We have 5000+ servers and need to hide the 2008R2 SP1 so that our users don't accidentally install the service pack. I can use PSEXEC, powershell, ect. Is there a way to do this from command line so that we don't have to use the gui on each of the 5000+ machines?
SnapOverflow
Microsoft released a tool for that purpose: Windows Service Pack Blocker Tool Kit.
Microsoft text: "A blocking tool is available for organizations that would like to temporarily prevent installation of Service Pack updates through Windows Update.
This tool can be used with: Windows 7 Service Pack 1 (valid through 2/22/2012) Windows Server 2008 R2 Service Pack 1 (valid through 2/22/2012)
This toolkit contains three components. All of them function primarily to set or clear a specific registry key that is used to detect and block download of Service Packs from Windows Update. You only need to use the component which best serves your organization’s computer management infrastructure. 1. A Microsoft-signed executable 2. A script 3. An ADM template "
Hope this helps, Cheers
You could use Group Policy to disable the Windows Update/Automatic Updates service or use Group Policy to prevent users from accessing Windows Update.