Link to home
Start Free TrialLog in
Avatar of sorensenbrad
sorensenbrad

asked on

block patches in wsus

I'm wanting WSUS to block or prevent a specific patch from being pushed or deployed to all my systems.

For example I don't want WSUS to push / deploy KB958650

How is this done in WSUS, in the past its been all or nothing, but I remember that I have to approve all patches. Could I just not approve a patch and it wont ever get pushed  / deployed to all my systems? Also what would happen if I just simply declined the update, would that work?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Don
Don
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You need to check your "Automatic Approvals" options, do you have any rules that approve updates as they come in? If not then you have to approve all patches that come in before the clients can install them. You can either leave that patch unapproved or decline it.
Avatar of Freshandeasy
Freshandeasy

Patches is approved from wsus server at 10 AM & Policy is set that client will install & reboot at Eg: 4:00 PM. but now we need to stop the installation on all client how do we do it. is there any policy to do that or just by declineing this update will work.

Note : Client is alredy downloaded the patchs but not installed.