The Microsoft Update Health Tools appears to be an optional add-on which helps Windows do updates. Beyond that all of my searching has come up with vagueness. But Microsoft recommends it and often installs it without informing us, so probably it helps fairly often.
Microsoft Update Health Tools comes in KB4023057. To install KB4023057, we can use PSWindowsUpdate:
www.business.com/articles/install-windows-patches-powershell/
Here’s a complete run-anywhere command paste for preparing to use the module:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
set-executionpolicy bypass -scope process -force
# Get repository
If (-not (Get-PSRepository -Name PSGallery)) {
Register-PSRepository -Default |& Out-Null
}
# Get latest version of package provider
$NuGetLatest = (Get-PackageProvider -ListAvailable -Name NuGet).Version
# Get version of currently installed package provider
$NuGetInstalled = (Get-PackageProvider -Name NuGet -Force).Version
If ($NuGetLatest -ne $NuGetInstalled) {
Install-PackageProvider -Name NuGet -Force
}
If (Get-InstalledModule -Name PsWindowsUpdate) {
Update-Module -Name PSWindowsUpdate -Force
} Else {
Install-Module -Name PSWindowsUpdate -AllowClobber -Scope CurrentUser -Force
}
Import-Module PSWindowsUpdate
and the command for just KB4023057:
Install-WindowsUpdate -KBArticleID KB4023057
PSWindowsUpdate is a very interesting module all by itself, it can do lots of things, e.g., install all updates available from Microsoft. Another nice function is:
Reset-WUComponents
To get a full list of functions:
Get-Command -Module PSWindowsUpdate
Get-Help works for all of them.
One can install all updates available from Microsoft, though this can be dangerous, there are huge ones and drivers and BIOS too. So this simple command won’t be here :-)
To just see the list of available updates:
Get-WindowsUpdate
To install all available updates except one KB:
Install-WindowsUpdate -AcceptAll -NotKBArticleID KB000000
and except a list (here of two) KBs:
Install-WindowsUpdate -AcceptAll -NotKBArticleID "KB000000,KB000001"
where KB000000 is a KB to be excepted. There’s also -NotCategory and -NotTitle for items without KB articles.
Categories:
Windows Installer, Updates, Patching
Windows OS-Level Issues
As of very recently, Intel has divided its NIC support installs into two steps, one being driver, and the other being PROset, software which supports the driver and the hardware. Both are recommended. Here is the page for Windows 10:
www.intel.com/content/www/us/en/download/18293/intel-network-adapter-driver-for-windows-10.html
Categories:
Network Hardware & Drivers
Windows OS-Level Issues
When trying to get SVI contents out and vssadmin and diskshadow don’t work, this may:
wmic
(then it its own command prompt) shadowcopy delete
It will require “Y” and “Enter” to be pressed, it will do one at a time. One can also have it delete all noninteractively:
wmic shadowcopy delete /nointeractive
and in Powershell, one can run that noninteractive as a job:
Start-Job -ScriptBlock { wmic shadowcopy delete /nointeractive }
Categories:
VSS
Windows OS-Level Issues
Categories:
Windows OS-Level Issues
If group policy cache is clear, group policy bugs are ironed out, and you still see bad/nonfunctional printers forcibly recreated and/or print-over-RDP doesn’t work, try this (you’ll need psexec) in administrative CMD:
psexec.exe -s reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider" /f
psexec.exe -s reg delete "HKLM\SYSTEM\CurrentControlSet\Enum\SWD\PRINTENUM" /f
psexec.exe -s reg add "HKLM\SYSTEM\CurrentControlSet\Enum\SWD\PRINTENUM"
psexec.exe -s reg delete "HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{0ecef634-6ef0-472a-8085-5ad023ecbccd}" /f
psexec.exe -s reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{0ecef634-6ef0-472a-8085-5ad023ecbccd}"
Any SMB-mapped printers will be deleted or grayed, IP direct printers will remain.
Categories:
Printers & Printing
Windows OS-Level Issues
There is a built-in, hidden, “Ultimate Performance” power scheme in Windows 10, 11, and probably others:
powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61
Does not include everything in a page on this site, but integration will follow soon :-)
Categories:
Performance
Windows OS-Level Issues
Do these in order:
SFC /scannow
DISM /Online /Cleanup-Image /CheckHealth
DISM /Online /Cleanup-Image /ScanHealth
DISM /Online /Cleanup-Image /RestoreHealth
These fix a very large number of issues, 8.1/2012R2 and later. If SFC fails, run it again last, DISM sometimes has to repair the SFC component store. And occasionally, after SFC’s component store has been fixed and SFC rerun, the DISMs need to be done again for completion.
