Solved

Remotely uninstalling a bad Microsoft Cumulative update.

Posted on 2016-09-22
2
60 Views
Last Modified: 2016-12-09
We pushed out (3163018 Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016) and it caused all our computers to lose the ability to receive new group policy changes. We tried to recall it with WSUS but it won't work. Is there a way to uninstall this patch remotely like with a batch file that is run at first log in?
We have tried this without luck "Psexec -u ourdomain\administrator -p xxxxxxx -d -s \\10.1.32.61 wusa.exe /uninstall /kb:3163018 /norestart .
Thanks
0
Comment
Question by:CityInfoSys
2 Comments
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 41811586
It isn't a bad patch. Microsoft correctly patched a security vulnerability that allowed MitM attacks via group policy manipulation.

Fix your policies and you'll be fine. I *strongly* discourage uninstalling that CU. As you can't apply any other security updates released after it either (that's what makes them cumulative) without re-introducing the same behavior, And there are known in-the-wild security attacks addressed in July/August/September CUs. So this would put you in a very unsafe situation. Fix your GPOs.
0
 
LVL 1

Author Comment

by:CityInfoSys
ID: 41811632
Thanks, I found this too.

To resolve this issue, use the Group Policy Management Console (GPMC.MSC) and follow one of the following steps:

Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).
If you are using security filtering, add the Domain Computers group with read permission.

In the Group Policy Management Console, go to the Delegation tab and add the read permission there, not in the Security Filtering pane in the Scope tag. That will make the policy readable, while not affecting who it is applied to.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In the market for a new backup solution for Windows Server 2016? Follow these guidelines to get the most bang for your buck.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question