NOTE: This is in response to a client complaint as well as the article referenced in the body of this post. I have not seen this with my own eyes. However, this script can be used for any KB Article you wish to remove from a Software Update Group, so I figured I’d post regardless!


If you manage your patch deployments using CM, you most likely only select critical and security patches for standard deployment. This was to ensure your compliance was met without risking the deployment of a standard update that may not be compatible with custom applications, amongst other reasons.


Well, now we have a problem (maybe)…


Microsoft recently released a “critical” patch that is, for all intents and purposes, adware. Your users will see a pop-up or banner in IE reminding them that it is important to move to Windows 10. More can be found in THIS ARTICLE. (Please note that I have not seen this myself, but it was reported to me twice today, so preventative measures until we have it all sorted out!)


Super cool, right? I mean, who doesn’t love call-generating issues? The more end-user interaction the better, I always say! (<- I don’t say that)


Well, if you are under the gun and need to remove this from all of your software update groups (hopefully, you haven’t deployed to production yet because you are a good admin), then do I have the script for you!


Copy below into ISE and save the script as “Remove-ArticleID.ps1”. The syntax for this specific KB removal would be:

.\Remove-ArticleID.ps1 3139929


Now, go save the world!


Remove KB Article from Software Update Groups
This script can be used to remove an Article from all Software Update Groups in SCCM

.\Remove-ArticleID.ps1 3139929

.\Remove-ArticleID.ps1 -ArticleID 3139929

Written by Jesse Walter, Model Technology Solutions



$SiteNamespace = "root\sms\" + ((gwmi -Namespace "root\sms" -Class "__Namespace").name)

$Updates = gwmi -Namespace $SiteNamespace SMS_SoftwareUpdate | ?{$_.IsDeployed -and $_.ArticleID -eq $ArticleID}

$CI_IDs = $Updates | select -ExpandProperty CI_ID

## Remove from Software Update Assignment

ForEach ($Update in $Updates)
$CI_ID = $Update.CI_ID
$Authlist = gwmi -Namespace $SiteNamespace SMS_AuthorizationList | ?{$($_.__PATH).Updates -like "*$CI_ID*"}
$AuthList = "$($AuthList.__PATH)"
Write-Output "Removing $($Update.LocalizedDisplayName) from $($AuthList.LocalizedDisplayName)"
$AuthList.Updates = $AuthList.Updates | ?{$_ -ne $CI_ID}
$AuthList.Put() | Out-Null


About the Author: Jesse Walter

Jesse Walter is a Partner with Model Technology Solutions and the Vice President of Research and Development. He has an extensive background in Microsoft endpoint management tools, such as Microsoft Endpoint Configuration Manager and Intune, as well as a strong foundation in the Microsoft 365 Defender stack. Additionally, he enjoys automating repeatable operational tasks using PowerShell, and has developed several security tools using C#.

Three Minutes For A More Secure & Efficient Infrastructure

Short and to the point, Steve’s Email Blasts give you endpoint management tips, tricks, and news in three minutes or less email read-time, guaranteed.

Model says no to spam. Privacy Policy

Model Technology Solutions

Model Technology Solutions is a small but mighty band of infrastructure experts. We’ve helped companies in diverse industries to modernize and automate their infrastructures through effectively managing their Microsoft endpoint suite.

With us on your team, you’ll watch your security and compliance go up and your IT team’s costs (and headaches) go down. You’ll relax in knowing that your endpoints will be secure and online when your users need them most. And you’ll finally get back to your most-important tasks.

Model Technology Solutions
12125 Woodcrest Executive Drive, Ste. 204 Creve Coeur, MO 63141

Phone: (314) 254-4138
General Inquiries:
Sales and Quotes: