In a previous post I wrote about how to uninstall (or “Approved for Removal” in WSUS terms). But how do we exclude updates from appearing in our Software Update Groups (SUG) created by out Automatic Deployment Rules (ADR)?
Before you’re asking, of course I’m using ADR’s for patching the whole environment! Everyone should!
Problem
A week after we deleted KB123456 from our deployment it reappeared. Since we know that this is a production breaking update we do not want it to appear in our update deployments.
Solution
To understand how to solve this we first need to understand how ADR works. I won’t go into detail about the mechanics and logs related to ADR, but the key fact that needs to be known here is:
Each time an ADR runs it completely regenerates the SUG associated with the ADR. Continue reading