Well, yesterday Microsoft announced that KB 2823324 was causing some machines to BSOD and has recommended everyone to uninstall this hotfix. They outlined a few options such as:

  • Option 1: Manually uninstall the Security Update
  • Option 2: Incorporate a command line uninstall in a custom script
    wusa.exe /uninstall /kb:2823324 /quiet /norestart
  • Option 3: Run removal script remotely by using PSEXEC
    Psexec -d -s \\remotemachine wusa.exe /uninstall /kb:2823324 /quiet /norestart

While those work fine, I wanted to do all machines with a single command. Well, if you remember I wrote a PowerShell script to check for installed KBs. Well, I have modified that script and present to you the Windows Automatic Update Remover. It works under the same premise as waucheck except that it leverages psexec and Windows Update Standalone Installer (wusa) to do the uninstall for you.

I have moved the waucheck.ps1 and added the new wauremove.ps1 to my github repository.

Command line usage for wauremove.ps1 is:

.\wauremove.ps1 -kbs 2823324 -psdir "C:\downloads\pstools\psexec.exe"

Note, you must specify a path to psexec using the psdir parameter! This will scan your entire domain. If it finds the specified KB it will issue the command:
[path to psexec.exe] -d -s \\[pcname] cmd /c "wusa.exe /uninstall /kb:[kb] /quiet /norestart"

It’s important to know that if you have the wusa.exe that is older than November 20, 2010, it does not have the /kb switch and this won’t work. You will have to either update wusa or uninstall manually.

So, please check out my GitHub repository for wauscripts and leave your feedback on twitter @Ben0xA or in the comments below!

Share →