Hello,

You need and easy way to get an inventory list of software installed on a machine via Powershell. What we need for a list is:

DisplayName;DisplayVersion;Publisher

We have two version of the scripts:

Here is how to easily extract the most important information from a .REG export from the UNINSTALL Registry HIVE. We don't want to run the PS directly on the server or via the server because of compliance. So, you can export the Registry Hives from a server as a .REG file, transport them through valid methods to the management machine, and then generate a semicolon-separated list for Excel import.

At the bottom, you will find a version we made if you want to retrieve the info directly from the local machine and directly from the Registry Hives (Without the way over the .REG export) (32 and 64-bit Hives):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall

Output:

Here is the version which get the information direct from the local machine:

Hello,

You need and easy way to get an inventory list of software installed on a machine via Powershell. What we need for a list is:

DisplayName;DisplayVersion;Publisher

We have two version of the scripts:

Here is how to easily extract the most important information from a .REG export from the UNINSTALL Registry HIVE. We don't want to run the PS directly on the server or via the server because of compliance. So, you can export the Registry Hives from a server as a .REG file, transport them through valid methods to the management machine, and then generate a semicolon-separated list for Excel import.

At the bottom, you will find a version we made if you want to retrieve the info directly from the local machine and directly from the Registry Hives (Without the way over the .REG export) (32 and 64-bit Hives):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall

Output:

Here is the version which get the information direct from the local machine:

Introduction:

Event logs provide valuable insights into system operations, allowing IT professionals to monitor and troubleshoot potential issues. When dealing with Windows event logs, PowerShell is a powerful tool that enables event filtering, but it may not be everyone's preferred choice due to complexity and perceived security concerns. In this blog post, we will explore an alternative method - using the command-line filter of Event Viewer - to easily access Critical, Error, and Warning events from the Application log.

Advantages of the Command-Line Filter:

Familiarity: Many seasoned IT professionals prefer using a simple command-line approach they are familiar with, making it easier to find and work with event logs efficiently.

Accessibility: The command-line filter is available on all modern Windows operating systems, eliminating compatibility concerns.

Trustworthy: Since the command-line tool is a built-in Windows feature, there are no worries about third-party dependencies or security issues.

PowerShell Approach:

Before diving into the command-line filter, let's quickly review the PowerShell method. By leveraging the Get-EventLog cmdlet, one can filter events based on severity levels and display them in PowerShell console. The script would look like this:

Get-EventLog -LogName "Application" -EntryType Error, Warning, Information | Where-Object { $_.EntryType -eq "Error" -or $_.EntryType -eq "Warning" -or $_.EntryType -eq "Information" }

But we want it commandline style because most people with long term expierence are used to that tool/console to find and work.

eventvwr.exe /h

What? ;-)

Ok let's try:

Go to XML tab

Cut and paste into notepad

<QueryList>

<Query Id="0" Path="Application">

<Select Path="Application">*[System[(Level=1 or Level=2 or Level=3)]]</Select>

</Query>

</QueryList>

If you see this than all fine:

If you see this than you did not read 100% and checked all " > ' and the \ at the end or you try to

call together with /c:application (Channel) and Query (/f:)

Wrong sample:

Some Microsoft Links (One sample is wrong there and I did not understand what he tells at once and the eventvwr.exe /h is really nerdy? ;-)

https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/advanced-xml-filtering-in-the-windows-event-viewer/ba-p/399761

Some braindumps from trying to learn new M365 things. Automation of Blender with Power Automate Desktop. I have long experience in AUTOIT but wanted to try the MS solution for once.

If you Install Power Automate desktop the Menu, content and also the Commands are in the primary APP language you have under your Regional settings.

So even if you have a W10/W11 in UK/EN but Preferred Languages for APP and Websites set to another language it will be displayed in those settings.

Currently that makes it almost impossible to search anything smart on google or in TechNet because 90% of the content and help is in English.

There are also commands that you have to guess in Germans like "Go to" for Jumps. There are other commands in German which are so misleading compared to the English syntax.

Then because OCR sometimes works and next time we open the app NOT (Same Resolution, maximized Window) we tried a trick where we check OCR first in a loop.

Like in old basic days we will use GO TO but had a problem not finding the syntax in the German version of PA. After we switched the language we also found out

That the LABEL handling simply does not work?

