Reset Windows Update
functions/public/Invoke-WPFFixesUpdate.ps1
1function Invoke-WPFFixesUpdate {
2
3 <#
4
5 .SYNOPSIS
6 Performs various tasks in an attempt to repair Windows Update
7
8 .DESCRIPTION
9 1. (Aggressive Only) Scans the system for corruption using the Invoke-WPFSystemRepair function
10 2. Stops Windows Update Services
11 3. Remove the QMGR Data file, which stores BITS jobs
12 4. (Aggressive Only) Renames the DataStore and CatRoot2 folders
13 DataStore - Contains the Windows Update History and Log Files
14 CatRoot2 - Contains the Signatures for Windows Update Packages
15 5. Renames the Windows Update Download Folder
16 6. Deletes the Windows Update Log
17 7. (Aggressive Only) Resets the Security Descriptors on the Windows Update Services
18 8. Reregisters the BITS and Windows Update DLLs
19 9. Removes the WSUS client settings
20 10. Resets WinSock
21 11. Gets and deletes all BITS jobs
22 12. Sets the startup type of the Windows Update Services then starts them
23 13. Forces Windows Update to check for updates
24
25 .PARAMETER Aggressive
26 If specified, the script will take additional steps to repair Windows Update that are more dangerous, take a significant amount of time, or are generally unnecessary
27
28 #>
29
30 param($Aggressive = $false)
31
32 Write-Progress -Id 0 -Activity "Repairing Windows Update" -PercentComplete 0
33 Set-WinUtilTaskbaritem -state "Indeterminate" -overlay "logo"
34 Write-Host "Starting Windows Update Repair..."
35 # Wait for the first progress bar to show, otherwise the second one won't show
36 Start-Sleep -Milliseconds 200
37
38 if ($Aggressive) {
39 Invoke-WPFSystemRepair
40 }
41
42
43 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Status "Stopping Windows Update Services..." -PercentComplete 10
44 # Stop the Windows Update Services
45 Write-Progress -Id 2 -ParentId 0 -Activity "Stopping Services" -Status "Stopping BITS..." -PercentComplete 0
46 Stop-Service -Name BITS -Force
47 Write-Progress -Id 2 -ParentId 0 -Activity "Stopping Services" -Status "Stopping wuauserv..." -PercentComplete 20
48 Stop-Service -Name wuauserv -Force
49 Write-Progress -Id 2 -ParentId 0 -Activity "Stopping Services" -Status "Stopping appidsvc..." -PercentComplete 40
50 Stop-Service -Name appidsvc -Force
51 Write-Progress -Id 2 -ParentId 0 -Activity "Stopping Services" -Status "Stopping cryptsvc..." -PercentComplete 60
52 Stop-Service -Name cryptsvc -Force
53 Write-Progress -Id 2 -ParentId 0 -Activity "Stopping Services" -Status "Completed" -PercentComplete 100
54
55
56 # Remove the QMGR Data file
57 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Status "Renaming/Removing Files..." -PercentComplete 20
58 Write-Progress -Id 3 -ParentId 0 -Activity "Renaming/Removing Files" -Status "Removing QMGR Data files..." -PercentComplete 0
59 Remove-Item "$env:allusersprofile\Application Data\Microsoft\Network\Downloader\qmgr*.dat" -ErrorAction SilentlyContinue
60
61
62 if ($Aggressive) {
63 # Rename the Windows Update Log and Signature Folders
64 Write-Progress -Id 3 -ParentId 0 -Activity "Renaming/Removing Files" -Status "Renaming the Windows Update Log, Download, and Signature Folder..." -PercentComplete 20
65 Rename-Item $env:systemroot\SoftwareDistribution\DataStore DataStore.bak -ErrorAction SilentlyContinue
66 Rename-Item $env:systemroot\System32\Catroot2 catroot2.bak -ErrorAction SilentlyContinue
67 }
68
69 # Rename the Windows Update Download Folder
70 Write-Progress -Id 3 -ParentId 0 -Activity "Renaming/Removing Files" -Status "Renaming the Windows Update Download Folder..." -PercentComplete 20
71 Rename-Item $env:systemroot\SoftwareDistribution\Download Download.bak -ErrorAction SilentlyContinue
72
73 # Delete the legacy Windows Update Log
74 Write-Progress -Id 3 -ParentId 0 -Activity "Renaming/Removing Files" -Status "Removing the old Windows Update log..." -PercentComplete 80
75 Remove-Item $env:systemroot\WindowsUpdate.log -ErrorAction SilentlyContinue
76 Write-Progress -Id 3 -ParentId 0 -Activity "Renaming/Removing Files" -Status "Completed" -PercentComplete 100
