Modify, Delete, and Decline Third-Party Updates in WSUS with Patch My PC
You can view, delete, decline, and show applicability rules, much more for third-party updates within WSUS using the modify published updates wizard.
The modify published updates wizard can help perform various actions on third-party updates that are published to WSUS. The wizard can be accessed with the button shown below in the Options window that can be opened from the Updates tab in the Publisher.
Topics covered in this article:
- Filter Selections for Published Updates
- Show Only Updates for Not Enabled Products
- Available Actions to Perform on Published Third-Party Updates
Open the Modify Published Updates wizard in the Options window found in the updates tab.
Filter Selections for Published Updates
Once all updates have loaded, you can easily filter the list of published updates.
You can filter updates by the vendor, declined status, expired status, or metadata status.
Show Only Updates for Not Enabled Products
The checkbox to Show Only Updates for Not Enabled Products allows you to show any updates published from the Patch My PC’s catalog that isn’t currently enabled in the Updates tab.
Available Actions to Perform on Published Third-Party Updates
There are a variety of actions that are available for published third-party updates within WSUS.
The re-sign update will allow you to re-sign an already published update with a new WSUS Code-Signing Certificate. Re-signing can be helpful if your WSUS Code-Signing certificate expired and timestamping was disabled. Important: If timestamping is enabled (enabled by default), clients would still trust updates signed after the certificate’s expiration date.
This option will decline the third-party update in WSUS. When a third-party update is declined, clients will no longer scan against the third-party update. After an update is declined and a software update point sync is performed, the update will show as expired in the Configuration Manager console.
This option will revert the declined status in WSUS. Clients will start to scan against this update, and the status will show as normal in Configuration Manager after the next software update point sync.
This option will completely delete the update from the WSUS database. We don’t recommend deleting an update if the product for the update is still enabled for publishing.
The delete update button is not enabled by default because it can cause hash issues if an update is deleted, and that product is still enabled, causing the same UpdateID to be republished. If you have a scenario to delete updates, such as cleaning up vendors from WSUS you can enable the button using the value below:
REG ADD “HKLM\SOFTWARE\Patch My PC Publishing Service” /v EnableDeleteUpdates /t REG_DWORD /d 1 /f
Show in WSUS
This option will configure the update to show directly in the WSUS console. By default, third-party updates aren’t visible directly in the WSUS console, and if you are using configuration manager, they don’t need to be visible. This option can be helpful when using standalone WSUS for updates.
Hide in WSUS
This option will configure the update to not show in the WSUS console. By default, third-party updates aren’t visible directly in the WSUS console.
Show Applicability Rules
This option can be helpful if you are troubleshooting the update detection states on a device. When clicked, you will be able to see the applicability for the installable and installed logic for the update.
This option will show more advanced details about the published updates in WSUS. This may be helpful for more troubleshooting scenarios.
This option will open a a window and allow you to save the WSUS content for the specified update in the selected location. Update content is saved as a .cab file in the selected extraction folder.