We use WSUS on our LAN. We have to complete some testing before I can let users upgrade to IE 9.
I would like to block it prevent it from being auto-installed until testing is complete.
The Microsoft document here refers me to KB 946202.
However, the information in KB 946202 seems dated and vague. Basically it tells you to disallow automatic approval of Update Rollup packages.
I have the following questions:
- Is there a better way to block IE 9 using WSUS?
- Will turning off auto-approval of Update Rollups block IE 9? I never would have guessed that a browser upgrade is an “Update Rollup.”
- What other effects will this have? Will we be missing other important updates?
Yes, temporarily disabling Update Rollups is the way to do it.
You won't really be missing out on anything - it will still download the update rollups metadata, it just won't automatically approve them. Once the IE9 metadata has downloaded to your WSUS server, you can switch the auto-approval of update rollups back on if you so desire (personally the only thing I auto-approve is definition updates though).
It won't block Internet Explorer 9, per se but what it will allow you to do is either approve it for a subset of users (a test group for example) or just leave it unapproved for the time being until you do decide to deploy it.
Try selecting the specific IE9 package/update and setting it to Not Approved.
It's also possible to deploy a registry key using a startup script to disable Internet Explorer 9.
Under
HKLM\Software\Microsoft\Internet Explorer\Setup\9.0
create a key calledDoNotAllowIE90
and set it to 1 for blocked and change it to 0 to unblock it.Source