcher
Set updateSession = CreateObject("Microsoft.Update.Session")
Set updateSearcher = updateSession.CreateUpdateSearcher()
Wscript.Stdout.Write "Searching for pending updates..."
Dim searchResult
Set searchResult = updateSearcher.Search("IsInstalled=0")
Dim update, kbArticleId, index, index2
WScript.Echo CStr(searchResult.Updates.Count) & " found."
For index = 0 To searchResult.Updates.Count - 1
Set update = searchResult.Updates.Item(index)
For index2 = 0 To update.KBArticleIDs.Count - 1
kbArticleId = update.KBArticleIDs(index2)
If kbArticleId = hotfixId Then
WScript.Echo "Hiding update: " & update.Title
update.IsHidden = True
End If
Next
Next
If the update is not linked to an KB article then you would need to find the update ID using this script:
Dim updateSession, updateSearcher
Set updateSession = CreateObject("Microsoft.Update.Session")
Set updateSearcher = updateSession.CreateUpdateSearcher()
Wscript.Stdout.Write "Searching for pending updates..."
Dim searchResult
Set searchResult = updateSearcher.Search("IsInstalled=0")
Dim update, kbArticleId, index, index2
WScript.Echo CStr(searchResult.Updates.Count) & " found."
For index = 0 To searchResult.Updates.Count - 1
Set update = searchResult.Updates.Item(index)
WScript.Echo update.Identity.UpdateID & ": " & update.Title
Next
And block it using this script:
If Wscript.Arguments.Count = 0 Then
WScript.Echo "Syntax: HideWindowsUpdateById.vbs [Update ID]" & vbCRLF & _
"Examples:" & vbCRLF & _
" - Hide KB940157: HideWindowsUpdateById.vbs 2ba85467-deaf-44a1-a035-697742efab0f"
WScript.Quit 1
End If
Dim updateId
updateId = WScript.Arguments(0)
Dim updateSession, updateSearcher
Set updateSession = CreateObject("Microsoft.Update.Session")
Set updateSearcher = updateSession.CreateUpdateSearcher()
Wscript.Stdout.Write "Searching for pending updates..."
Dim searchResult
Set searchResult = updateSearcher.Search("UpdateID = '" & updateId & "'")
Dim update, index
WScript.Echo CStr(searchResult.Updates.Count) & " found."
For index = 0 To searchResult.Updates.Count - 1
Set update = searchResult.Updates.Item(index)
WScript.Echo "Hiding update: " & update.Title
update.IsHidden = True
Next
You can do all of the above in Windows PowerShell as well. I created the scripts in VBScript originally because I wanted to interact with the Windows Update Agent before PoSH was installed. The Windows Update API is documented on MSDN.
Related videos on Youtube
![I say Reinstate Monica](https://i.stack.imgur.com/rX1ss.png?s=256&g=1)
I say Reinstate Monica
I am protesting the unjust firing and subsequent treatment of Monica Cellio. Starting points if you're looking for background on this issue: https://judaism.meta.stackexchange.com/q/5193/472 https://meta.stackexchange.com/q/333965/162102
Updated on September 17, 2022Comments
-
I say Reinstate Monica almost 2 years
I'd like to leave Windows Automatic Updates enabled but block a specific patch from being installed that is causing us problems.
Is this possible? Anyone know how to do that?
-
Opmet about 9 yearsvery nice! i have slightly modified the script in superuser.com/a/922921/172012 - to accept multiple hotfixes at once.
-
Mark Berry over 8 yearsVery helpful, thanks, especially the loop for finding updates by KB number. I've incorporated that into my script for uninstalling and hiding Microsoft Updates: mcbsys.com/blog/2015/11/uninstall-and-hide-windows-updates.