Computers Not Reporting To WSUS

I had an issue where I had several computer that were downloading and updating from the WSUS server, but they were not reporting.  I could see the in WSUS the computers checking in, but the last report date was not changing.  To resolve the issue I performed the following steps on the PC

  1.  Open a command prompt as administrator.
  2. net stop wuauserv
  3. Open regedit as administrator
  4. Delete the following keys
    1. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate \SusClientId
    2. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate \SusClientIdValidation
  5. Delete the C:\Windows\SoftwareDistribution folder (This seems to be need for Windows 11)
  6. Back in the command prompt – net start wuauserv
  7. wuauclt /resetauthorization /detectnow
  8. Go into update settings and check for updates
  9. Back in the command prompt – wuauclt /reportnow (This step is not necessary, but it should force the PC to report now instead of waiting 20 minutes)

After performing the above steps I check WSUS to make sure the PC is reporting.

Copy Drivers From One Computer To Another

If you are having issues finding a driver for a device, and already have it working on another computer you can copy the driver from the working computer.  Windows stores a copy of each installed driver in the C:\Windows\System32\DriverStore\FileRepository folder.

Find the subfolder with the description of the device driver you are looking for and copy to a flash drive.  You can then use Device Manager to install the driver for your device.

If there are several folders that have similar name, and you aren’t sure which driver you need, copy them all.  Windows will not let you install a driver that isn’t for your device.

Installing Drivers That Aren’t Digitally Signed in Window 10

Sometimes you may want to use an older piece of equipment, like a scanner, on your PC.  When you try to install the driver you get an error that the drivers are not digitally signed.  At this point the install stops, and you aren’t able to use your equipment.  Don’t worry there is way around this issue.

Steps to Follow to install drivers that are not digitally signed:

  1. Click the Start menu and select Setting.
  2. Click on Update and Security.
  3. Click on Recovery.
  4. Click on Restart now under the Advanced Startup section.
  5. Click on Troubleshoot.
  6. Click Advanced options.
  7. Click Startup Settings.
  8. Click on Restart.
  9. On the Startup Settings screen press 7 to disable the driver signature enforcement.

You will now be able to install your device driver without any issues.  Reboot your PC to re-enable driver signature enforcement.

Install .NET Framework 3.5 on Windows 10

I have found that after performing a clean install of Windows 10 that sometimes .NET Framework 3.5 is not installed.  I have run into scenarios where even though I had 4..6 installed I still needed 3.5.

If you have a non domain computer the quickest way to install 3.5 is to open Programs and Features and click on Turn Windows features on or off.  This will open another where you can turn on .NET Framework 3.5.

If you are on a domain computer, specifically a domain that is using WSUS, then the above procedure will probably not work.  This is due to the fact that the above procedure uses Windows Update to install the program.  Since WSUS redirects the PC to a different server the install package is not available.  To install .NET Framework in this scenario you will need a windows 10 install disc.  Insert the disc into you drive and open a Command Prompt as an admin.  In the Command Prompt window type the following command and press Enter:

dism /online /add-package /packagepath:E:\sources\sxs\microsoft-windows-netfx3-ondemand-package.cab

Make sure to replace E with the drive letter of you device.

Windows 10 – 1607 WSUS Problems

Did you upgrade your Windows 10 PC to 1607 also known as the anniversary update, only to find that it won’t install updates from your WSUS server?  If so join the club.  After some research, it appears that Microsoft figured out the issue and put in in their September cumulative update KB3189866.

To get this update to my network computers I had 2 options.  Since I couldn’t  get the affected PC’s to retrieve updates from my WSUS server, I either had to install the update manually or have each PC download the patch from Microsoft’s update servers.   I chose to manually install the patch since I could not afford the bandwidth required to have each machine downloading updates from the internet at once.

Once I manually installed the KB3189866 update, each computer was able to contact my WSUS server, download the remaining updates and install them.

Group Policy Program Installation Registry

I have come across another reason why Windows will not install assigned programs in a Group Policy.  It thinks they are already installed!  I have had a few instances where a program was not installed and I could find no errors in the the event log files.  When I checked the registry there was already an entry for the program indicating that the program had already been installed via Group Policy.

Resolution

Open regedit and go to the following path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt

One there you will find an entry for each program you have assigned through Group Policy.  Find the entry for the program that you are having the issue with and delete it.  The computer should attempt to install the program again once the computer is rebooted.

