Category: Windows OS-Level Issues

DISM fixes Windows issues and performs cleanup
article #980, updated 4 days ago

Do this:

DISM /Online /Cleanup-Image /RestoreHealth

This handles a lot of SFC errors and others too.

Categories:   Windows OS-Level Issues   Cleanup


Reset Windows update system
article #897, updated 4 days ago

Here is a reset procedure.

net stop wuauserv
cd %systemroot%\SoftwareDistribution
ren Download Download.old
net start wuauserv
net stop bits
net start bits
net stop cryptsvc
cd %systemroot%\system32
ren catroot2 catroot2old
net start cryptsvc

Categories:   Windows OS-Level Issues   


Reliabilizing Group Policy
article #1148, updated 19 days ago

In my experience, group policy is the only very nearly absolutely essential tool on a Microsoft domain-controlled LAN which breaks very often and admits of almost zero solid documentation towards fix. A list begins today with two steps towards fix, to be more in the future, Lord willing!

  • Even if there is only one domain controller, change the replication from 180 minutes to 15 minutes. These are in the properties of the site links, in Active Directory Sites and Services, under Inter-Site Transport, under IP. If you have more than one site link enabled, do it for all. Obviously you should moderate carefully, if you are using SMTP or have bandwidth issues.

  • Set services fdPHost and FDResPub as startup Automatic, from Manual.

Categories:   Group Policy   Windows OS-Level Issues


General LAN networking fix for Windows
article #1143, updated 19 days ago

The Beard (alias Hunsinger the Mike) reported just now:

I may have just found a heck of a trick. If you run across PC’s who are getting spotty GPO adherence, and possibly unreliable network connection, as well as their network explorer folder in windows only shows a handful of the actual PC’s on the lan. Try this powershell command:

PS U:\> set-service -Name fdPHost -startuptype Automatic
PS U:\> Start-service -name fdPHost

The above fixed a very longstanding unpleasantry we had been working on, where Network Neighborhood would not show up and other items just would not work normally over a VPN. Oddly, it turns out that fdPHost is some sort of omnibus networking control service, set to Manual by default, but which lords it over several different sets of protocols.

It’s probably not to be enabled generally or lightly, there could be potential for major addition of network traffic, and security questions too. But on the other hand, it’s there, it’s normally Manual not disabled, and it fixed!

Mike later found a companion service, FDResPub, which reportedly is responsible for broadcasting the presence of network resources, by a Windows machine serving them to its LAN. Although it too is by default set to Manual, a reference gives its description as “Publishes your computer and resources attached to your computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.” And it stops sometimes with no known reasons, even on domain controllers. So this one too, at least on real servers, is a help if kept set Automatic.

Categories:   Windows OS-Level Issues   


FSUTIL Tweaks for NTFS Performance and Reliability
article #1145, updated 20 days ago

FSUTIL is a general-purpose NTFS tweak tool. Here is a set of changes which appears to be helpful in general towards performance:

fsutil 8dot3name set 1
fsutil behavior set memoryusage 2
fsutil behavior set disablelastaccess 1
fsutil resource setavailable C:\
fsutil resource setlog shrink 10 C:\

In order:

  • Turns off 8dot3name creation. Does not invalidate existing 8dot3names.
  • Increases RAM cache devoted to NTFS.
  • Turns off “last access” timestamp storage for files. Disindicated for some older backup systems.
  • Makes the filesystem more focussed on “availability” and less on “consistency”.

And here are some which increase reliability:

fsutil repair set C: 0x01
fsutil resource setautoreset true C:\
fsutil resource setconsistent C:\

In order again:

  • Turns autorepair on for C: drive.
  • Cleans transactional metadata on next mount
  • Makes the filesystem more focussed on “consistency” and less on “availability”.

Do be aware that “resource setavailable” and “resource setconsistent” are opposites, both do not get set at the same time :-) Also neither of them appear to be valid on system volumes, errors are thrown.

