I often have a need to block updates for a group of specific systems. So far, I have only been able to block the patch entirely. In my current situation, I need to block KB5004238. This rolls up the out-of-band July 6 update that MS created to address Print Nightmare. However, MS decided to add a feature to block Adobe Flash. While, this is great in theory, it hurts those of us who support companies that still have business critical applications that require Flash. This means I need to block KB5004238 for a small group of computers for a client and make sure it gets deployed to all the other systems. Getting the previous update that got rolled up on those machines isn’t an issue. This also brings up that I need to block the initial Flash removal update that was released a while back for those same systems.
Related to this is that I need to approve patches for a group of systems sometimes, but I don’t want to approve them for all systems.
I have been unable to find out how to accomplish this. Please tell me this is possible and I just haven’t found the M to RTF. I have looked in the guides, but haven’t found what I’m looking for either. I really don’t want to have to write some PowerShell script to deal with this.
Thanks in advance.