Delete Sub-Directories And Files

I came across a situation where I wanted to delete all the files and sub-directories out of a a directory.  I wanted to leave my main directory and just delete every thing in it.

I tried using the del command but it does not remove sub-directories.  There is the rd command to remove directories, but it only removes directories that are empty.  The other problem with the RD command is that you need to know the name of the directory.  The solution was to script a file, which is fine because I wanted to schedule this job to run weekly.  I found a script on the Internet that did what I wanted but I had to modify it slightly.  Below is the script along with explanations in red.

echo off

REM Edit your folder path
set CAT=C:\path name
(Set the path of the folder you wish to empty out)

dir “%%CAT%%”/s/b/a | sort /r >> %TEMP%\files2del.txt
(This line scans the directory and saves a list of all sub-directories)
for /f “delims=;” %%D in (%TEMP%\files2del.txt) do (del /F /Q /a:h “%%D” & rd “%%D”)
(Deletes all hidden files and removes directory if empty)
for /f “delims=;” %%D in (%TEMP%\files2del.txt) do (del /F /Q “%%D” & rd “%%D”)
(Deletes all files and removes empty directory)
del /q %TEMP%\files2del.txt
(Deletes temporary list of sub-directories)

The only modification I made to the script was adding the line that deletes all the hidden files.  I had to do this because the original script would leave sub-directories with hidden Thumbs files.

Setting Java Security level in MSI

Starting with Java 7 Update 51, Java started blocking certain Java applications.  These applications were deemed outdated and a security risk by Java.  You can still get these to run by changing the security level of Java to allow these to run.  If you need to set the security level of many machines and are pushing Java out through Group Policy you can edit the msi file to push out the desired security setting.  Below are the setting you can add to the Property Table in the msi to change the security level to your needs.

  • On installation, the WEB_JAVA argument has the following effect:
    WEB_JAVA=1 enables Java in the browser
    WEB_JAVA=0 disables Java in the browser
  • On installation, the WEB_JAVA_SECURITY_LEVEL argument has the following effect:
    WEB_JAVA_SECURITY_LEVEL=VH sets the security level to very high
    WEB_JAVA_SECURITY_LEVEL=H sets the security level to high
    WEB_JAVA_SECURITY_LEVEL=M sets the security level to medium

You will need to set the WEB_JAVA_SECURITY_LEVEL=M to be able to run blocked Java applications.

Goup Policy Program Assignments Not Installing

After installing some newer Windows 7 computers I ran into a problem where several computers would not install program that were assigned through Group Policy.  The majority of these computers were at remote locations using slower network connections.  I knew that the computer was receiving the policy because I could perform a gpupdate /force and the computer would indicate that a restart was needed to install the program.  After checking the event logs of these computer I saw 2 different events.

Event 1129: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Event 1055:  The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

I figured out the issue was slow connectivity to the network, so I had to make a few changes in Group Policy accommodate for this.

1.  Computer Configuration > Policies > Admin Templates > System > Logon
Setting Name: Always wait for network at computer startup and logon
I changed this to enabled.

2.  Computer Configuration > Policies > Admin Templates > System > Group Policy
Setting Name: Startup policy processing wait time
I enabled this setting and set the wait time to 60 seconds.  This forces the computer to wait at least 60 seconds before moves on without network connection.

I had to make these changes on the local PC Group Policy using the gpedit.msc because these setting were not on our Server 2003 Group Policy. I would assume that these setting are in later versions of MS Server.

Network Printer Disappears

I have run into a problem where I install a networked printer on a computer as a local printer and once I reboot the computer the printer disappears.  I made sure the printer was available, and I could reinstall the printer, but as soon as I restarted the computer it would disappear again.

I realized the problem had to do with the share name.  Even though I was not sharing the printer through the computer I needed to have a share name on the printer.  Usually one is provided during the install, but I have found that occasionally the field is blank during the install process.  If one is not provided, usually all you have to do is click the share button.  Once you do this, a name usually appears.  Then just click Do not share printer.

Here is a screen shot of the install showing the share name blank.

As you can see once I click Share this printer a name is populated.  You can change this to whatever you want.

You can see that when I click on Do not share, the name stays populated.

 

I have had this problem on 3 different computers, and this fix has worked every time.