The GO TO command related to Label seems a bit strange anyway buggy? Deleted label, made label new, Select GO TO the label does not appear there.

Delay, lag in Power Automate

Above Solution: 5 minutes later without saving, reload or any change the label appeared in the selection list?

The Power Automate Desktop is CLOUD based. If this works like its right it's impossible to professional use it because of lag and delay.

That is the same delay we have seen in M365 Portal. But for coding if you have such delay it makes it impossible to use.

We also had the case a few days where during a UI Windows Selection with only 4 APPS open the W10 normal 100% stable crashed complete.

The only solution was to reboot the client you could not even hung up process with taskmgr.exe or remote debug.

Clearly all changes to the Power Automate script (2 hrs of works) where lost because you can ONLY save the connect to the cloud and it does not auto save.

Deutsch

English

Solution:

How to backup Power Automate Content Local

Select ALL, COPY and Paste all into an Text Editor like notepad.exe

You don't have any of the data local

Enteo V6.X Master Referenz Paket (Screensaver/Locked/User Fragen), Version 1.1 vom 10.10.2010

Alle Binaries sowie ein Export des Projektes von Enteo V6.2 sind unter dieser URL zu finden:

http://www.ntfaq.ch/home.aspx?seite=enteo62_Referenz_Paket_Butsch_Informatik

http://www.butsch.ch

Was macht das Paket?

Dieses universelle Referenz Paket soll zeigen wie man in einer reellen Deployment Umgebung auf das Environment und die User eingehen kann.

Bei vielen Software Deployment fehlen diese Optionen obwohl Sie an sich Grundbausteine einer Software Verteilung sind. Dieses Beispiel soll einen

Anstoss in die richtige Richtung und als Ersatz für eine ein fehlendes Beispiel von Enteo dienen. Zielpublikum:

Desktop Engineer mit mehreren Jahren Deployment Erfahrung und Basis Kenntnissen in Enteo. Enteo Quer‐Einsteiger z.B. von SMS, SCCM,

Altiris oder z.B. Highsystem. Nicht geeignet für Supporter, welchen man aus Unwissenheit die Software Verteilung mal Testweise übergibt.

Finger weg und zurück an den IT‐Chef geben und bitten, dass er das Kapitel ITIL‐Risk Management und Recovery besser durchliest;‐)

Pflichtenheft an das Master Paket: Das Paket soll folgendes erfüllen….

‐     Abfragen ob der Screensaver aktiv ist > Denn dann wollen wir nicht installieren

‐     Ermitteln ob der Client gelockt ist > Denn dann wollen wir nicht installieren

‐     Es soll Abfragen ob ein User gerade arbeitet und angemeldet ist (Ev. Geht es nur dann?)

‐     Soll wissen wie es Enteo seitig kommt (Serviceinstaller oder Autoinstaller)

‐     Soll den User Fragen ob Sie das Update wollen oder man möchte diese nur laufen lassen, wenn jemand angemeldet ist (z.B. Green‐IT‐Oeko Shop ohne WOL und mit Stromleisten!)

 Das Master Paket wird anhand eines Beispiels erklärt. In diesem Falls das Deployment von Adobe Flash 10.1.85.3 vom September 2010.

Das Paket macht eine Migration des Flash Players auf die aktuelle Version. Desktop Deployment und IT ist Migration und Wandel.

Frisch installieren kann jeder und ist einfach! Darum wird in einer Präsentation nie eine Migration von Flash Player sonder immer nur eine frische Installation gezeigt.

Im Package Folder haben wir folgende Binary Files. Alle kann man bei uns downloaden.

Dies wird z.B. hier verwendet:

Einzelne Teile des Enteo Skriptes erklärt:

Hier kontrolliere ich mit "locked.exe" ob der Client gelockt/gesperrt ist. Da wir z.B. für eine Flash/Adobe Reader Upgrade offene Apps (Internet Explorer)

zumachen müssen soll dies NICHT passieren wenn der User Weg von seinem PC ist (CTRL‐ALT‐DEL gemacht).

Mit dem Enteo Befehl ExitPROCEX; "UNDONE" verlassen wir das Script. Das "UNDONE" sieht man dann z.B. bei den Policies in der Enteo Konsole.

