Suppress Windows 11 upgrade pushing
article #1501, updated 13 hours ago

We have machines that we want kept on Windows 10, we don’t want users urged over and over again to upgrade to 11. Run this Powershell, reboot (probably), and we’re good:

# Exit script if this is not Windows 10
If ((Get-ComputerInfo | Select OSName).OSName -notlike "Microsoft Windows 10*")
	"This is not Windows 10. Exiting..."
# Proceed
Set-Location -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows
If (-Not (Test-Path -Path WindowsUpdate)) { MKDIR WindowsUpdate }
Set-Location -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
New-ItemProperty -Path . -Name "ProductVersion" -Value "Windows 10"

Note that many so-called solutions out there set things so no further updates, or no further Windows 10 build upgrades, will happen at all. The above simply limits things to Windows 10.



Install 3rd-Party Apps Automatically
article #1500, updated 16 hours ago

There are only three methods for Windows, which appear to work reliably for Adobe Reader DC (among many others) at this time:

Ninite Pro – not free

Chocolatey – large community

RuckZuck – very interesting, based in Switzerland



Update Windows via Powershell
article #1479, updated 2 days ago

This method uses Powershell module PsWindowsUpdate.

  1. Run this in administrative Powershell:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Set-Executionpolicy RemoteSigned -Scope Process -Force
Install-PackageProvider -Name NuGet -Force -ErrorAction 'SilentlyContinue' > $null
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
If (Get-InstalledModule -Name PsWindowsUpdate -ErrorAction 'SilentlyContinue') {
	Update-Module -Name PSWindowsUpdate -Force
} Else {
	Install-Module -Name PSWindowsUpdate -Force
Import-Module PSWindowsUpdate
  1. Then check the list of available updates:
  1. The next step is to actually do the updates. There are good reasons and multiple methods to be careful. Alas, thus far, there does not appear to be a way to install updates a given number of days after release, e.g., 30, so as to give Microsoft time to respond to issues. Here is a glancing overview of what we do have:
  • Lots of firmware is being sent by Microsoft now, and some of this is more up-to-date than that available from the vendors. But there is risk in these, don’t forget. You may find that you want to install current Windows patches, but no drivers, firmware, services packs, feature packs, etc. To do this:
Install-WindowsUpdate -NotCategory "Drivers","Service Packs","FeaturePacks" -NotTitle "preview" -AcceptAll 

And to do it while ignoring reboot:

Install-WindowsUpdate -NotCategory "Drivers","Service Packs","FeaturePacks" -NotTitle "preview" -AcceptAll -IgnoreReboot

The -IgnoreReboot ignores all relevant reboot automata. -NotTitle "preview" omits all updates with the word “preview” in their name.

But sometimes, e.g. with a new PC install, we’ll want to install all updates and reboot automatically:

Install-WindowsUpdate -AcceptAll -AutoReboot
  • You may find that you want to omit granularly, e.g., specific build upgrades. If you found one marked KB1234567, you would install all and omit that one thus:
Install-WindowsUpdate -NotKBArticleID KB1234567 -AcceptAll
  • If you wanted to do that, and explicitly not reboot if indicated:
Install-WindowsUpdate -NotKBArticleID KB1234567 -AcceptAll -IgnoreReboot
  • If you had two KBs to omit:
Install-WindowsUpdate -AcceptAll -NotKBArticleID "KB1234567,KB7654321"
  • There are other noteworthy items. Lots of firmware is being sent by Microsoft now, and some of this is more up-to-date than that available from the vendor. But there is risk in firmware updates, don’t forget. Some of the items don’t have KBs, and there are two other command-line arguments to omit those, -NotTitle and -NotUpdateID.
  • And then there’s:
  • To get a full list of functions:
Get-Command -Module PSWindowsUpdate

Get-Help works for all of them.



Dell's server diagnostics: OpenManage Server Administrator Managed Node
article #1499, updated 17 days ago

If you need to do diagnostics on a Dell server, download “OpenManage Server Administrator Managed Node”. Yes, I know all Dell divers already have this written on the insides of skulls…:-)



Turn off Fast Startup in Windows 10, if boot is taking a lot time
article #1498, updated 17 days ago

Had a new one recently. A PC running Windows 10, up to date, was taking about 30 minutes to boot. Turning off Fast Startup seems to have fixed it. Reportedly this will do it:

powercfg /hibernate off

but I used a GUI method: Control Panel, Power Options, Choose what the power buttons do, Change settings that are currently unavailable, then unchecked “Turn on fast startup (recommended)”, then Save Changes.

