Category: Windows OS-Level Issues

Microsoft Update Health Tools, and PSWindowsUpdate
article #1455, updated 14 days ago

The Microsoft Update Health Tools appears to be an optional add-on which helps Windows do updates. Beyond that all of my searching has come up with vagueness. But Microsoft recommends it and often installs it without informing us, so probably it helps fairly often.

Microsoft Update Health Tools comes in KB4023057. To install KB4023057, we can use PSWindowsUpdate:

Here’s a complete run-anywhere command paste for preparing to use the module:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
set-executionpolicy bypass -scope process -force
# Get repository
If (-not (Get-PSRepository -Name PSGallery)) {
	Register-PSRepository -Default |& Out-Null
# Get latest version of package provider
$NuGetLatest = (Get-PackageProvider -ListAvailable -Name NuGet).Version
# Get version of currently installed package provider
$NuGetInstalled = (Get-PackageProvider -Name NuGet -Force).Version
If ($NuGetLatest -ne $NuGetInstalled) {
	Install-PackageProvider -Name NuGet -Force

If (Get-InstalledModule -Name PsWindowsUpdate) {
	Update-Module -Name PSWindowsUpdate -Force
} Else {
	Install-Module -Name PSWindowsUpdate -AllowClobber -Scope CurrentUser -Force
Import-Module PSWindowsUpdate

and the command for just KB4023057:

Install-WindowsUpdate -KBArticleID KB4023057

PSWindowsUpdate is a very interesting module all by itself, it can do lots of things, e.g., install all updates available from Microsoft. Another nice function is:


To get a full list of functions:

Get-Command -Module PSWindowsUpdate

Get-Help works for all of them.

One can install all updates available from Microsoft, though this can be dangerous, there are huge ones and drivers and BIOS too. So this simple command won’t be here :-)

To just see the list of available updates:


To install all available updates except one KB:

Install-WindowsUpdate -AcceptAll -NotKBArticleID KB000000

and except a list (here of two) KBs:

Install-WindowsUpdate -AcceptAll -NotKBArticleID "KB000000,KB000001"

where KB000000 is a KB to be excepted. There’s also -NotCategory and -NotTitle for items without KB articles.



Intel NICs: New Dual-Install Approach
article #1467, updated 96 days ago

As of very recently, Intel has divided its NIC support installs into two steps, one being driver, and the other being PROset, software which supports the driver and the hardware. Both are recommended. Here is the page for Windows 10:



Delete shadow copies by WMIC
article #1449, updated 112 days ago

When trying to get SVI contents out and vssadmin and diskshadow don’t work, this may:

(then it its own command prompt) shadowcopy delete

It will require “Y” and “Enter” to be pressed, it will do one at a time. One can also have it delete all noninteractively:

wmic shadowcopy delete /nointeractive

and in Powershell, one can run that noninteractive as a job:

Start-Job -ScriptBlock { wmic shadowcopy delete /nointeractive }



Eliminate 'reboot required' false alarms
article #1462, updated 119 days ago

Some new data:



When bad printers show up, print-over-RDP doesn't work, and GPO is clear
article #1459, updated 136 days ago

If group policy cache is clear, group policy bugs are ironed out, and you still see bad/nonfunctional printers forcibly recreated and/or print-over-RDP doesn’t work, try this (you’ll need psexec) in administrative CMD:

psexec.exe -s reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider" /f
psexec.exe -s reg delete "HKLM\SYSTEM\CurrentControlSet\Enum\SWD\PRINTENUM" /f
psexec.exe -s reg add "HKLM\SYSTEM\CurrentControlSet\Enum\SWD\PRINTENUM"
psexec.exe -s reg delete "HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{0ecef634-6ef0-472a-8085-5ad023ecbccd}" /f
psexec.exe -s reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{0ecef634-6ef0-472a-8085-5ad023ecbccd}"

Any SMB-mapped printers will be deleted or grayed, IP direct printers will remain.



Windows Ultimate Performance Power Scheme
article #1456, updated 144 days ago

There is a built-in, hidden, “Ultimate Performance” power scheme in Windows 10, 11, and probably others:

powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61

Does not include everything in a page on this site, but integration will follow soon :-)



SFC and DISM Fixes Windows
article #980, updated 201 days ago

Do these in order:

SFC /scannow
DISM /Online /Cleanup-Image /CheckHealth
DISM /Online /Cleanup-Image /ScanHealth
DISM /Online /Cleanup-Image /RestoreHealth

These fix a very large number of issues, 8.1/2012R2 and later. If SFC fails, run it again last, DISM sometimes has to repair the SFC component store. And occasionally, after SFC’s component store has been fixed and SFC rerun, the DISMs need to be done again for completion.



