Hotfixes are meant to cure problems, not create new ones. That said, almost all of us can remember a time when installing a hotfix fixed one thing and broke three others! When this happens, it's best to know ahead of time -- before you install -- what your options for backing out are.

1. Roll back by hand

The hotfixes and service packs Microsoft publishes for Windows come pre-equipped with their own rollback mechanisms that can be activated manually if the need arises. If you want to uninstall a given hotfix, here's the procedure for doing so.

  1. Set Explorer to show hidden and system files if you haven't already done so.
  2. Open the %SystemRoot% directory and look for a series of directories with the name $NTUninstallKBXXXXXX$, where XXXXXX is the Knowledge Base article number for the hotfix in question.
  3. Within that directory is another directory named spuninst.
  4. Inside spuninst is an executable named spuninst.exe. Run it, and the hotfix in question will be rolled back through a Wizard interface.
  5. If spuninst.exe doesn't work or is unavailable, type batch spuninst.txt. This executes a batch-file version of the same recovery options.

There are several disadvantages to this method. For one, it only works on one patch at a time (for instance, from the Recovery Console), so it's best for when a single patch seems to go south. Second, if you roll back a patch that replaces components that were themselves replaced by a patch added after that one, the results can be unpredictable. It's not something you can do with impunity.

More information:
  • Undo Windows patching mistakes
  • Best patch management practices
  • 2. System restore

    Windows also has a global mechanism for restoring settings and components to an earlier state. It's one most of us should be familiar with: System Restore. This method is something of a brute force way to move back to before a hotfix was installed. And it's slow -- it can take many minutes for a System Restore to complete -- but it covers absolutely everything that might have been touched by a hotfix.

    The bad news is that you cannot run System Restore from the Recovery Console -- at least not without a good deal of manual hacking -- but you can run an individual patch rollback as described before from the Recovery Console. For that reason, System Restore can really only be used when the system has been affected in some way but isn't wholly unbootable.

    3. Third-party software

    The most complete way of dealing with patch roll back is probably through a third-party package. Plenty of third-party software products exist for rolling a system back to an earlier state, with undoing changes made by patches as part of that.

    If you want to build a rollback policy into the way you handle and deploy patches, the best way to do that is through a deployment product that supports rollbacks -- not just on individual machines, but en masse where possible. Symantec LiveState Recovery (in both Desktop and Server editions) is one such application, as is Winternals Recovery Manager, a product from the same folks who give us the excellent SysInternals site and which uses an intelligent incremental algorithm to make rollbacks as painless and swift as possible.

    About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

    This was first published in February 2006

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.