Some Notes on the Machines

These packages bundle configurations, even domain joins, and other items. Native to Windows 10:

https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package

This command:

wmic product where name="Application Name" call uninstall /nointeractive

appears to do it. Put the whole long name from the software list in Control Panel, within those double parentheses. This works in at least some cases where msiexec /x does not. And it is not version-specific.

Sometimes Windows Installer will pile up a queue of items to be installed. These will show up as multiple ‘msiexec’ processes in TASKMGR. To clear them:

msiexec /unregister
taskkill /f /im msiexec.exe
msiexec /regserver

The idea is, first we take Windows Installer offline, then we kill any leftover stalled / queued processes, and lastly, we bring Windows Installer online again. Unless there’s something else in the backgrounds starting more of these things, this will take good care.

Updates are being distributed to Windows 10 via peer-to-peer methods, in addition to cloud-to-PC. This will be essential to handle the big build files, 4 gigabyte plus, at many sites.

https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization

Here’s a new one, seems to cover some good ground:

https://support.microsoft.com/en-us/help/10164/fix-windows-update-errors

Chocolatey is a great way to get a huge variety of software into your Windows machine in a very consistent way. Boxstarter uses Chocolatey for large repeated OS and package setups, both virtual and hardware. Boxstarter has a great Windows update method inside. To call it all via Powershell, one can do this (make sure you’re administrative):

$PSCred = Get-Credential
Set-ExecutionPolicy Bypass -Force
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
choco install boxstarter -y
choco install boxstarter.chocolatey -y
Install-BoxstarterPackage -PackageName Boxstarter.WindowsUpdate -Credential $PScred

The credential is a local admin to the box, it is there so the updater can run through as many reboots as necessary to get the job done. Please do be aware that this will reboot the machine immediately after setup, and will reboot it repeatedly as needed to get the machine fully up to date. It also installs a public desktop icon called “Boxstarter Shell” which probably will need to be removed.

One can copy all of the above lines into a file, e.g., “winup.ps1”, and then run “.\winup” in an administrative Powershell, it will work very nicely.

This Powershell command does a lot of good:

Get-WMIObject Win32_Product | Sort-Object -Property Name | Format-Table Name, IdentifyingNumber -Wrap

It gets the names, and the long unique install codes (GUIDs), which look something like this:

{90160000-008C-0000-0000-0000000FF1CE}

Usually one can then run this:

MsiExec.exe /x {90160000-008C-0000-0000-0000000FF1CE} /q /qn /norestart

to remove quietly. When this doesn’t work, there is a plan B:

Get-WMIObject Win32_Product | Sort-Object -Property Name | Format-Table Name, LocalPackage -Wrap

which gets the names and the locations of the system-local copies of the MSIs. One should be able to do the same MsiExec command on those too, though this does not always work either.

There are a lot of out-of-date and/or flatly wrong web references on this topic, so it seemed like a good thing to start one. Updates are likely.

• Synopsis. Microsoft’s Powershell Gallery includes a very nice module for controlling Windows Updates, by Michal Gajda. It works when a lot of things don’t. The module has many functions; the below simply gets the current available updates in, explicitly including huge things like the Windows 10 big version packs.

• Prerequisites. The page reports minimum Powershell version 3.0, but automatic Powershell Gallery downloads don’t start to get good until 5.1. So this document will say PS 5.1. Administrative Powershell session or equivalent is of course needed.

• Set up the environment:

Install-PackageProvider -Name NuGet -Force
Install-Module PSWindowsUpdate -Force
Get-Command -Module PSWindowsUpdate
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
Import-Module PSWindowsUpdate
Add-WUServiceManager -MicrosoftUpdate -Confirm:$false

• Get list of current Windows updates available to the setup. This respects anything else in place, e.g., WSUS, standard RMM patching system, et cetera.

Get-WUList

• Install with automatic reboot

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot

• Or, install without automatic reboot

Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot:$false

The beauty of this one, is although it can and will run utterly silently, it gives a marvelously simple Powershell-style progress report, both downloads and install progress, if you are running it in a live window.

DISM is great for system image repair in 2012/8.0 and later. But from 2008R2/7 there are lots of things DISM can do to clean up a system. Here’s one:

dism /online /Cleanup-Image /StartComponentCleanup

This does much cleaning up of redundant items in WinSxS. There is also:

dism /online /Cleanup-Image /StartComponentCleanup /ResetBase

but /ResetBase eliminates removal of all patches and updates etcetera, so not necessarily best to use. And we have:

dism /online /Cleanup-Image /SPSuperseded

/SPSuperseded eliminates removal of service packs only.

Here it is, all current versions:

https://support.microsoft.com/en-us/help/4027322/windows-update-troubleshooter