Set Windows to Prefer IPv4 over IPv6 (when Microsoft v6 networking goes haywire)
article #1432, updated 264 days ago

Sometimes IPv6 networking goes haywire, on a PC, server, or even a whole network. Machines are there, ping may happen or not, but one, some, or all of them just insist on using oddball IPv6 IPs to connect to each other, even though nothing has been changed voluntarily. Given that even after all these years there still are no useful IPv6 blacklists on the Internet, and given the excellent methods in place to use IPv4, we see no need for IPv6 at this time.

But Microsoft does insist on using IPv6 inside its operating systems, so we must keep it running; disabling v6 does harm in a Microsoft environment. The following is Microsoft’s recommendation to instruct Windows to prefer IPv4, which does eliminate the above issue. One adds a DWORD here:


named DisabledComponents. Hex value 20, binary 32. Then reboot.

A quick way to do the registry add, in administrative CMD:

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD  /d 32

Still you’ll need to reboot to get it to take effect.

The info is from this reference.



Command Line Utilities for .NET Frameworks
article #207, updated 264 days ago

See here:

The downloadable for .NET 3.5 is here:

Another vital, NGEN, is discussed here:



Notification by Email for Windows 2008 Backup
article #359, updated 264 days ago

It is very possible. Here is a good way.

Windows 2008 Backup Reporting by Email

I    Prepare the script.

The purpose of the script is to actually send the email. We don’t use any built-in email capability, because to do so would make configuration much more complicated. The full text of the script is at the end of this document (as section III). You will need to modify the values for EmailSubject and EmailBody to match the site at which the server is located, and put this modified copy in a good safe location on the server.

The script is pre-configured for gmail. For other ISPs you may need to modify the TCP/IP email port number and/or turn SSL off.

This example will use the location “C:\0DCST\bin”, and the script file name “ReportBackupFailureByEmail.vbs”.

II    Insert the script into the Task Scheduler.

1. Open up Task Scheduler, and view the Task Scheduler Library.

2. Select Create Task… under Actions. This gets you here:

Enter a name and description for your new task. Be sure to select the option to “Run whether user is logged on or not” to ensure the task still runs after you log out.

3. Click on the Triggers tab and click on New. Select “On an Event” from the drop down. Choose “Custom” under Settings.

4. Click on “New Event Filter…”. Then, choose as follows:

Select all of the event levels except “Information” and Verbose”. Then select “By log”. In the Event Logs dropdown, open Applications and Services Logs, then Microsoft, then Windows, then Backup, and choose Operational.

Once your end result looks like this:

press OK.

5. Head over to the Actions tab and select “New…”. For this example, the following is correct:

Press OK and OK, put in your authentication, and you’re done!

III    The Script:

' Report Backup Failure by Email '

' Script version 1.0
' Needs to be run by Task Manager, triggered by appropriate events

' Modify lines below only to fit site, server, and email configuration

ServerName = "SERVERNAME"
SiteName = "SITENAME"

Const EmailFrom = ""
Const EmailFromName = "From Name"
Const EmailTo = ""
Const SMTPServer = ""
Const SMTPLogon = ""
Const SMTPPassword = "gmailpassword"

Const SMTPSSL = True
Const SMTPPort = 465

' Do not modify anything further below

EmailSubject = ServerName & ":  Windows 2008 Backup has failed"

EmailBody = "A failure of Windows 2008 Backup has been recorded " & _
		"at site " & SiteName & " on server " & ServerName & ", " & _
		"on " & Date & ", " & Time & " ."

Const cdoSendUsingPickup = 1 	'Send message using local SMTP service pickup directory.
Const cdoSendUsingPort = 2 	'Send the message using SMTP over TCP/IP networking.

Const cdoAnonymous = 0 	' No authentication
Const cdoBasic = 1 	' BASIC clear text authentication
Const cdoNTLM = 2 	' NTLM, Microsoft proprietary authentication

' First, create the message

Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = EmailSubject
objMessage.From = """" & EmailFromName & """ <" & EmailFrom & ">"
objMessage.To = EmailTo
objMessage.TextBody = EmailBody

' Second, configure the server

objMessage.Configuration.Fields.Item _
("") = cdoSendUsingPort

objMessage.Configuration.Fields.Item _
("") = SMTPServer

objMessage.Configuration.Fields.Item _
("") = cdoBasic

objMessage.Configuration.Fields.Item _
("") = SMTPLogon

objMessage.Configuration.Fields.Item _
("") = SMTPPassword

objMessage.Configuration.Fields.Item _
("") = SMTPPort

objMessage.Configuration.Fields.Item _
("") = SMTPSSL

objMessage.Configuration.Fields.Item _
("") = 60


' Now send the message!