Managing Windows Updates

I had always stood by my practice to never allow automatic Windows downloading/updating. Time and again, I have been vindicated. As recently as a botched release on 10 Sep 2013.
Thus far, I had adopted a "holding period" of 2 to 3 weeks.
Researching where I can, but mainly waiting for cries from some demented souls on the internet

But this is getting increasingly onerous with the weekly growing deluge of updates.
Even going through the list of pending updates is a chore.
I keep a blacklist. But there is no easy way to check if a particular one is pending on any given computer. A year ago, I missed one which resulted in a server BSD! And it was a known one!

I am hoping that some Experts would have tips and suggestions to help make life a bit more easy for me. Thanks
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan CraciunIT ConsultantCommented:
I use Susan Bradley's "Patch Watch" articles, from Windows Secrets newsletter (
It's paid content, but you can pay as much/little as you want for 1 year.

I use WSUS (Windows Server Update Service). It can download to a central machine, and then once you approve the updates, pushes them out to your clients.

Check it out here: Tech Net - WSUS

As for what updates are good or bad? Maybe set up a test machine, either physical or virtual, to test the compatibility of the update with your systems.

For this I have a physical client, and I also use VMware. It has heaps of good features, such as making virtual machines out of already existing physical machines (for your server machines maybe?).

Hope this helps.
I think I see where you are going with this, you want to be able to check your blacklist and if the pending update matches one in your blacklist then do not install.

I am taking a look at the below script:

You should be able to put together a quick solution to see scam remote computers and if a pending update matches your blacklist then send an alert.

I am continuing to look at this to see if something more pro-active can be done.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garychuAuthor Commented:
Thanks, Experts.
I am going to keep this thread going for just a little longer.
Meanwhile, I am going to check out the suggested patch watch articles.
Looks like a good way to keep "up to date" with the updates you don't need.
(Pardon the oxymoron!).
I will also more closely examine if not try out the suggested powershell script.
garychuAuthor Commented:
I have had a look at the powershell script.
Not having had a great deal of experience with powershell apart from some common cmdlets, I am still trying to get my head around it. Let alone customise it.
Still I think it is a promising approach.
Perhaps I was dreaming of something more like a "pending updates detection and removal" scanning software which works with "definition lists" .
Even as we discuss this, Microsoft has just released another botched update for Access 2013 (KB2752093). It is causing a bit of grieve to Access 2013 users.
This is an ongoing challenge.
Thanks for your advice.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.