• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 99
  • Last Modified:

Remotely uninstalling a bad Microsoft Cumulative update.

We pushed out (3163018 Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016) and it caused all our computers to lose the ability to receive new group policy changes. We tried to recall it with WSUS but it won't work. Is there a way to uninstall this patch remotely like with a batch file that is run at first log in?
We have tried this without luck "Psexec -u ourdomain\administrator -p xxxxxxx -d -s \\10.1.32.61 wusa.exe /uninstall /kb:3163018 /norestart .
Thanks
0
CityInfoSys
Asked:
CityInfoSys
1 Solution
 
Cliff GaliherCommented:
It isn't a bad patch. Microsoft correctly patched a security vulnerability that allowed MitM attacks via group policy manipulation.

Fix your policies and you'll be fine. I *strongly* discourage uninstalling that CU. As you can't apply any other security updates released after it either (that's what makes them cumulative) without re-introducing the same behavior, And there are known in-the-wild security attacks addressed in July/August/September CUs. So this would put you in a very unsafe situation. Fix your GPOs.
0
 
CityInfoSysAuthor Commented:
Thanks, I found this too.

To resolve this issue, use the Group Policy Management Console (GPMC.MSC) and follow one of the following steps:

Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).
If you are using security filtering, add the Domain Computers group with read permission.

In the Group Policy Management Console, go to the Delegation tab and add the read permission there, not in the Security Filtering pane in the Scope tag. That will make the policy readable, while not affecting who it is applied to.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now