Remotely uninstalling a bad Microsoft Cumulative update.

CityInfoSys
CityInfoSys used Ask the Experts™
on
We pushed out (3163018 Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016) and it caused all our computers to lose the ability to receive new group policy changes. We tried to recall it with WSUS but it won't work. Is there a way to uninstall this patch remotely like with a batch file that is run at first log in?
We have tried this without luck "Psexec -u ourdomain\administrator -p xxxxxxx -d -s \\10.1.32.61 wusa.exe /uninstall /kb:3163018 /norestart .
Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
It isn't a bad patch. Microsoft correctly patched a security vulnerability that allowed MitM attacks via group policy manipulation.

Fix your policies and you'll be fine. I *strongly* discourage uninstalling that CU. As you can't apply any other security updates released after it either (that's what makes them cumulative) without re-introducing the same behavior, And there are known in-the-wild security attacks addressed in July/August/September CUs. So this would put you in a very unsafe situation. Fix your GPOs.

Author

Commented:
Thanks, I found this too.

To resolve this issue, use the Group Policy Management Console (GPMC.MSC) and follow one of the following steps:

Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).
If you are using security filtering, add the Domain Computers group with read permission.

In the Group Policy Management Console, go to the Delegation tab and add the read permission there, not in the Security Filtering pane in the Scope tag. That will make the policy readable, while not affecting who it is applied to.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start Today