Some Notes on the Machines

Chocolatey is a great way to get a huge variety of software into your Windows machine in a very consistent way. Boxstarter uses Chocolatey for large repeated OS and package setups, both virtual and hardware. Boxstarter has a great Windows update method inside. To call it all via Powershell, one can do this (make sure you’re administrative):

$PSCred = Get-Credential
Set-ExecutionPolicy Bypass -Force
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
choco install boxstarter -y
choco install boxstarter.chocolatey -y
Install-BoxstarterPackage -PackageName Boxstarter.WindowsUpdate -Credential $PScred

The credential is a local admin to the box, it is there so the updater can run through as many reboots as necessary to get the job done. Please do be aware that this will reboot the machine immediately after setup, and will reboot it repeatedly as needed to get the machine fully up to date. It also installs a public desktop icon called “Boxstarter Shell” which probably will need to be removed.

One can copy all of the above lines into a file, e.g., “winup.ps1”, and then run “.\winup” in an administrative Powershell, it will work very nicely.

This Powershell command does a lot of good:

Get-WMIObject Win32_Product | Sort-Object -Property Name | Format-Table Name, IdentifyingNumber -Wrap

It gets the names, and the long unique install codes (GUIDs), which look something like this:

{90160000-008C-0000-0000-0000000FF1CE}

Usually one can then run this:

MsiExec.exe /x {90160000-008C-0000-0000-0000000FF1CE} /q /qn /norestart

to remove quietly. When this doesn’t work, there is a plan B:

Get-WMIObject Win32_Product | Sort-Object -Property Name | Format-Table Name, LocalPackage -Wrap

which gets the names and the locations of the system-local copies of the MSIs. One should be able to do the same MsiExec command on those too, though this does not always work either.

There are a lot of out-of-date and/or flatly wrong web references on this topic, so it seemed like a good thing to start one. Updates are likely.

• Synopsis. Microsoft’s Powershell Gallery includes a very nice module for controlling Windows Updates, by Michal Gajda. It works when a lot of things don’t. The module has many functions; the below simply gets the current available updates in, explicitly including huge things like the Windows 10 big version packs.

• Prerequisites. The page reports minimum Powershell version 3.0, but automatic Powershell Gallery downloads don’t start to get good until 5.1. So this document will say PS 5.1. Administrative Powershell session or equivalent is of course needed.

• Set up the environment:

Install-PackageProvider -Name NuGet -Force
Install-Module PSWindowsUpdate -Force
Get-Command -Module PSWindowsUpdate
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
Import-Module PSWindowsUpdate
Add-WUServiceManager -MicrosoftUpdate -Confirm:$false

• Get list of current Windows updates available to the setup. This respects anything else in place, e.g., WSUS, standard RMM patching system, et cetera.

Get-WUList

• Install with automatic reboot

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot

• Or, install without automatic reboot

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot:$false

The beauty of this one, is although it can and will run utterly silently, it gives a marvelously simple Powershell-style progress report, both downloads and install progress, if you are running it in a live window.

DISM is great for system image repair in 2012/8.0 and later. But from 2008R2/7 there are lots of things DISM can do to clean up a system. Here’s one:

dism /online /Cleanup-Image /StartComponentCleanup

This does much cleaning up of redundant items in WinSxS. There is also:

dism /online /Cleanup-Image /StartComponentCleanup /ResetBase

but /ResetBase eliminates removal of all patches and updates etcetera, so not necessarily best to use. And we have:

dism /online /Cleanup-Image /SPSuperseded

/SPSuperseded eliminates removal of service packs only.

Here it is, all current versions:

https://support.microsoft.com/en-us/help/4027322/windows-update-troubleshooter

The “Update” button on this page delivers a method faster than most:

https://www.microsoft.com/en-in/software-download/windows10

A module called PSWindowsUpdate. Can be installed under that name using Chocolatey and also the PowerShell Gallery. A very good rundown on its use is here. PowerShell 2.0 and above.

This is something new to Windows 10/2016, a C runtime library different than the redistributables. It is a required additional install for some things to run on OS before 10/2016.

www.microsoft.com/en-us/download/details.aspx?id=50410

Here is the only complete method known to this writer to automatically download and install all current Microsoft redists. It uses this:

https://www.powershellgallery.com/packages/VcRedist

Steps:

1. You’ll need the PowerShell Gallery. Windows 10 and WMF 5.1 come with it.

2. If you have 10, or once you have WMF installed, you can just run GETREDISTS.CMD (part of windows-tools ) as administrator. Alternatively, you can continue :-)

3. VcRedist is the core, we’ll install that automatically as part of the procedure. In administrative PowerShell (the -Force takes in any new updates):

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Install-PackageProvider -Name NuGet -Force
Install-Module -Name NuGet -SkipPublisherCheck -Force
Import-Module -Name NuGet
Install-Module -Name VcRedist -SkipPublisherCheck -Force
Import-Module -Name VcRedist
New-Item C:\VcRedist -ItemType Directory
Get-VcList | Get-VcRedist -Path C:\VcRedist
Get-VcList | Install-VcRedist -Path C:\VcRedist

The above installs all of the redistributables which Microsoft currently supports. Reportedly, some older ones (going back to 2005 at this writing) can be had using this:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Install-PackageProvider -Name NuGet -Force
Install-Module -Name NuGet -SkipPublisherCheck -Force
Import-Module -Name NuGet
Install-Module -Name VcRedist -SkipPublisherCheck -Force
Import-Module -Name VcRedist
New-Item C:\VcRedist -ItemType Directory
Get-VcList -Export All | Get-VcRedist -Path C:\VcRedist
Get-VcList -Export All | Install-VcRedist -Path C:\VcRedist

You may wish to delete the downloadables after the procedure:

Remove-Item C:\VcRedist -Recurse -Force

If Windows Updates says it’s controlled by system administration and not you, check all three of these:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

You’ll probably see a DWORD preventing access. Delete it and try again.