Can we selectively install Windows Updates with Ansible

[Dinesh Vashisht]

Hello Team,

I am using win_updates module in playbook with Ansible Version 2.4.2.0.

Have a requirement for Automation of Windows Security and Roll-up updates patching, therefore categories selected are: SecurityUpdates, UpdateRollups. Patches identified are:

• 2018-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Server 2012 for x64 (KB4055265)
  
• 2018-04 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4093123)
  
• Windows Malicious Software Removal Tool x64 - April 2018 (KB890830)
  

How can we skip installing updates for .NET Framework, because according to the previous experience it broke the application installed on server being patched.

Thank you,

Dinesh Vashisht

[Jordan Borean]

Hi

With Ansible 2.5 you can now select a blacklist of updates to skip when running the task. An example can be seen on the module documentation page http://docs.ansible.com/ansible/latest/modules/win_updates_module.html. Another way of doing it if you have a WSUS setup is to not approve the updates for any server that shouldn't have them.

Thanks

Jordan

[AV Vinay]

Hi Team,

Got similar requirement & would like to run win_update to patch windows system.

I see its failing with error : 0x80240034 to install .net framework updates.

See its trying to update : KB5021085 & per this : https://support.microsoft.com/en-us/topic/december-13-2022-kb5021085-cumulative-update-for-net-framework-3-5-4-7-2-and-4-8-for-windows-10-version-1809-and-windows-server-2019-126b52f6-aefc-420e-80ff-6c01662367e2

, it is expected to " This update will be downloaded and installed automatically from Windows Update.".

But is not the case. Do we have way around to fix/handle this scenario please?.

Thanks, Vinay