Remove KB3139929 From SCCM Software Update Groups
By Jesse Walter
Published March 10, 2016
Estimated Reading Time: 2 minutes

NOTE: This is in response to a client complaint as well as the article referenced in the body of this post. I have not seen this with my own eyes. However, this script can be used for any KB Article you wish to remove from a Software Update Group, so I figured I’d post regardless!

 

If you manage your patch deployments using CM, you most likely only select critical and security patches for standard deployment. This was to ensure your compliance was met without risking the deployment of a standard update that may not be compatible with custom applications, amongst other reasons.

 

Well, now we have a problem (maybe)…

 

Microsoft recently released a “critical” patch that is, for all intents and purposes, adware. Your users will see a pop-up or banner in IE reminding them that it is important to move to Windows 10. More can be found in THIS ARTICLE. (Please note that I have not seen this myself, but it was reported to me twice today, so preventative measures until we have it all sorted out!)

 

Super cool, right? I mean, who doesn’t love call-generating issues? The more end-user interaction the better, I always say! (<- I don’t say that)

 

Well, if you are under the gun and need to remove this from all of your software update groups (hopefully, you haven’t deployed to production yet because you are a good admin), then do I have the script for you!

 

Copy below into ISE and save the script as “Remove-ArticleID.ps1”. The syntax for this specific KB removal would be:

.\Remove-ArticleID.ps1 3139929

 

Now, go save the world!

 

<#
.SYNOPSIS
Remove KB Article from Software Update Groups
.DESCRIPTION
This script can be used to remove an Article from all Software Update Groups in SCCM

.EXAMPLE
.\Remove-ArticleID.ps1 3139929

.EXAMPLE
.\Remove-ArticleID.ps1 -ArticleID 3139929

.NOTES
Written by Jesse Walter, Model Technology Solutions

.LINK
model-technology.com
#>

param(
[parameter(Mandatory=$true)]
[string]$ArticleID
)

$SiteNamespace = "root\sms\" + ((gwmi -Namespace "root\sms" -Class "__Namespace").name)

$Updates = gwmi -Namespace $SiteNamespace SMS_SoftwareUpdate | ?{$_.IsDeployed -and $_.ArticleID -eq $ArticleID}

$CI_IDs = $Updates | select -ExpandProperty CI_ID

## Remove from Software Update Assignment

ForEach ($Update in $Updates)
{
$CI_ID = $Update.CI_ID
$Authlist = gwmi -Namespace $SiteNamespace SMS_AuthorizationList | ?{$([wmi]$_.__PATH).Updates -like "*$CI_ID*"}
$AuthList = [wmi]"$($AuthList.__PATH)"
Write-Output "Removing $($Update.LocalizedDisplayName) from $($AuthList.LocalizedDisplayName)"
$AuthList.Updates = $AuthList.Updates | ?{$_ -ne $CI_ID}
$AuthList.Put() | Out-Null
}

 

Article By Jesse Walter
Jesse Walter is a Partner with Model Technology Solutions and the Vice President of Research and Development. He has an extensive background in Microsoft endpoint management tools, such as Microsoft Endpoint Configuration Manager and Intune, as well as a strong foundation in the Microsoft 365 Defender stack. Additionally, he enjoys automating repeatable operational tasks using PowerShell, and has developed several security tools using C#.

Related Posts

No more cyber insurance forms!

Tired of filling out endless cyber insurance forms?

  • Download accurate security reports about your environment with a single click.
  • Avoid costly reporting errors.
  • Use your time in better ways.
  • Prove your cyber readiness with confidence.

Download our vCISO platform brochure to learn more.