Scheduled Task for Reboot in Windows
article #1484, updated 12 days ago

The code below, deletes any past scheduled tasks of the name it uses, then sets up a new scheduled task for 3AM next, where it will run:

shutdown -f -r -t -0

and it does it using the SYSTEM account, whether Windows considers SYSTEM logged in or not, with the highest privileges.

# Delete old scheduled task of this name, if present

Unregister-ScheduledTask -TaskName "schtasks_REBOOT" -Confirm:$false 2> $null

# Create new scheduled task of this name

$action = New-ScheduledTaskAction -Execute 'C:\Windows\System32\shutdown.exe' -Argument '-f -r -t 0'
$today = Get-Date
$tomorrow3AM = Get-Date -Day ($today.day + 1) -Hour 3 -Minute 0 -Second 0
$trigger = New-ScheduledTaskTrigger -Once -At $tomorrow3AM
$taskprincipal = New-ScheduledTaskPrincipal -UserID 'NT AUTHORITY\SYSTEM' -RunLevel Highest
Register-ScheduledTask -TaskName 'schtasks_REBOOT' -Action $action -Trigger $trigger -Description 'Scheduled Reboot' -Principal $taskprincipal 

Categories:      

==============

Delete NTFS USN journal
article #1483, updated 13 days ago

The journal can, reportedly, get huge. Here’s how to delete it for C:

fsutil usn deletejournal /n C:

Warnings and info is here, but haven’t seen any signs of the warned items, perhaps they happen mostly with very large and/or very slow machines:

docs.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-usn

Categories:      

==============

Update Windows via Powershell
article #1479, updated 15 days ago

This method uses Powershell module PsWindowsUpdate.

  1. Run this in administrative Powershell:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Set-Executionpolicy RemoteSigned -Scope Process -Force
Install-PackageProvider -Name NuGet -Force -ErrorAction 'SilentlyContinue' > $null
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
If (Get-InstalledModule -Name PsWindowsUpdate -ErrorAction 'SilentlyContinue') {
	Update-Module -Name PSWindowsUpdate -Force
} Else {
	Install-Module -Name PSWindowsUpdate -Force
}
Import-Module PSWindowsUpdate
  1. Then check the list of available updates:
Get-WindowsUpdate
  1. The next step is to actually do the updates. There are good reasons and multiple methods to be careful. Alas, thus far, there does not appear to be a way to install updates a given number of days after release, e.g., 30, so as to give Microsoft time to respond to issues. Here is a glancing overview of what we do have:
  • Lots of firmware is being sent by Microsoft now, and some of this is more up-to-date than that available from the vendors. But there is risk in these, don’t forget. You may find that you want to install current Windows patches, but no drivers, firmware, services packs, feature packs, etc. To do this:
Install-WindowsUpdate -NotCategory "Drivers","Service Packs","FeaturePacks" -NotTitle "preview" -AcceptAll -IgnoreReboot

The -IgnoreReboot ignores all relevant reboot automata. -NotTitle "preview" omits all updates with the word “preview” in their name.

  • You may find that you want to omit granularly, e.g., specific build upgrades. If you found one marked KB1234567, you would install all and omit that one thus:
Install-WindowsUpdate -KBArticleID KB1234567 -AcceptAll
  • If you had two KBs to omit:
Install-WindowsUpdate -AcceptAll -NotKBArticleID "KB1234567,KB7654321"
  • There are other noteworthy items. Lots of firmware is being sent by Microsoft now, and some of this is more up-to-date than that available from the vendor. But there is risk in firmware updates, don’t forget. Some of the items don’t have KBs, and there are two other command-line arguments to omit those, -NotTitle and -NotUpdateID.
  • And then there’s:
Reset-WUComponents
  • To get a full list of functions:
Get-Command -Module PSWindowsUpdate

Get-Help works for all of them.

Categories:      

==============

Renoberate & Clear Windows Event Logs
article #1482, updated 16 days ago

Recently it was discovered that a Windows server was running very slow because the Security log’s maximum size was set to 40 gigabytes. Here is a Powershell bit which will look at all event logs, set their max size to 2.5M if set larger, and clear them. Seems to free up a nice healthy dollop of performance in general.

wevtutil el | Foreach-Object {
	$LogObject = Get-WinEvent -ListLog $_
	If ( $LogObject.MaximumSizeInBytes -gt 2560000 ) {
		"$_ has max set to larger than 2.5M.  Setting to 2.5M."
		$LogObject.MaximumSizeInBytes = 2500KB
		$LogObject.SaveChanges()
		}
	wevtutil cl $_
	"$_ cleared."
}

There are times when an operation, a software install or configure perhaps, will error with “Cannot open log for source ———-. You may not have write access.” The below will do the above, and also give read/write to every local admin.