Categories:
Windows OS-Level Issues
Cleanup
Sometimes IPv6 networking goes haywire, on a PC, server, or even a whole network. Machines are there, ping may happen or not, but one, some, or all of them just insist on using oddball IPv6 IPs to connect to each other, even though nothing has been changed voluntarily. Given that even after all these years there still are no useful IPv6 blacklists on the Internet, and given the excellent methods in place to use IPv4, we see no need for IPv6 at this time.
But Microsoft does insist on using IPv6 inside its operating systems, so we must keep it running; disabling v6 does harm in a Microsoft environment. The following is Microsoft’s recommendation to instruct Windows to prefer IPv4, which does eliminate the above issue. One adds a DWORD here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\
named DisabledComponents. Hex value 20, binary 32. Then reboot.
A quick way to do the registry add, in administrative CMD:
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 32
Still you’ll need to reboot to get it to take effect.
The info is from this reference.
Categories:
Windows OS-Level Issues
IPv6
Categories:
Windows OS-Level Issues
It is very possible. Here is a good way.
Windows 2008 Backup Reporting by Email
I Prepare the script.
The purpose of the script is to actually send the email. We don’t use any built-in email capability, because to do so would make configuration much more complicated. The full text of the script is at the end of this document (as section III). You will need to modify the values for EmailSubject and EmailBody to match the site at which the server is located, and put this modified copy in a good safe location on the server.
The script is pre-configured for gmail. For other ISPs you may need to modify the TCP/IP email port number and/or turn SSL off.
This example will use the location “C:\0DCST\bin”, and the script file name “ReportBackupFailureByEmail.vbs”.
II Insert the script into the Task Scheduler.
1. Open up Task Scheduler, and view the Task Scheduler Library.
2. Select Create Task… under Actions. This gets you here:
Enter a name and description for your new task. Be sure to select the option to “Run whether user is logged on or not” to ensure the task still runs after you log out.
3. Click on the Triggers tab and click on New. Select “On an Event” from the drop down. Choose “Custom” under Settings.
4. Click on “New Event Filter…”. Then, choose as follows:
Select all of the event levels except “Information” and Verbose”. Then select “By log”. In the Event Logs dropdown, open Applications and Services Logs, then Microsoft, then Windows, then Backup, and choose Operational.
Once your end result looks like this:
press OK.
5. Head over to the Actions tab and select “New…”. For this example, the following is correct:
Press OK and OK, put in your authentication, and you’re done!
III The Script:
''''''''''''''''''''''''''''''''''
' Report Backup Failure by Email '
''''''''''''''''''''''''''''''''''
' Script version 1.0
' Needs to be run by Task Manager, triggered by appropriate events
' Modify lines below only to fit site, server, and email configuration
ServerName = "SERVERNAME"
SiteName = "SITENAME"
Const EmailFrom = "emailfrom@gmail.com"
Const EmailFromName = "From Name"
Const EmailTo = "emailto@domain.xyz"
Const SMTPServer = "smtp.gmail.com"
Const SMTPLogon = "emailfrom@gmail.com"
Const SMTPPassword = "gmailpassword"
Const SMTPSSL = True
Const SMTPPort = 465
' Do not modify anything further below
EmailSubject = ServerName & ": Windows 2008 Backup has failed"
EmailBody = "A failure of Windows 2008 Backup has been recorded " & _
"at site " & SiteName & " on server " & ServerName & ", " & _
"on " & Date & ", " & Time & " ."
Const cdoSendUsingPickup = 1 'Send message using local SMTP service pickup directory.
Const cdoSendUsingPort = 2 'Send the message using SMTP over TCP/IP networking.
Const cdoAnonymous = 0 ' No authentication
Const cdoBasic = 1 ' BASIC clear text authentication
Const cdoNTLM = 2 ' NTLM, Microsoft proprietary authentication
' First, create the message
Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = EmailSubject
objMessage.From = """" & EmailFromName & """ <" & EmailFrom & ">"
objMessage.To = EmailTo
objMessage.TextBody = EmailBody
' Second, configure the server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = cdoSendUsingPort
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = SMTPServer
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = cdoBasic
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusername") = SMTPLogon
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendpassword") = SMTPPassword
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = SMTPPort
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = SMTPSSL
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
objMessage.Configuration.Fields.Update
' Now send the message!
objMessage.Send
Categories:
Windows OS-Level Issues
Backup