I have written some posts before on how to block updates if you build your images using MDT or SCCM for that matter and download the update using ZTIwindowsupdate.wsf directly from Internet instead of installing a dedicated WSUS which I always recommend, https://ccmexec.com/2013/09/tips-when-building-images-with-configmgr-2012-part-2/ I got a couple of questions on how to block .Net Framework 4.6.1 when building Windows 7 images.
On January the 26th .NET Framework 4.6.1 was released on Windows Update as a recommended update for Windows 7 and Server 2008 R2, If you build your images and install updates from Windows Update you will now get .NET Framework 4.6.1 installed.
You can block it using the normal way and block KB3102433 as shown below either in Customsettings.ini or as a Task Sequence variable in SCCM.
Or you can use the registry key to block the installation then .NET Framework 4.6.1 will not be installed after the image is deployed either. So in some scenarios that can be a good solution.. By running the following command in the Task Sequence before the ZTIWindowsUpdate.wsf step will block the installation. More information can be found here: https://support.microsoft.com/sv-se/kb/3133990
reg add “HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\WU” /v “BlockNetFramework461” /d “1” /t REG_DWORD /f
If you then want to enable the installation again and you mange your updates through WSUS or Configuration Manager you can remove the registry key in the task sequence after software updates are installed with the following command.
reg delete “HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\WU” /v “BlockNetFramework461” /f
Both solutions will do the job!