wevtutil el | Foreach-Object {
	wevtutil sl $_ "/ca:O:BAG:SYD:(A;;0x1;;;SY)(A;;0x5;;;BA)(A;;0x1;;;LA)(A;;0x3;;;LA)"
	$LogObject = Get-WinEvent -ListLog $_
	If ( $LogObject.MaximumSizeInBytes -gt 2560000 ) {
		"$_ has max set to larger than 2.5M.  Setting to 2.5M."
		$LogObject.MaximumSizeInBytes = 2500KB
		$LogObject.SaveChanges()
		}
	wevtutil cl $_
	"$_ cleared."
}

The security string is written in something called SDDL. Some more info:

https://itconnect.uw.edu/wares/msinf/other-help/understanding-sddl-syntax/

Categories:      

==============

Uninstall Windows applications via command line
article #1326, updated 41 days ago

This command:

wmic product where name="Application Name" call uninstall /nointeractive

appears to do it. Put the whole long name from the software list in Control Panel, within those double parentheses. This works in at least some cases where msiexec /x does not. And it is not version-specific.

To get a full list of names with GUIDs, try this:

get-wmiobject Win32_Product | sort-object -property Name | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize

Categories:      

==============

Purge/Delete Deleted Users and Mailboxes in Office 365
article #1481, updated 41 days ago

This is a skeleton, Powershell. Needs prerequisite setup added.

$Cred = Get-Credential
Connect-MSolService -Credential $Cred
Install-Module MSOnline
Get-MsolUser -ReturnDeletedUsers
# The list of users/mailboxes marked 'deleted', is visible, if there are any.
# Do the next step ONLY if you are certain. There is no going back after this.
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

Categories:      

==============

Manually Deliver BitLocker Data to AD in Powershell
article #1480, updated 55 days ago

Here it is:

$BLVolume = Get-BitLockerVolume -MountPoint "C:"
Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLVolume.KeyProtector[1].KeyProtectorId

Categories:      

==============

Microsoft Update Health Tools, and PSWindowsUpdate
article #1455, updated 57 days ago

The Microsoft Update Health Tools appears to be an optional add-on which helps Windows do updates. Beyond that all of my searching has come up with vagueness. But Microsoft recommends it and often installs it without informing us, so probably it helps fairly often.

Microsoft Update Health Tools comes in KB4023057. To install KB4023057, we can use PSWindowsUpdate:

www.business.com/articles/install-windows-patches-powershell/

Here’s a complete run-anywhere command paste for preparing to use the module (administrative shell only please):

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Set-Executionpolicy RemoteSigned -Scope Process -Force
Install-PackageProvider -Name NuGet -Force -ErrorAction 'SilentlyContinue' > $null
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
If (Get-InstalledModule -Name PsWindowsUpdate -ErrorAction 'SilentlyContinue') {
	Update-Module -Name PSWindowsUpdate -Force
} Else {
	Install-Module -Name PSWindowsUpdate -Force
}
Import-Module PSWindowsUpdate

and the command for just KB4023057:

Install-WindowsUpdate -KBArticleID KB4023057

PSWindowsUpdate is a very interesting module all by itself, it can do lots of things, e.g., install all updates available from Microsoft. Another nice function is:

Reset-WUComponents

To get a full list of functions:

Get-Command -Module PSWindowsUpdate

Get-Help works for all of them.

One can install all updates available from Microsoft, though this can be dangerous, there are huge ones and drivers and BIOS too. So this simple command won’t be here :-)

To just see the list of available updates:

Get-WindowsUpdate

To install all available updates except one KB:

Install-WindowsUpdate -AcceptAll -NotKBArticleID KB000000

and except a list (here of two) KBs:

Install-WindowsUpdate -AcceptAll -NotKBArticleID "KB000000,KB000001"

where KB000000 is a KB to be excepted. There’s also -NotCategory and -NotTitle for items without KB articles.

Categories:      

==============

Logoff all users from Windows
article #1478, updated 61 days ago

This will log off all users, whether console or RDP:

logoff console
quser /server:localhost | ForEach-Object {
		logoff $_.ID
		}

Categories:      

==============

Quick Way to Schedule Reboot in Windows
article #467, updated 61 days ago

Run these in an administrative or SYSTEM-level command prompt.

In Windows 8.1/2012R2/10/2016 and later, we set a scheduled task, we do have to specify the actual full date:

schtasks /create /tn "schtasks_REBOOT" /tr "C:\Windows\System32\shutdown.exe -f -r -t 0" /sc once /st 04:00 /sd 01/01/2016 /ru System

In 8/2012R1, we have to have a “/Y on the very end:

schtasks /create /tn "schtasks_REBOOT" /tr "C:\Windows\System32\shutdown.exe -f -r -t 0" /sc once /st 04:00 /sd 01/01/2016 /ru System /Y

Under 7/2008R2 and before, it was easier, we could schedule for 4:00 AM tomorrow:

AT 4:00 c:\windows\system32\shutdown.exe -f -r -t 0

and we could schedule for 4:00 AM next Monday:

AT 4:00 /next:Monday c:\windows\system32\shutdown.exe -f -r -t 0

Categories: