Some Notes on the Machines

This method uses Powershell module PsWindowsUpdate.

1. Run this in administrative Powershell:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Set-Executionpolicy RemoteSigned -Scope Process -Force
Install-PackageProvider -Name NuGet -Force -ErrorAction 'SilentlyContinue' > $null
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
If (Get-InstalledModule -Name PsWindowsUpdate -ErrorAction 'SilentlyContinue') {
	Update-Module -Name PSWindowsUpdate -Force
} Else {
	Install-Module -Name PSWindowsUpdate -Force
}
Import-Module PSWindowsUpdate

2. Then check the list of available updates:

Get-WindowsUpdate

3. The next step is to actually do the updates. There are good reasons and multiple methods to be careful. Alas, thus far, there does not appear to be a way to install updates a given number of days after release, e.g., 30, so as to give Microsoft time to respond to issues. Here is a glancing overview of what we do have:

Install-WindowsUpdate -NotCategory "Drivers","Service Packs","FeaturePacks" -NotTitle "preview" -AcceptAll -IgnoreReboot

Install-WindowsUpdate -NotKBArticleID KB1234567 -AcceptAll

Install-WindowsUpdate -AcceptAll -NotKBArticleID "KB1234567,KB7654321"

Reset-WUComponents

Get-Command -Module PSWindowsUpdate

This command:

wmic product where name="Application Name" call uninstall /nointeractive

appears to do it. Put the whole long name from the software list in Control Panel, within those double parentheses. This works in at least some cases where msiexec /x does not. And it is not version-specific.

To get a full list of names with GUIDs, try this:

get-wmiobject Win32_Product | sort-object -property Name | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize

The Microsoft Update Health Tools appears to be an optional add-on which helps Windows do updates. Beyond that all of my searching has come up with vagueness. But Microsoft recommends it and often installs it without informing us, so probably it helps fairly often.

Microsoft Update Health Tools comes in KB4023057. To install KB4023057, we can use PSWindowsUpdate:

www.business.com/articles/install-windows-patches-powershell/

Here’s a complete run-anywhere command paste for preparing to use the module (administrative shell only please):

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Set-Executionpolicy RemoteSigned -Scope Process -Force
Install-PackageProvider -Name NuGet -Force -ErrorAction 'SilentlyContinue' > $null
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
If (Get-InstalledModule -Name PsWindowsUpdate -ErrorAction 'SilentlyContinue') {
	Update-Module -Name PSWindowsUpdate -Force
} Else {
	Install-Module -Name PSWindowsUpdate -Force
}
Import-Module PSWindowsUpdate

and the command for just KB4023057:

Install-WindowsUpdate -KBArticleID KB4023057

PSWindowsUpdate is a very interesting module all by itself, it can do lots of things, e.g., install all updates available from Microsoft. Another nice function is:

Reset-WUComponents

To get a full list of functions:

Get-Command -Module PSWindowsUpdate

Get-Help works for all of them.

One can install all updates available from Microsoft, though this can be dangerous, there are huge ones and drivers and BIOS too. So this simple command won’t be here :-)

To just see the list of available updates:

Get-WindowsUpdate

To install all available updates except one KB:

Install-WindowsUpdate -AcceptAll -NotKBArticleID KB000000

and except a list (here of two) KBs:

Install-WindowsUpdate -AcceptAll -NotKBArticleID "KB000000,KB000001"

where KB000000 is a KB to be excepted. There’s also -NotCategory and -NotTitle for items without KB articles.

This one works very well indeed. It does need a bit more technical intervention:

https://www.bcuninstaller.com

Mike Hunsinger, who has been addressing Windows Update issues with considerable success over time, recently provided for the following writeup. It is useful when:

• Windows is running slowly or generally unreliably, needs rebooted frequently.
• The Windows Update service spikes CPU usage over 70% when it runs.
• When you check for new updates, it just hangs endlessly on “checking for updates”.
• The last successful update was years ago.

