Here’s a simple proactive remediation script to assist you with removing Windows 10 21H2.
The first question might be why? If your Windows 10 devices get offered a feature update you didn’t want them to, due to misconfiguration of the feature update preview set up for example, you may find that you want to bring the devices back in line with company policy to the baseline they should have been on.
Rather than run through the process of setting up the proactive remediation, I suggest you take a look at my post on Using Proactive Remediations to remove Google Chrome.
For this blog post, I’m just going to show you the code to achieve the remediation, you could easily adopt the code for any other Windows 10 baseline.
Note though that this will work for devices upgraded via an Enablement Package only.
Detection
try
{
$WinVer = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" | Select-Object -ExpandProperty CurrentBuild
if ($WinVer -eq '19044') {
Write-Host "Windows 10 21H2 installed"
exit 1
}
else {
#No remediation required
Write-Host "Windows 10 21H2 not installed"
exit 0
}
}
catch {
$errMsg = $_.Exception.Message
Write-Error $errMsg
exit 1
}Remediation
$SearchUpdates = dism /online /get-packages | findstr "Package_for"
$updates = $SearchUpdates.replace("Package Identity : ", "") | findstr "KB5003791"
DISM.exe /Online /Remove-Package /PackageName:$updates /quiet /norestartI hope you find the code useful.
SCCMentor - Paul Winstanley 