Some Notes on the Machines

From the excellent Brigg Bush. Do all of these in Powershell:

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' –PropertyType 'DWORD'
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value '0' –PropertyType 'DWORD'

Short version. Bought one from Amazon, it was proven junk. There is a common scam where firmware is changed so that a small device reports itself as a large device to the OS. Works until you push it. Bought another from AliExpress. This one works very well, after replacing the cable, which was necessary. Here’s where I bought mine from.

www.aliexpress.com/item/3256803381001612.html

Currently only up to 4T are available from the above source. However, a search shows many more sources, now rising to 60T. By U.S. general retail standards these are unbelievable, but it would appear that this is a very interesting case.

The recent Christmas was the second year in a row that I saw advertised 10+ terabytes in a large USB-stick-shaped device, about one inch by two-and-a-half. Last year I just thought it was too good to be true, but they did it again. I waited weeks, the ads disappeared as usual, but searches pulled a few, one on Amazon, a few on AliExpress, several on eBay. I haven’t received junk (yet) from AliExpress, so I ordered one, a 16-terabyte for $58 including tax and shipping. It said there was going to be a month lead time, early February was projected, a bit unusual but not very, given everything in the world right now. Looks like a nice, big USB stick, with a USB 3.1 port, and a short cable with that end and a USB A end on the other. Will be pounding on it a good bit.

And no I’m not selling them!!!

This page has some fixes that I haven’t seen anywhere else:

https://computerinfobits.com/why-is-windows-10-search-so-bad/

Appears excellent on the desktop.

http://www.puransoftware.com/Puran-Defrag.html

This command:

wmic product where name="Application Name" call uninstall /nointeractive

appears to do it. Put the whole long name from the software list in Control Panel, within those double parentheses. This works in at least some cases where msiexec /x does not. And it is not version-specific.

To get a full list of names with GUIDs, try this:

get-wmiobject Win32_Product | sort-object -property Name | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize

Here it is:

$BLVolume = Get-BitLockerVolume -MountPoint "C:"
Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLVolume.KeyProtector[1].KeyProtectorId

The Microsoft Update Health Tools appears to be an optional add-on which helps Windows do updates. Beyond that all of my searching has come up with vagueness. But Microsoft recommends it and often installs it without informing us, so probably it helps fairly often.

Microsoft Update Health Tools comes in KB4023057. To install KB4023057, we can use PSWindowsUpdate:

www.business.com/articles/install-windows-patches-powershell/

Here’s a complete run-anywhere command paste for preparing to use the module (administrative shell only please):

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Set-Executionpolicy RemoteSigned -Scope Process -Force
Install-PackageProvider -Name NuGet -Force -ErrorAction 'SilentlyContinue' > $null
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
If (Get-InstalledModule -Name PsWindowsUpdate -ErrorAction 'SilentlyContinue') {
	Update-Module -Name PSWindowsUpdate -Force
} Else {
	Install-Module -Name PSWindowsUpdate -Force
}
Import-Module PSWindowsUpdate

and the command for just KB4023057:

Install-WindowsUpdate -KBArticleID KB4023057

PSWindowsUpdate is a very interesting module all by itself, it can do lots of things, e.g., install all updates available from Microsoft. Another nice function is:

Reset-WUComponents

To get a full list of functions:

Get-Command -Module PSWindowsUpdate

Get-Help works for all of them.

One can install all updates available from Microsoft, though this can be dangerous, there are huge ones and drivers and BIOS too. So this simple command won’t be here :-)

To just see the list of available updates:

Get-WindowsUpdate

To install all available updates except one KB:

Install-WindowsUpdate -AcceptAll -NotKBArticleID KB000000

and except a list (here of two) KBs:

Install-WindowsUpdate -AcceptAll -NotKBArticleID "KB000000,KB000001"

where KB000000 is a KB to be excepted. There’s also -NotCategory and -NotTitle for items without KB articles.

This will log off all users, whether console or RDP:

logoff console
quser /server:localhost | ForEach-Object {
		logoff $_.ID
		}

Run these in an administrative or SYSTEM-level command prompt.

In Windows 8.1/2012R2/10/2016 and later, we set a scheduled task, we do have to specify the actual full date:

schtasks /create /tn "schtasks_REBOOT" /tr "C:\Windows\System32\shutdown.exe -f -r -t 0" /sc once /st 04:00 /sd 01/01/2016 /ru System

In 8/2012R1, we have to have a “/Y on the very end:

schtasks /create /tn "schtasks_REBOOT" /tr "C:\Windows\System32\shutdown.exe -f -r -t 0" /sc once /st 04:00 /sd 01/01/2016 /ru System /Y

Under 7/2008R2 and before, it was easier, we could schedule for 4:00 AM tomorrow:

AT 4:00 c:\windows\system32\shutdown.exe -f -r -t 0

and we could schedule for 4:00 AM next Monday:

AT 4:00 /next:Monday c:\windows\system32\shutdown.exe -f -r -t 0

Version overview:

docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history