我可以使用具有本地管理员权限的帐户手动/交互式运行此脚本,并且它可以正常工作,但是当我将其插入GPO启动脚本或通过SCCM部署时,没有任何反应。它只是打开控制台窗口然后关闭它 - MS更新仍然安装。
$PatchList = @("KB2553154","KB2899519","KB2910902","KB3008923","KB3012176","KB3013126")
function Remove-Update
{
$HotFixes = Get-HotFix
foreach ($HotFix in $HotFixes)
{
foreach ($KBID in $PatchList)
{
if ($KBID -eq $HotFix.HotfixId)
{
"Inside first if"
$KBID = $HotFix.HotfixId.Replace("KB", "")
$RemovalCommand = "wusa.exe /uninstall /kb:$KBID /quiet /norestart"
Write-Host "Removing $KBID from the target."
Invoke-Expression $RemovalCommand
break
}
if ($KBID -match "All")
{
$KBNumber = $HotFix.HotfixId.Replace("KB", "")
$RemovalCommand = "wusa.exe /uninstall /kb:$KBNumber /quiet /norestart"
Write-Host "Removing update $KBNumber from the target."
Invoke-Expression $RemovalCommand
}
if ($KBID -match "Security")
{
if ($HotFix.Description -match "Security")
{
$KBSecurity = $HotFix.HotfixId.Replace("KB", "")
$RemovalCommand = "wusa.exe /uninstall /kb:$KBSecurity /quiet /norestart"
Write-Host "Removing Security Update $KBSecurity from the target."
Invoke-Expression $RemovalCommand
}
}
while (@(Get-Process wusa -ErrorAction SilentlyContinue).Count -ne 0)
{
Start-Sleep 3
Write-Host "Waiting for update removal to finish ..."
}
}
}
}
Remove-Update
我知道使用GPO启动脚本或SCCM部署时,用于运行脚本的帐户是系统帐户。不确定是否会导致问题?
非常感谢任何建议。