Steps:

1. Clean up the system drive.
   • Before Server 2012, use Disk Cleanup (cleanmgr.exe). Be sure to check “service pack backup files” and “windows update”, if the version of Windows you are running gives these as options.
   • Server 2012 and after, use DISM (dism.exe). Run this in administrative CMD:
     dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase
     If it reports “The operation could not be completed due to pending operations.”, you have just been told that a server reboot is necessary and you’ll need to do this again afterwards. After it succeeds, do this:
     dism.exe /online /Cleanup-Image /SPSuperseded
2. Run the following as a .bat file to reset Windows Updates caches and working spaces, rereg some dll’s, It works on all versions of windows, may skip some dll’s depending on the OS version:

@ECHO OFF
echo Simple Script to Reset / Clear Windows Update
echo.
PAUSE
echo.
attrib -h -r -s %windir%\system32\catroot2
attrib -h -r -s %windir%\system32\catroot2\*.*
net stop wuauserv
net stop CryptSvc
net stop BITS
ren %windir%\system32\catroot2 catroot2.old
ren %windir%\SoftwareDistribution sold.old
ren "%ALLUSERSPROFILE%\application data\Microsoft\Network\downloader" downloader.old
regsvr32 /s wuaueng.dll 
regsvr32 /s wuaueng1.dll 
regsvr32 /s atl.dll 
regsvr32 /s wups.dll 
regsvr32 /s wups2.dll 
regsvr32 /s wuweb.dll 
regsvr32 /s wucltui.dll 
net Start BITS
net start CryptSvc
net start wuauserv
echo.
echo Task completed successfully...
echo.
PAUSE

3. Install .net 4.5.1 from here: https://www.microsoft.com/en-us/download/details.aspx?id=40779
4. If it says that an =/> version is already installed, run the .net repair tool from here: https://support.microsoft.com/en-us/kb/2698555
5. Download the latest version of Windows Update from here: https://support.microsoft.com/en-us/kb/949104
6. Next update IE or Edge to the latest version using a redist, here’s the one for EI11, https://support.microsoft.com/en-us/help/18520/download-internet-explorer-11-offline-installer
7. Open IE11 or Edge, add update.microsoft.com to trusted sites, popup blocker exceptions, privacy exceptions.
8. Finally, try re-running Windows Update. The “Checking for Updates” may run quickly, or it may take 4-6 hours to populate results.

We have had the best results by updating in batches after this, first any critical SP’s or major Platform Updates. Then security, Office and the others as deemed necessary. Once you’ve completed a couple rounds of updates, the difference should start exhibiting itself with regards to the symptoms named.

This is a third-party page which initiates downloads from Microsoft:

tb.rg-adguard.net/public.php

And a very nice one for the very latest build of Windows 10:

www.microsoft.com/en-us/software-download/windows10

And another for Windows 8.1:

www.microsoft.com/en-us/software-download/windows8ISO

If you get PsTools, and do this:

psexec -i -s CMD.exe

you’ll get another CMD box, where the username is SYSTEM, that is to say, the hostname of the machine with a dollar sign on the right end. If the machine is on a domain, it is DOMAIN\hostname$, have not tested it on a non-domain machine yet.

One software installer recently, required that the folder containing its installer package be TAKEOWNed and ICACLSed, as that system user, before it would run to completion, it must have some odd permissions bug in it.

There are likely to be quite a few circumstances in which this special CMD can be useful.

To see if there is cleanup to be done:

DISM /Online /Cleanup-Image /AnalyzeComponentStore

To remove obsolete and unused system files:

DISM /Online /Cleanup-Image /StartComponentCleanup

To remove obsolete and unused system files and also service pack uninstallation files:

dism /online /Cleanup-Image /SPSuperseded

To remove obsolete and unused system files and everything prior, making it impossible to reverse any patches:

dism /online /Cleanup-Image /StartComponentCleanup /ResetBase

This:

wmic product where "name like 'Java%%'" call uninstall /nointeractive

appears to work very well for products whose names start with “Java” which are installed in Windows standard fashion.

Solves issues with updating Windows 10.

https://support.microsoft.com/en-us/help/4023057/update-reliability