Hotfixes are meant to cure problems, not create new ones. That said, almost all of us can remember a time when installing a hotfix fixed one thing and broke three others! When this happens, it's best to know ahead of time -- before you install -- what your options for backing out are.
1. Roll back by hand
The hotfixes and service packs Microsoft publishes for Windows come pre-equipped with their own rollback mechanisms that can be activated manually if the need arises. If you want to uninstall a given hotfix, here's the procedure for doing so.
- Set Explorer to show hidden and system files if you haven't already done so.
- Open the %SystemRoot% directory and look for a series of directories with the name $NTUninstallKBXXXXXX$, where XXXXXX is the Knowledge Base article number for the hotfix in question.
- Within that directory is another directory named spuninst.
- Inside spuninst is an executable named spuninst.exe. Run it, and the hotfix in question will be rolled back through a Wizard interface.
- If spuninst.exe doesn't work or is unavailable, type batch spuninst.txt. This executes a batch-file version of the same recovery options.
There are several disadvantages to this method. For one, it only works on one patch at a time (for instance, from the Recovery Console), so it's best for when a single patch seems to go south. Second, if you roll back a patch that replaces components that were themselves replaced by a patch added after that one, the results can be unpredictable. It's not something you can do with impunity.
2. System restore
Windows also has a global mechanism for restoring settings and components to an earlier state. It's one most of us should be familiar with: System Restore. This method is something of a brute force way to move back to before a hotfix was installed. And it's slow -- it can take many minutes for a System Restore to complete -- but it covers absolutely everything that might have been touched by a hotfix.
The bad news is that you cannot run System Restore from the Recovery Console -- at least not without a good deal of manual hacking -- but you can run an individual patch rollback as described before from the Recovery Console. For that reason, System Restore can really only be used when the system has been affected in some way but isn't wholly unbootable.
3. Third-party software
The most complete way of dealing with patch roll back is probably through a third-party package. Plenty of third-party software products exist for rolling a system back to an earlier state, with undoing changes made by patches as part of that.
If you want to build a rollback policy into the way you handle and deploy patches, the best way to do that is through a deployment product that supports rollbacks -- not just on individual machines, but en masse where possible. Symantec LiveState Recovery (in both Desktop and Server editions) is one such application, as is Winternals Recovery Manager, a product from the same folks who give us the excellent SysInternals site and which uses an intelligent incremental algorithm to make rollbacks as painless and swift as possible.
About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!
This was first published in February 2006