Der Vorgang wiederholt sich einfach beim nächsten Enteo Intervall oder Start der Maschine spätestens wieder.

Fortigate Application Filter Certificate wrong/missing Entry sample for an important laptop driver (W10 Deployment fails because of signed Driver Revocation Lookup)

OR HOW a missing small ENTRY I a FORTIGATE FIREWALL IPS/APP filter can ruin your Windows 10 OS-Deployment work.

Reason: Missing entry in Fortigate Application Filter "ROOT.CERTIFICATE.URL" and "OCSP" source of failing deployment

Windows 10 Deployment with commercial Deployment Products (This includes HP client hardware, Microsoft SCCM, Landesk or Ivanti Frontrange).

During the Unattend phase the driver for MASS storage or NIC does a Certificate Revocation Lookup. However the as sample mentioned

URL pki.infineon.com (Hardware Driver URL, CRL FQDN) is missing in Fortiguard definitions. Thus the Fortigate does block the access to WAN. Since this is an early setup phase of W10, group Policy or special GPO do not pull at that moment.

Fortigate has already missed several PKI URL the last few months confirmed by ticket resulting in large trouble and delay on client and Server OS of customers who route their Client or Server traffic through Web proxy and because of security do not want to route computer account proxy traffic standard to the proxy.

Why this is so important. Why this is generating a lot of work and trouble for OS-Deployment teams.

The normal way in larger companies is that all outgoing traffic from client VLAN goes to Firewall which it blocks. All Web/Application/Socks traffic that should go outside goes to a Proxy, Web filter.

Because in early phase of Deployment those options are not set already and normally not needed. However if the driver is older than the Expiration of the Code Signing Certificate W7/W10 will check

The Certificate Revocation list from WAN/Internet. If that fails it may refuse to integrate the driver in Windows PE or early Windows Setup phase. If example this is a driver which

handels NIC (network) or mass Storage driver (Disk) they deployment can't run through this early process.

Workaround:

URL we need open in our sample: pki.infineon.com which prevents a complete Enterprise Deployment system to fail

Sample from Fortigate for other Certs they missed:

F-SBID( --name "Root.Certificate.URL_Custom"; --protocol tcp; --app_cat 17; --service HTTP; --flow from_client; --pcre "/(crl\.microsoft\.com|\.omniroot\.com|\.verisign\.com|\.symcb\.com|\.symcd\.com|\.verisign\.ne t|\.geotrust\.com|\.entrust\.net|\.public- trust\.com|\.globalsign\.|\.digicert\.com|crl\.startcom\.|crl\.cnnic\.cn|crl\.identrust\.com|crl\.thaw te\.com|crlsl\.wosign\.com|www\.d\-trust\.net)/"; --context host; --weight 15; )

In our case:

F-SBID( --name "Root.Certificate.pki.infineon.com"; --protocol tcp; --app_cat 17; --service HTTP; -- flow from_client; --pcre "/(pki\.infineon\.com)/"; --context host; --weight 15; )

Please also see:

Butsch.ch | The certificate is invalid for exchange server usage Exchange 2010 SAN/UC

https://www.butsch.ch/post/The-certificate-is-invalid-for-exchange-server-usage-Exchange-2010-SANUC

So you understand that this is a problem which persists over all firewall producers:

https://support.symantec.com/en_US/article.HOWTO9584.html

Symantec: About the Install Readiness Check for Certificate Revocation List access

https://success.trendmicro.com/solution/1058226

TEND MICRO: After upgrading OfficeScan, users complained that the server started to rename all files in the OfficeClient Directory to "_invalid".
Below is a sample list of files in the D:\app\Trend Micro\OfficeScan\PCCSRV\Admin directory:

Checkpoint:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108202

If there is no Internet connection, then CRL fetch and intermediate CA fetch will fail (this will be logged). The inspection will take place; however, URL-based or Category-based bypassing will not work.

Note: The CRL verifications are performed in the background asynchronously while matching the security policy (this mimics the behavior of the major web browsers).