Here is one set which seems to balance reliability and performance boost:

fsutil 8dot3name set 1
fsutil behavior set memoryusage 2
fsutil behavior set disablelastaccess 1
fsutil repair set C: 0x01
fsutil resource setautoreset true C:\
fsutil resource setconsistent C:\
fsutil resource setlog shrink 10 C:\

Categories:   NTFS   Windows OS-Level Issues


Optimize Service Work Items and Additional/Delayed Worker Threads
article #1084, updated 28 days ago

OWTAS sets a number of additional critical and delayed worker threads, plus service work items. The changes are autocalculated according to a combination of RAM and OS bit-width (32 vs. 64). Performance will increase, more so with more RAM. Available as VBS and as PowerShell 3 and up. Future development will be in PowerShell, as part of the ponderworthy-tools set.

The tool is designed for Windows 10 down through XP. As of 2017-10-10, it is self-elevating if run non-administratively.

Categories:   Windows OS-Level Issues   


Install .NET 3.5 with WSUS
article #1125, updated 97 days ago

Another from Matt the Quick:

By default, WSUS does not have .NET 3.5 available to install. This creates issues when .NET 3.5 is needed after a machine has joined the domain. Below is the workaround steps to install .NET 3.5 using the operating system ISO and not Windows Update or WSUS.

  • Mount the ISO of the operating system. The Server 2016 ISO is known to work for this.
  • Open an Administrative Command Prompt and run the following command:

    dism /online /enable-feature /featurename:netfx3 /all /source:D:\sources\sxs /limitaccess

    NOTE: The Source flag will have to be changed to reflect the Sources\sxs folder on your installation media. This is likely going to be the D drive (as in the example above), but it’s possible your results may differ slightly.
  • Reboot machine.

Categories:   Windows OS-Level Issues   Windows Installer and Updates


.NET 3.5 Install Produces Error Code With WSUS
article #1108, updated 125 days ago

From the indefatigable Matt Quick:

Sometimes, trying to install .NET 3.5 either via Add/Remove Programs or via the standalone offline installer produces an error code. This is due to WSUS not having the files for .NET 3.5. Use the following workaround to avoid taking the machine off the domain, installing .NET 3.5, then putting it back on the domain:

This worked for me. Windows has to download the 3.5 installation files, but the server is configured not to use Windows Update (common for managed servers), but WSUS. The above article describes how to fix this. In a nutshell:

  1. Start the Local Group Policy Editor or Group Policy Management Console.
  2. Expand Computer Configuration, expand Administrative Templates, and then select System.
  3. Open the Specify settings for optional component installation and component repairGroup Policy setting, and then select Enabled.
  4. Select the Contact Windows Update directly to download repair content instead of Windows Server Update Services (WSUS) check box.

Make sure Windows Updates Service is set to Manual or Automatic to apply this fix.

Categories:   Windows OS-Level Issues   Windows Installer and Updates


Disable "Microsoft Compatibility Telemetry" in Windows
article #1092, updated 136 days ago

For the last year or two or three, it’s been helpful to check Task Manager and see if a Microsoft telemetry service is eating up hard drive and/or CPU bandwidth. The fixes change over time because Microsoft changes its methods. Here is a page with very effective methods, kept up to date so far:

I am using these four steps:

sc delete DiagTrack
sc delete dmwappushservice
echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f

Categories:   Windows OS-Level Issues   


Files piling up in C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
article #1100, updated 139 days ago

When certain antivirus products go a bit haywire, or other unfortunate things happen, hundreds of thousands of small files can pile up in either the location in the title of this article, or here:


The location in the title seems to be more common in Windows 10, the other more for Windows 7, but check both, and if you have a pileup in either, run this CMD command inside:

forfiles /D -10 /C "cmd /C attrib -s @file & echo @file & del @file"

forfiles is a very nice command that iterates through the files in a folder according to its parameters. /D -10 iterates through all files more than 10 days old. attrib -s takes off the System attribute, which is needed for DEL (delete) to work. The echo is there so you can see that it is doing its job.

Categories:   Command Line   Windows OS-Level Issues