Cybersecurity
DevOps Cloud
IT Operations Cloud
OpenText product name changes coming to the community soon! Learn more.
There can be instances where one wants to block the automatic installation of specific Windows patches on devices via "Windows Update", where those patches may cause issues.
"PSWindowsUpdate" is one PowerShell tool that can assist in this matter. The tool will not block the installation of those patches via ZENworks Patch Management or other mechanisms. Details about this PowerShell tool can be found here: https://www.powershellgallery.com/packages/PSWindowsUpdate/2.2.1.5
Below is an example that can be run via a ZENworks bundle calling a PowerShell script.
Install-PackageProvider -Name Nuget -MinimumVersion 2.8.5.201 -Force set-executionpolicy bypass Install-Module -Name PSWindowsUpdate -Force $HideList = "KB5041580", "KB5041585" Hide-WindowsUpdate -KBArticleID $HideList -Verbose -Confirm:$False
In this example, the script will silently download and install the prerequisite "Nuget" package as well as "PSWindowsUpdate".
It then issues the command to "Hide" KB5041580 and KB5041585.
The results can be seen below where KB5041585 is hidden. (Note This is a Windows 11 PC, so KB5041580 is not applicable and thus not hidden.)
Checking For Windows Updates shows the following results, without the hidden patch.
In cases where the "Hidden" patch was in the process of automatically downloading, the progress was reset so it stopped downloading, did not resume automatic downloading, but did remain in the list to allow for manual installation.
With the PowerShell Module installed one also has access to commands to check both WIndows Update history and needed patches. The following results are what is shown after running the script bundle to "Hide" the specified updates.
One can see that the specified KBs have not been installed in the past and are not listed as needed, despite other KBs released at the same time as showing still needed.
Previously "Hidden" Windows updates can be "unhidden" using the "Show-Windows Update" command such as: Show-WindowsUpdate -KBArticleID "KB5041850","KB5041585" -Verbose -Confirm:$False
After running the "Show" command, we can now see the KB is now listed as needed.
Attached is a sample bundle:
Please checkout the following link for other important articles:
https://community.microfocus.com/members/craigdwilson/bookmarks