Untrusted certificates and lack of CRLs can be configured as reasons to drop the connection

Mcafee:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25504/en_US/epo_530_pg_0-00_en-us.pdf

Powershell: List/Export Active Directory users UNDER certain OU incl. Home share

Searchbase = distinguishedName

How to find this out:

• Start Active Directory User and Computers Console
• Go to the OU you want to export and Right click > Attribute Editor
• Copy the distinguishedName into the script below behind search base
• Change your Domain controller behind Server

Searchbase = distinguishedName

Save Powershell as c:\edv\dump.ps1

Logon on to Domain Controller

Start Powershell

Run .\dump.ps1 from c:\edv folder (Notice the .\ infront of dump.ps1)

Internet Explorer, Group Policy, Gruppenrichtlinien, IE11 GPO Settings, PROXY Explained F5-F8

1. IE11 has to be installed so you see the IE10 Option
2. There is not IE11 Option > That's ok > Choose IE10 it will work fir IE11
3. You are on a SRV 2012 R2 or W8 to see this option or W7 with installed updated
4. You did try it always fails or you get too MUCH Gpo settings from the GUI Mode.

    

This is what we talk about and seems to make confusions. People set if with it and at the end did with HKCU keys.

You can configure the options with F5, F6, F7 and F8 keys from the GUI. Only choose the options you want to change.

ALL RED > Will not be touched (Like GPO Settings DEFAULT)

ALL GREEN > Will be touched or changed (Like GPO setting ENABLE/DISABLE) depending on the GUI if you have a checkbox selected or not.

GREEN = Stuff you want to change

RED = LEAVE IT at it is

Some sample settings

If you go back one step on the GPO Console and do an F5 / Refresh

You should only see the option which you marked GREEN with F7 or F8

Lets make a sample (That i don't want touched)

See forgot two things and not clear how to select under security

Back in GPO Console one step, Update F5, Refresh

The above mentioned is RED THUS Gone / Not touched

We recommend to enable a check if you DO Registry KEYS or such Settings with GPO and not deployment.

Make sure you have a WMI Filter to also capture IE11

Check out I11 LINKS:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

http://www.butsch.ch/post/Internet-Explorer-911-GPO-old-IE9-not-visible-WMI-checks.aspx

http://www.butsch.ch/post/IE11-Umsetzen-Unternehmensmodus-Enterprise-Mode.aspx

WMI Hotfixes to date 29.07.2015

During IE11 projects we have seen problems with some WMI and WUSA.EXE KB installations. It sometimes seems that the WMI provider

who offers that info hangs or is out of date. Even with some command to refresh it0s stuck. This is a list of Hotfixes we found in that direction

For Existing Windows 7 64BIT Deployments with SP1.

IE11patch Infos:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

YES = Installs on W7 SP1 64BIT with all Updates from WSUS do date 29.07.2015

NO = Does not install on same system

001 (YES)

https://support.microsoft.com/en-us/kb/2705357

2705357

Windows6.1-KB2705357-v2-x64.msu

002 (YES)

http://support.microsoft.com/kb/2692929

2692929

Windows6.1-KB2692929-x64.msu

003 (YES but choose 2617858)

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7

http://support.microsoft.com/kb/2465990

2465990 > SUPERSEEDED > Replaced by > 2617858 (https://support.microsoft.com/en-us/kb/2617858)

2465990 > Windows6.1-KB2465990-v3-x64.msu (Older)

2617858 > Windows6.1-KB2617858-x64.msu (Newer, Superseeds the old one)

004 (YES)

https://support.microsoft.com/en-us/kb/2492536

2492536

Windows6.1-KB2492536-x64.msu

005 (NO)

https://support.microsoft.com/en-us/kb/982293

982293

Windows6.1-KB982293-x64.msu

Connect to SQL Internal WSUS Datbase on diffrrent OS:

Auf 2003:    \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query
Auf 2012R2: \\.\pipe\microsoft##WID\tsql\query

Missing "SelfUpdate" in Default Website when running WSUS under 8530

To make sure that the self-update tree is working correctly, first make sure that there is a Web site set up on port 80 of the WSUS server. You must have a Web site that is running on port 80, even if you put the WSUS Web site on a custom port. The Web site that is running on port 80 does not have to be dedicated to WSUS. WSUS uses the site on port 80 only to host the self-update tree. After verifying the Web site on port 80, you should run the WSUS script to guarantee a correct configuration of self-update on port 80. Open a Command prompt on the WSUS server and type the following:

cscript  WSUSInstallDirectory \setup\installselfupdateonport80.vbs (WSUSInstallDirectory is the directory in which WSUS is installed).

