We have several hundred computers, and one of those machines must not be upgraded above Java 1.6. I have the machine in its own targeting group- How do I stop future Java updates?
When you right click on an update and select approve you will get this window that lists your target groups. I also have a no java updates group and I just dont approve it for that group. I leave my default view filtered to not show the updates in the no java update target group as well but dont worry about that I dont want to confuse you.
There is a rather large learning curve with this software so feel free to read up and search the forum here or ask away when you need help
If its in its own target group just do not approve any java updates for that target group
Sorry- I forgot to include this information: All critical updates are automatically applied to all groups- and the Java updates are usually critical. Is there a way to filter or prevent just updates that have to o with Java from installing on just one machine?
No, its a definite downside to using the third party automatic publishing. You will have to disable that or create a new OU with a download and notify GPO and then just manually update that PC and uncheck the box for Java. Personally I dont like the second way because its way too easy to forget to remove that checkbox since out of hundreds of times you would update its way to easy to forget one time.
If you mean critical updates get applied automatically by WSUS then Java is not included in that, only if you use the auto third party publishing.
Thanks... So how/can I disable the third-party patching in PM but keep WSUS updates working on that computer? It's already in a target group, so I guess the real question is how to stop the third-party patches from installing on this machine?
The way patch manager works is you attach it over the top of your WSUS server and then patch manager also can import other catalogs for third party software like the solarwinds catalog which contains most of the available third party updates or the adobe catalogs.
When there is an update available in those catalogs WSUS will publish microsoft updates automatically but you have to publish any third party updates manually.
Then the updates can become available to approve for target groups if they are needed.
You select an update and approve it or not for any target group you have set up.
WSUS has the ability to auto approve critical updates.
Patch manager has recently gotten the same ability for third party updates but you have to have set it up to do so. If you have not set up automatic publishing for third party updates then you dont have to worry about that.
As long as you dont approve an update for the target group you dont want to get updates it wont get the update.
OK, thanks for the answer- Very helpful! I just started in this position and PM was already setup by the previous admin- that's why I am not fully versed in it (yet) . It sounds like I don't need to do anything except make sure that I exclude the target group for the computer I don't want to receive the third-party patches when I approve and publish them- I do recall seeing a window where you can make that distinction. Let me know if I am missing something. Thanks again for all your help!
Your screenshot answers the question- all I have to do is turn off inheritance and just manually approve for the group- Thanks so much. I will continue searching, reading, and posting!
