You might want to remove Windows updates from the list of available updates in PE patch management and/or
puppetlabs-patching_as_code; the best way is to manage Windows patching by creating an auto-approval rule in WSUS which allows you to remove updates from the list. At this point, you can point clients directly at Windows Update for patching.
Note: We cannot troubleshoot third-party software.
However, if you can’t use WSUS, you can hide Windows updates on Windows agents using PowerShell commands.
Version and installation information
PE version: All supported versions
Hide KB updates by completing the following steps with elevated privileges on affected Windows nodes in PowerShell.
- Install the PowerShell
PSWindowsUpdatemodule by running
- Show the available updates by running
- To hide an update, run
Hide-WindowsUpdate -KBArticleID <KBNUMBER>where KBNUMBER is the KB update you’d like to hide. For example,
Hide-WindowsUpdate -KBArticleID KB5007206
- To refresh the list of updates, reboot.
During the next puppet run, the KB update you specified is omitted from the list of available updates in the
pe_patch section of the agent’s facts.
To make the process easier, you can script these steps and add them as a task in Puppet Enterprise that accepts a KB number as a parameter.