We all talk about how you can use Microsoft WSUS to approve and distribute updates to managed clients. WSUS is a great way to keep all of the computers on your network up to date with all of the latest patches. However, there's another side to this equation. What if you want to remove an update? Maybe it's causing problems with one of your applications, or you want to uninstall a program altogether. In these cases, WSUS provides an option to approve updates for removal, which instructs the client systems to uninstall the update the next time they contact the WSUS server.

 

Approving Updates for Removal

The important thing to note about approving updates for removal is that WSUS only supports this function for MSI and MSP updates. If you're curious whether a specific update supports removal, check the details pane for the update in WSUS (or a third-party patch management application). The Removable setting under Additional Details indicates whether or not the update supports removal.

 

Along these same lines, the two types of updates that support removal each support specific types of removal. When you approve an MSI update for removal, the installer removes the entire program. On the other hand, since an MSP is simply a patch applied to a base product, approving the MSP for removal just removes the specific patch, leaving the product installed. If you're looking at third-party updates, two examples would be Java patches (MSI - full uninstall) and Adobe Reader patches (MSP - only uninstalls the patch).

 

Finally, when you approve an update for removal, you have the option to specify a removal deadline. If a client checks in with WSUS after that deadline, it removes the update immediately instead of waiting for its scheduled task or some user intervention. If you want your clients to handle the removal this way regardless of when they check in, specify a removal deadline for some time in the past. If you do not set a deadline at all, the client will remove the update at the same time it installs any other pending updates. WSUS patch management, simplified!

 

For additional WSUS patching information about approving updates for removal, see "Approving updates for removal" in the Microsoft TechNet article, Approve updates.