Some Notes on the Machines

There are a lot of out-of-date and/or flatly wrong web references on this topic, so it seemed like a good thing to start one. Updates are likely.

• Synopsis. Microsoft’s Powershell Gallery includes a very nice module for controlling Windows Updates, by Michal Gajda. It works when a lot of things don’t. The module has many functions; the below simply gets the current available updates in, explicitly including huge things like the Windows 10 big version packs.

• Prerequisites. The page reports minimum Powershell version 3.0, but automatic Powershell Gallery downloads don’t start to get good until 5.1. So this document will say PS 5.1. Administrative Powershell session or equivalent is of course needed.

• Set up the environment:

Install-PackageProvider -Name NuGet -Force
Install-Module PSWindowsUpdate -Force
Get-Command -Module PSWindowsUpdate
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
Import-Module PSWindowsUpdate
Add-WUServiceManager -MicrosoftUpdate -Confirm:$false

• Get list of current Windows updates available to the setup. This respects anything else in place, e.g., WSUS, standard RMM patching system, et cetera.

Get-WUList

• Install with automatic reboot

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot

• Or, install without automatic reboot

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot:$false

The beauty of this one, is although it can and will run utterly silently, it gives a marvelously simple Powershell-style progress report, both downloads and install progress, if you are running it in a live window.

DISM is great for system image repair in 2012/8.0 and later. But from 2008R2/7 there are lots of things DISM can do to clean up a system. Here’s one:

dism /online /Cleanup-Image /StartComponentCleanup

This does much cleaning up of redundant items in WinSxS. There is also:

dism /online /Cleanup-Image /StartComponentCleanup /ResetBase

but /ResetBase eliminates removal of all patches and updates etcetera, so not necessarily best to use. And we have:

dism /online /Cleanup-Image /SPSuperseded

/SPSuperseded eliminates removal of service packs only.

Here it is, all current versions:

https://support.microsoft.com/en-us/help/4027322/windows-update-troubleshooter

The “Update” button on this page delivers a method faster than most:

https://www.microsoft.com/en-in/software-download/windows10

A module called PSWindowsUpdate. Can be installed under that name using Chocolatey and also the PowerShell Gallery. A very good rundown on its use is here. PowerShell 2.0 and above.

This is something new to Windows 10/2016, a C runtime library different than the redistributables. It is a required additional install for some things to run on OS before 10/2016.

www.microsoft.com/en-us/download/details.aspx?id=50410

Here is the only complete method known to this writer to automatically download and install all current Microsoft redists. It uses this:

https://www.powershellgallery.com/packages/VcRedist

Steps:

1. You’ll need the PowerShell Gallery. Windows 10 and WMF 5.1 come with it.

2. If you have 10, or once you have WMF installed, you can just run GETREDISTS.CMD (part of windows-tools ) as administrator. Alternatively, you can continue :-)

3. VcRedist is the core, we’ll install that automatically as part of the procedure. In administrative PowerShell (the -Force takes in any new updates):

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Install-PackageProvider -Name NuGet -Force
Install-Module -Name NuGet -SkipPublisherCheck -Force
Import-Module -Name NuGet
Install-Module -Name VcRedist -SkipPublisherCheck -Force
Import-Module -Name VcRedist
New-Item C:\VcRedist -ItemType Directory
Get-VcList | Get-VcRedist -Path C:\VcRedist
Get-VcList | Install-VcRedist -Path C:\VcRedist

The above installs all of the redistributables which Microsoft currently supports. Reportedly, some older ones (going back to 2005 at this writing) can be had using this:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Install-PackageProvider -Name NuGet -Force
Install-Module -Name NuGet -SkipPublisherCheck -Force
Import-Module -Name NuGet
Install-Module -Name VcRedist -SkipPublisherCheck -Force
Import-Module -Name VcRedist
New-Item C:\VcRedist -ItemType Directory
Get-VcList -Export All | Get-VcRedist -Path C:\VcRedist
Get-VcList -Export All | Install-VcRedist -Path C:\VcRedist

You may wish to delete the downloadables after the procedure:

Remove-Item C:\VcRedist -Recurse -Force

If Windows Updates says it’s controlled by system administration and not you, check all three of these:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

You’ll probably see a DWORD preventing access. Delete it and try again.

No keys of course, but ISO media indeed, and very helpful for DISM and other fixes:

https://support.microsoft.com/en-us/help/15088/windows-create-installation-media

If the Windows Installer method doesn’t work, ESET has a tool. It does have to be run with the OS in safe mode:

https://support.eset.com/kb2289/?locale=en_US&viewlocale=en_US