The GUI method is reversible in GUI; the command-line method removed the GUI method from visibility.

Still not sure what the root cause of the situation is, or how to do prevention. But reportedly, a very large proportion of Windows users are in fact hibernating or similar, rather than turning off, and don’t know it, and this can cause Windows updates to fail and other issues related to networking.



Set Windows page file(s) via Powershell
article #1497, updated 21 days ago

Rather a handy tutorial:



Set DNS in use via Powershell
article #1490, updated 31 days ago

  1. Open up an administrative Powershell. Run IPCONFIG /ALL. That will get you a list of active NICs. DNS in use, is set for each NIC if you have more than one.
  2. The name of each NIC has a prefix that has to be omitted. There are a number of prefixes which are common. For a simple wired NIC, it’s usually “Ethernet Adapter”; on many HPE servers, IPCONFIG /ALL will therefore show the second NIC as Ethernet adapter Embedded LOM 1 Port 2.
  3. So let’s say you have a LAN with three active DNS servers (,, and, and you want your HPE server of the above description, with the first two NICs active, to use all of them. Here’s the Powershell commands:
Set-DnsClientServerAddress "Embedded LOM 1 Port 1" -ServerAddresses ("","","")
Set-DnsClientServerAddress "Embedded LOM 1 Port 2" -ServerAddresses ("","","")
  1. For a second example, let’s say we’re on a common workstation, and we want to change DNS from a static setting, to whatever DHCP will pass out:
Set-DnsClientServerAddress "Ethernet" -ResetServerAddresses



Download URL Using Powershell
article #1439, updated 36 days ago

Longstanding, works well unless BITS is corrupt:

Start-BitsTransfer -Source $URL -Destination $Path

On 1809 and up:

curl.exe -O $URL

A pure Powershell method:

(New-Object System.Net.WebClient).DownloadFile($URL,$Path)



Look up Microsoft Surface model and warranty from serial number
article #1496, updated 38 days ago

This page is very helpful:



Clear System Volume Information (and Disable Sentinel One)
article #1438, updated 46 days ago

SentinelOne (S1) considers deletion of volume shadows to be bad actor behavior, because it often is a way that cryptolockers delete last-known-good checkpoints. Unfortunately, there is a lot of cleanup which ends up being required, as the hidden NTFS System Volume Information folders on Windows machines build up and up and up in size. I’ve seen instances ranging from 20G to hundreds of gigabytes, and every time this occurs, the overall system slows down, and often slows down a whole lot. WizTree is my favorite method of identifying this situation, but there are many.

In order to clear a huge SVI folder with S1 installed, one must do this:

  1. First get the Passphrase for the machine, from the S1 console. It’s under Actions, you can choose Show Passphrase. Do be aware that your S1 admin will probably receive a notice that you have asked for this.
  2. cd "C:\Program Files\SentinelOne\Sentinel*"
  3. Please put the actual passphrase in, and the quotes are necessary:
    .\sentinelctl.exe unload -slam -k "<passphrase>"
  4. vssadmin delete shadows /all
  5. Only if this is a server, check System Volume Information size again. If it’s still big, we have three options.
    1. The first is to do these two:
      (within diskshadow’s command line:) delete shadows all

      This can take a while, especially if SVI is big, e.g., more than 20-30 gigabytes. It can get huge occasionally, hundreds of gigabytes. I recently saw 1,022 shadow copies deleted (it tells you the count at the end) from one server.
    2. The second is to do this:
      wmic shadowcopy delete /nointeractive
      which runs the cleanup nicely, and possibly a bit faster than the other.
    3. The third is to do this, in Powershell:
      Start-Job -ScriptBlock { wmic shadowcopy delete /nointeractive }
      which does #2, but in the background.
  1. .\sentinelctl.exe load -slam

And you are done.

If you should need to reenable S1 after work such as the above, here’s a paste:

cd "C:\Program Files\SentinelOne\Sentinel*"
.\sentinelctl.exe load -slam