A lot of the issues people fast with dodgy Microsoft updates are when they are automatically or accidentally released through WSUS to your end users machines meaning that on their next “Check for Updates” cycle, the end users machine will end up with the update and then its up to the IT techs to sort the machines out.
Well, WSUS not only pushes out update installations, it can also push out Update uninstalls too and it is incredibly simple to do from an administration point of view.
So how do I uninstall updates using WSUS?
Below we will detail exactly how to tell WSUS to uninstall an update across your environment and also show what the end user machine does once it gets the command to do this, so follow the steps below.
First of all, you should login to your WSUS console. Then go into the All Updates tree in your console to display all the updates available. You should then click the Search option on the top right hand side of the console and enter the search criteria for the update you want to remove. For this guide, we will be using KB3008923 which was released last week and causing Internet Explorer to crash:
Once you have found the update you are looking for, you should then right click on it and Select “Approve” (yes approve – this will make sense in the next step!):
A new dialog box will appear and you can then select “Approve for Removal” and then apply that to any child sites you may have:
Click OK and this will now push out the uninstall command through end users Windows Updates next time they check their local WSUS server for updates. Note that the child sites will need to synchronise with the master site before end user machines on these sites get their own commands to uninstall the updates.
So, what does the end user machine then look like?
If you are using WSUS then the end user actually will not see anything as it should happily uninstall in the background without the user knowing. However, if you want to see what it is like, then on a machine that has the update to be uninstalled, manually click “Check for Updates” on the machine and you should then see something similar to this:
As you can see from this, the update we want to remove is there and has the prefix of (uninstall): in the name – install this update and it will actually uninstall it.
Simple as that and saves having to manually uninstall rogue Microsoft Updates!
If you have any questions on this guide or if you just want to say thanks – then please feel free to use our comments system below.