As usual, Microsoft is providing a way to prevent the download and install for a new service pack, this time it’s SP1 for Windows 7 and W2008 R2.
You can prevent the download/install if you use WSUS or ConfigMgr. For example, you can choose if you want to download serivce packs (or not) and you can choose to approve (or not) the service pack for all machines or groups of machines.
But maybe you use Windows Update directly or maybe you have a one-size fits all policy and you want to blog the install for a few machines? If so, you can use the blocker.
“A blocking tool is available for organizations that would like to temporarily prevent installation of Service Pack updates through Windows Update.
This tool can be used with:
- Windows 7 Service Pack 1 (valid for 12 months following general availability of the service pack)
- Windows Server 2008 R2 Service Pack 1 (valid for 12 months following general availability of the service pack)
This toolkit contains three components. All of them function primarily to set or clear a specific registry key that is used to detect and block download of Service Packs from Windows Update. You only need to use the component which best serves your organization’s computer management infrastructure.
- A Microsoft-signed executable
- A script
- An ADM template
- The executable creates a registry key on the computer on which it is run that blocks or unblocks (depending on the command-line option used) the delivery of a Service Pack to that computer through Windows Update. The key used is HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate.
When the ‘/B’ command line option is used, the key value name ‘DoNotAllowSP’ is created and its value set to 1. This value blocks delivery of a Service Pack to the computer through Automatic Update or Windows Update.
When the ‘/U’ command line option is used, the previously created registry value that temporarily blocked the delivery of a Service Pack to the computer through Automatic Update or Windows Update is removed. If the value does not exist on the computer on which it is run, no action is taken.
- The script does the same thing as the executable, but allows you to specify the remote machine name on which to block or unblock delivery of Service Packs.
Note that the executable and script have been tested only as a command-line tool and not in conjunction with other systems management tools or remote execution mechanisms.
- The ADM template allows administrators to import group policy settings to block or unblock delivery of Service Packs into their Group Policy environment. Administrators can then use Group Policy to centrally execute the action across systems in their environment.
Please note that this toolkit will not prevent the installation of the service pack from CD/DVD, or from the stand-alone download package. This simply prevents the service pack from being delivered over Windows Update.”
This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.
No related posts.