SCCM – Options for Removing Windows Updates

Recently, a client had an issue with a particular patch to Office interfering with a line of business application.  The patch in particular was KB 2826026 – Office 2010 update: October 8, 2013.  Normally the procedure to uninstall a patch is to use Group Policy or SCCM to push out the following Windows Update Stand Alone tool command:

WUSA /uninstall /kb:2826026

However this only works with Windows Operating System Updates (which are deployed in the MSU format).  When dealing with a software product update like this one for Office, the correct answer is to look in the registry for information about the update.

Browse to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\, and then search for the KB number of the update you need to remove.  Once found, look at the Uninstall String, and you’ll see a value like this:

"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}" "1033" "0"

This command will remove the offending patch, but requires manual intervention (clicking Yes) and then will force a restart.  You can use these values with an MSIexec command though to run the removal of the patch through Windows Installer, which will allow for logging and standard reboot controls, etc.

Use this example to help you create your MSI command:

msiexec /package {90140000-0011-0000-0000-0000000FF1CE} MSIPATCHREMOVE={D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB} /qb /norestart /l+ c:\windows\system32\ccm\logs\KB2826026_unins.txt

This may force the shutdown of Office, and will not complete until the system has restarted, however.

Advertisements

6 thoughts on “SCCM – Options for Removing Windows Updates

  1. RBogdan February 25, 2014 / 2:21 pm

    Hi,

    I follow your steps and it works great !

    Anyway, from my test I noticed this:

    For Win 8 x64 I use this command:

    msiexec /package {90150000-0011-0000-1000-0000000FF1CE} MSIPATCHREMOVE={E8F64CB5-1419-47A8-9FCE-F6E4137F2D25} /qb /norestart /l+ c:\windows\ccm\logs\KB2850061_rollback.txt

    For Win 7 x64 I use this command:

    msiexec /package {90150000-001A-0409-1000-0000000FF1CE} MSIPATCHREMOVE={DC09D330-4049-4A18-8591-CDA3E30A9F6B} /qb /norestart /l+ c:\windows\ccm\logs\KB2850061_rollback.txt

    For both systems, the Office KB’s were successfully removed.

    Now..

    I also check other 2 systems, and from registry the GUID is different:

    For Win 7 x86:

    “C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe” /removereleaseinpatch “{90150000-0011-0000-0000-0000000FF1CE}” “{3EF35AB5-21A1-4858-97BB-E4CF1ECF3736}” “1033” “0”

    “C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe” /removereleaseinpatch “{90150000-001A-0409-0000-0000000FF1CE}” “{C212BC6C-7778-4333-BE90-15C2512945EF}” “1033” “0”

    For Win 7 x64:

    “C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe” /removereleaseinpatch “{90150000-0011-0000-1000-0000000FF1CE}” “{E8F64CB5-1419-47A8-9FCE-F6E4137F2D25}” “1033” “0”

    “C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe” /removereleaseinpatch “{90150000-001A-0409-1000-0000000FF1CE}” “{97164652-BF81-41EE-8C0C-C086578E9956}” “1033” “0”

    For now I come to the conclusion that the GUID from registry is different from Win 8 x64 to Win 7 x64 as well as from Win 7 x64 machine to another Win 7 x64 machine.

    So is there a way to mass deploy this command to multiple workstations at once ?

    Regards.

    • FoxDeploy February 25, 2014 / 3:03 pm

      You should be able to use the MSI method I mentioned to handle this situation. I would deploy this as a Task Sequence with four continue on error steps, one for each platform. Or, you could add a condition to execute a step based on the platform (OS version and Architecture type).

      I would ask you why you’re spread out over two OSes and architectures though. You’re setting yourself up for difficulty and complexity if you don’t simplify things.

      If the patch GUID is different, I’d recommend you double-check. I’ve never seen Software patches install with different GUIDs before.

  2. bubu December 17, 2014 / 12:40 am

    Hi! There are major issues with December updates and KB3008923 and I wonder if its possible to stop or remove it from an active deployment update package?

    • FoxDeploy December 30, 2014 / 2:55 pm

      Yes, if you remove the update from the deployment, systems will not install it. They will still download the update content but will only install the ones expressly assigned to them.

  3. Brian Finn December 9, 2015 / 1:05 pm

    Thanks. This is just what I needed.

Have a code issue? Share your code by going to Gist.github.com and pasting your code there, then post the link here!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s