Jump to content

How to scriptably uninstall patches for Windows 10?

Recommended Posts

First: you can no longer use wusa.exe to uninstall patches silently since Windows 8/Server 2016, so this is out of the question. You. Just. Can't. Do. It! Thanks Microsoft (for ingeniously deciding that parameters /quiet and /kb:kb123456 are illegal to use together). Sometimes wusa.exe will be able to remove a patch if you manually execute it in a console-level session, and there will be pop-ups you have to interact with, too.

Second: dism does not list every installed patch as a package. Said differently, not every installed patch exists as a package for dism to work with. On my Windows 10 machine, of 6 installed KB patches only 1 KB patch had a package listed by DISM.

Third: ConnectWise Automate's built-in "Remove Patch" command no longer works. Every single patch I try to uninstall through Patch Manager in CWA for Windows 10, Windows Server 2016, and Windows Server 2019 returns one of the following: "N/A", "cannot be uninstalled", or "No Updates to uninstall". Problem: this is crock full of 🐴💩 as I am able to uninstall every single patch through appwiz.cpl (item 4 below). Unfortunately, this is probably also a Microsoft thing as these messages are also coming from C:\Windows\WindowsUpdate.log.

Fourth: appwiz.cpl > Installed Patches appears to be the most rock solid and effective way to uninstall ANY patch. Problem: this isn't automatable and requires you to remote and login to every machine to do it manually with mouse clicking and interaction.

Fifth: dism appears to have support for uninstalling a patch by feeding it a .CAB file that has been extracted from an .MSU file. Problem: this means you would have to download the MSU package for every patch you want to uninstall, and to get that package you'll somehow magically have to acquire the download URL for whatever KB# you wish to remove. Good luck with that! I also don't know how effective this solution truly is, either (might not be effective at all!).

I have searched up and down for a solution but it seems that at present there isn't a silent and automation-friendly way to uninstall patches. You have to do it manually by hand, machine by machine, through a console session and GUI.

Edited by BlueToast

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...