For more information about SelfUpdate, see Issues with Client Self-Update on Microsoft TechNet or download the Windows Server Update Services 3.0 SP2 Operations Guide from the Microsoft Download Center.

Sample from WSUS Server running under Server 2008R2 on Port 8530

Wrong WSUS:

Missing Virtual Directories under the "Default Web Site"

Correct:

Fix the self-update virtual directory on port 80:

C:\>cd "Program Files"

C:\Program Files>cd "Update Services"

C:\Program Files\Update Services>cd setup

C:\Program Files\Update Services\setup>cscript installselfupdateonport80.vbs

Missing ASPNET_Client Folder in WSUS

Reset ASP-NET in IIS

Remove: aspnet_regiis –u

Install: aspnet_regiis -u

http://technet.microsoft.com/en-us/library/cc708545(v=ws.10).aspx

Make sure you install this Update for WSUS 3.0 SP2

An update for Windows Server Update Services 3.0 Service Pack 2 is available

• Öffnen Sie cmd.exe im erhöhten Modus auf dem Windows-Client.
• Geben Sie die folgenden Befehle ein.
  
  Net Stop wuauserv
  
  RD/s %windir%\softwaredistribution\
  
  Net start wuauserv

http://support.microsoft.com/kb/2720211

Check the WSUS Server with wsusutil.exe

C:\Program Files\Update Services\Tools>wsusutil.exe

Windows Server Update Services-Verwaltungsdienstprogramm. Versuchen Sie Folgendes:
        wsusutil.exe help checkhealth
        wsusutil.exe help configuressl
        wsusutil.exe help configuresslproxy
        wsusutil.exe help deletefrontendserver
        wsusutil.exe help listinactiveapprovals
        wsusutil.exe help removeinactiveapprovals
        wsusutil.exe help export
        wsusutil.exe help healthmonitoring
        wsusutil.exe help import
        wsusutil.exe help listfrontendservers
        wsusutil.exe help movecontent
        wsusutil.exe help reset
        wsusutil.exe help usecustomwebsite
        wsusutil.exe help listunreferencedpackagefolders

DB slow, unstable console, Check WSUS SQL Database (Internal)

http://blogs.technet.com/b/gborger/archive/2009/02/27/exploring-the-wsus-windows-internal-database.aspx

http://technet.microsoft.com/en-us/library/dd939795(v=ws.10)

http://gallery.technet.microsoft.com/scriptcenter/6f8cde49-5c52-4abd-9820-f1d270ddea61

http://social.msdn.microsoft.com/Forums/sqlserver/en-US/67448f5f-0135-4605-901a-defc76894dbe/sqlcmd-command-not-working

http://blogs.technet.com/b/sus/archive/2008/07/15/wsus-how-to-migrate-your-wsus-windows-internal-database-to-sql-server-2005-express-edition.aspx

WsusDBMaintenance.sql (4.64 kb)

WsusDBMaintenance.sql

http://go.microsoft.com/fwlink/?LinkId=87027

sqlcmd -S np:\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -i c:\edv\WsusDBMaintenance.sql

2012 R2 erscheint nicht im WSUS sondern unter 6.1

Installieren 2 Hotfixe auf 2003 R2 WSUS 3.0

1. http://support.microsoft.com/kb/2720211
2. http://support.microsoft.com/kb/2734608
3. Cleanup SQL script laufen lassen (Achtung die Funktion COPY CODE nicht benutzen!)
4. Cleanup Wizard im WSUS selber laufen lassen

    

http://www.vmwareandme.com/2014/03/Solved-Windows-8.1-Shows-as-Windows-6.3-in-WSUS-SP2.html#.UzQlt2pbDAV

Command Line Options fuer WSUS Client

The following are the command line for wuauclt.exe

http://technet.microsoft.com/en-us/library/cc708617(ws.10).aspx

Most used:

wuauclt.exe /reportnow

wuauclt.exe /reportnow /detectnow

wuauclt.exe /UpdateNow

wuauclt.exe /resetauthorization /detectnow

Client Version XP/W7:

