Turn Back Time with Windows Known Issue Rollback
There are times when we all wish we had the ability to turn back time to undo a mistake. This is certainly the case for Windows support teams that have had to deal with a sudden surge of help desk calls due to the havoc created by a recent non-security bug fix in a recent Windows update. The traditional way to remediate such an issue has been to uninstall the update, a time-consuming process that overstretched IT personnel don’t have time for. How great it would be if there were a way to simply roll back to the prior state up the update by implementing a single policy.
Known Issue Rollback (KIR)
Microsoft released Known Issue Rollback (KIR) beginning with Windows 10, version 2004. Its purpose is to improve support for non-security bug fixes and make life a little easier for internal IT by rolling back the undesired changes of an update. KIR starts at the code level as every non-security bug fix retains the old code while adding the fix on top of that. Fixes are enabled by default, thus disabling the old code. A KIR policy, however, can disable the fix however and revert the OS back to the old code-path, problem averted.
Now, when Microsoft determines that a non-security update has an issue, it generates a KIR to roll it back. Microsoft’s goal is to deploy a KIR within 24 hours of identifying the root cause of a reported problem so that most users are never exposed to the bug. For non-enterprise users, the process is completely automated, requiring them to do nothing. In many cases the KIR will be implemented prior to the download being installed. End users that have installed the update will be prompted to reboot their machines.
KIR and the Enterprise
The process is a little more involved for enterprise customers. In this case, Microsoft releases a policy definition MSI file that admin teams can deploy using Group Policy (an Intune solution reportedly on its way). These KIR policy definitions have a limited lifespan of only a few months as the aim for Microsoft is to quickly address the issue through a new update. KIRs are announced by Microsoft through Windows Update KB articles and listed on the Known Issues list located on the Windows Health Release Dashboard where you can find a link to download the MSI.
Creating a KIR Group Policy
Once downloaded, simply run the MSI which will install the ADMX/ADM template files into the local store at C:\Windows\PolicyDefinitions as is shown in the screenshot below:
You can use the Local Group Policy editor to create a KIR policy for the local machine. To deploy the policy to multiple machines across your domain, you will need to copy the files to your central store located in your SYSVOL folder. Be sure to include the ADML template file located in the EN-US folder.
In this example I am using a KIR that was released last year for Windows 10 version 2004. I first made a GPO using the Group Policy Management Console and named it KIR Issue 001. Then go to Computer Configuration > Administrative Templates > and select the KB rollback issue listed as shown below.
Then open the policy setting and choose Disabled.
You can create a WMI filter to specifically target machines running the designated Windows version. This is done in the Group Policy Management Console by right-clicking WMI Filters and selecting New. Name the filter something like “Apply to all Windows 10, version 2004 devices.” Then insert the following string:
SELECT version, producttype from Win32_OperatingSystem WHERE Version = "10.0.19041"
The screenshot below shows the newly created WMI. You can find out the build number of your Windows version here
Now go back and highlight the GPO you just created and look for the WMI Filtering section at the bottom where you will select the appropriate filter. You can also use a third-party solution such as PolicyPak to for granular filtering as well.
KIR is a recent Windows servicing technology that can help you escape from the nightmare of a Windows update bug-fix gone bad. This is also a good example of why you should manage your Windows updates using Windows Update for Business that gives you greater management control over when and how updates are implemented throughout your enterprise.