3 Replies Latest reply on Jun 26, 2013 11:40 AM by bbarlow

    Trying not to deploy IE 10...


      So I'm trying to not deploy IE 10 and .net 4.5.  From what I can see I can change the Criticality of the patch to "Ignore" and then set my Patch Scan Template to not scan for patches set to "Ignore"... 

      I was assuming this was correct, but apparently I was wrong. 


      I need to not deploy these patches but I'm sure its in the documentation somewhere on how not to deploy a specific patch but I'm not seeing it.


      Do any of you have any recommendations on how to handle this? 

      Maybe even a recommendation on how to uninstall these items if they've been deployed?



        • 1. Re: Trying not to deploy IE 10...
          bbarlow SupportEmployee

          I would create a Patch Group with all patches regarding IE10 and .net 4.5 in it. The next step would be to create a custom patch template. In the Filtering tab, on the right side, click the "Skip Selected" radio button on the right. Click the "..." button on the right side of Patch Group. Select your Patch group that you created earlier with the IE10 and .net 4.5 in it. Be sure to include any other Patch type filter settings on the bottom.


          This new scan template will not scan for IE10 or 4.5. This method can break however if Microsoft releases new versions of IE10. In this case, your patch group would need to be updated as well.

          • 2. Re: Trying not to deploy IE 10...

            Ok, that sounds like it will work.  I'm assuming when I do this the machines that already have IE 10 or .net will not receive any updates for those items?   If that is correct, is there a way in Shavlik to uninstall a patch?  I see the "uninstall patch" option in the Shavlik console but when I try it nothing happens...

            • 3. Re: Trying not to deploy IE 10...
              bbarlow SupportEmployee

              Protect wasn't meant to uninstall patches globally, but this can be achieved using these instructions.



              You could use Protect to do a Custom Action. Please see pages 170 and 236 of the admin guide for instructions  of utilizing Custom Actions.  (This is for Protect 9)




              Here are the steps to do this.


              Create a Custom Patch group with (QSK2745, MSST-001) in it.

              It.will never be found.

              The process uses the temporary file Nullpatch.exe



              Create a Custom Scan template to scan for only this patch.



              Create a deployment template. Under Custom Actions, Under Step 3, Choose when you would want to run the command, (before or after a patch) and run the the following wmic command. "wmic product where name="application name" call uninstall" Be sure to replace application name with the specific application name you want to uninstall.

              You can find the specific application name by doing the following.

              On one of you machines, run this in the cmd window. 

              wmic product get name


              Scan your machine with your new scan template, and deploy with your new deployment template.

              1 of 1 people found this helpful