/AutomaticUpdates
/DemoUI
/IdleShutdownNow
/ShowOptions
/ShowWUAutoScan
/UpdateNow
/SelfUpdateUnmanaged
/SelfUpdateManaged
/CloseWindowsUpdate
/ShowWindowsUpdate
/ShowWU
/ResetEulas
/ResetAuthorization
/ShowSettingsDialog
/RunHandlerComServer
/ReportNow
/DetectNow

2003R2 Server version:

/DetectNow
/ReportNow
/RunHandlerComServer
/RunStoreAsComServer
/ShowSettingsDialog
/ResetAuthorization
/ResetEulas
/ShowWU
/ShowWindowsUpdate
/SelfUpdateManaged
/SelfUpdateUnmanaged
/UpdateNow
/ShowWUAutoScan
/ShowFeaturedUpdates
/ShowOptions
/ShowFeaturedOptInDialog
/DemoUI

Most of these options don't give any noticable response, but that may be because of the state of the service. The command 'wuauclt /ResetAuthorization /DetectNow' worked for me right away.

Batch to Reset WSUS client

gpupdate

net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow

Windows Update Client Stuck on Server

 Windows Update Client Stuck on Server

1) Als erstes wuauclt.exe /resetauthorization /detectnow

Reboot des Server und Kontrolle ob es schon geht.

2) Siehe http://support.microsoft.com/kb/555175/en-us

3) Loeschen der Registry Keys:

• HKEY_LOCAL_MACHINE\COMPONENTS\PendingXmlIdentifier
• HKEY_LOCAL_MACHINE\COMPONENTS\NextQueueEntryIndex
• HKEY_LOCAL_MACHINE\COMPONENTS\AdvancedInstallersNeedResolving

4) Loeschen der Datei pending.xml in Ordner %systemroot%/winsxs

Missing or corrupt WSUS Console.

Check the File "wsus" in Profile:

C:\Dokumente und Einstellungen\admin.butsch\Anwendungsdaten\Microsoft\MMC

-------------------------------------------------------------------------------------------

BATCH to Full reset alls WSUS clients components:

-------------------------------------------------------------------------------------------

@echo off
cls
@echo Please read:
@echo -----------------------------------------
@echo:
@echo This totally resets all of your Windows Update Agent settings.
@echo:
@echo Many times, the computer will do a full reset and will not be able to
@echo install updates for the rest of the day. This is so that the server
@echo does not get overutilized because of the reset.
@echo:
@echo If you don't receive any updates after this script runs, please
@echo wait until tomorrow.
@echo:
@echo Re-running this script will reset the PC again and it will have
@echo to wait again.
@echo:
PING 1.1.1.1 -n 1 -w 30000 >NUL
cls
net stop bits
cls
net stop wuauserv
cls
regsvr32 /u wuaueng.dll /s
cls
@echo Deleting AU cache...
del /f /s /q %windir%\SoftwareDistribution\*.* del /f /s /q %windir%\windowsupdate.log
cls
@echo Registering DLLs...
regsvr32 wuaueng.dll /s
REGSVR32 MSXML.DLL /s
REGSVR32 MSXML2.DLL /s
REGSVR32 MSXML3.DLL /s
regsvr32.exe %windir%\system32\wups2.dll /s
regsvr32.exe %windir%\system32\wuaueng1.dll /s
regsvr32.exe %windir%\system32\wuaueng.dll /s
regsvr32.exe %windir%\system32\wuapi.dll /s
%windir%\system32\regsvr32.exe /s %windir%\system32\atl.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\jscript.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\msxml3.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\softpub.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuapi.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng1.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wucltui.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wups.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuweb.dll
cls
@Cleaning registry...
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
cls
net start bits
cls
net start wuauserv
cls
@echo Checking in...
@echo:
@echo It's possible the server will not release the updates in
@echo just one session, so it's ok if this script does not immediately
@echo install updates.
@echo:
@echo This is due to the full reset on this PC. Just let it be for a few
@echo hours and updates should resume as normal.
wuauclt.exe /resetauthorization /detectnow
PING 1.1.1.1 -n 1 -w 30000 >NUL
cls
@echo Script has completed. Please restart your PC.
@echo:
PING 1.1.1.1 -n 1 -w 30000 >NUL
exit
-------------------------------------------------------------------------------------------