Search the Community

Hello, I'm looking for a method to block an individual patch from being installed on one or few servers. I am currently using ADR's that as part of the search criteria, removes any updates that have a custom severity level. If I find a patch that I want to skip, I change the severity level on the individual patch and its prevented from being distributed according to my ADR. This works well if you want to prevent the patch from being deployed to all machines in the targeted collection, but what if you find a single patch causes problems on a single server? I believe with WSUS, you could block an individual patch from being installed on a single machine where with SCCM (2012R2) it does not appear so. Any thoughts on how to do this without creating separate server collections for every possible role/configuration we have? Also, is there a way to configure the client to not reinstall a patch that has been removed? It looks like the "Client Settings: Software Updates: Schedule Deployments re-evaluation" will check to make sure all the updates are installed and re-install them if something is missing. I don't see an option to turn off the re-evaluation so is this done someplace else? Thanks