77
78
79 if ($Aggressive) {
80 # Reset the Security Descriptors on the Windows Update Services
81 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Status "Resetting the WU Service Security Descriptors..." -PercentComplete 25
82 Write-Progress -Id 4 -ParentId 0 -Activity "Resetting the WU Service Security Descriptors" -Status "Resetting the BITS Security Descriptor..." -PercentComplete 0
83 Start-Process -NoNewWindow -FilePath "sc.exe" -ArgumentList "sdset", "bits", "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)" -Wait
84 Write-Progress -Id 4 -ParentId 0 -Activity "Resetting the WU Service Security Descriptors" -Status "Resetting the wuauserv Security Descriptor..." -PercentComplete 50
85 Start-Process -NoNewWindow -FilePath "sc.exe" -ArgumentList "sdset", "wuauserv", "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)" -Wait
86 Write-Progress -Id 4 -ParentId 0 -Activity "Resetting the WU Service Security Descriptors" -Status "Completed" -PercentComplete 100
87 }
88
89
90 # Reregister the BITS and Windows Update DLLs
91 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Status "Reregistering DLLs..." -PercentComplete 40
92 $oldLocation = Get-Location
93 Set-Location $env:systemroot\system32
94 $i = 0
95 $DLLs = @(
96 "atl.dll", "urlmon.dll", "mshtml.dll", "shdocvw.dll", "browseui.dll",
97 "jscript.dll", "vbscript.dll", "scrrun.dll", "msxml.dll", "msxml3.dll",
98 "msxml6.dll", "actxprxy.dll", "softpub.dll", "wintrust.dll", "dssenh.dll",
99 "rsaenh.dll", "gpkcsp.dll", "sccbase.dll", "slbcsp.dll", "cryptdlg.dll",
100 "oleaut32.dll", "ole32.dll", "shell32.dll", "initpki.dll", "wuapi.dll",
101 "wuaueng.dll", "wuaueng1.dll", "wucltui.dll", "wups.dll", "wups2.dll",
102 "wuweb.dll", "qmgr.dll", "qmgrprxy.dll", "wucltux.dll", "muweb.dll", "wuwebv.dll"
103 )
104 foreach ($dll in $DLLs) {
105 Write-Progress -Id 5 -ParentId 0 -Activity "Reregistering DLLs" -Status "Registering $dll..." -PercentComplete ($i / $DLLs.Count * 100)
106 $i++
107 Start-Process -NoNewWindow -FilePath "regsvr32.exe" -ArgumentList "/s", $dll
108 }
109 Set-Location $oldLocation
110 Write-Progress -Id 5 -ParentId 0 -Activity "Reregistering DLLs" -Status "Completed" -PercentComplete 100
111
112
113 # Remove the WSUS client settings
114 if (Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate") {
115 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Status "Removing WSUS client settings..." -PercentComplete 60
116 Write-Progress -Id 6 -ParentId 0 -Activity "Removing WSUS client settings" -PercentComplete 0
117 Start-Process -NoNewWindow -FilePath "REG" -ArgumentList "DELETE", "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate", "/v", "AccountDomainSid", "/f" -RedirectStandardError "NUL"
118 Start-Process -NoNewWindow -FilePath "REG" -ArgumentList "DELETE", "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate", "/v", "PingID", "/f" -RedirectStandardError "NUL"
119 Start-Process -NoNewWindow -FilePath "REG" -ArgumentList "DELETE", "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate", "/v", "SusClientId", "/f" -RedirectStandardError "NUL"
120 Write-Progress -Id 6 -ParentId 0 -Activity "Removing WSUS client settings" -Status "Completed" -PercentComplete 100
121 }
122
123 # Remove Group Policy Windows Update settings
124 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Status "Removing Group Policy Windows Update settings..." -PercentComplete 60
125 Write-Progress -Id 7 -ParentId 0 -Activity "Removing Group Policy Windows Update settings" -PercentComplete 0
126 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ExcludeWUDriversInQualityUpdate" -ErrorAction SilentlyContinue
127 Write-Host "Defaulting driver offering through Windows Update..."
128 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" -Name "PreventDeviceMetadataFromNetwork" -ErrorAction SilentlyContinue
129 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontPromptForWindowsUpdate" -ErrorAction SilentlyContinue
130 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DontSearchWindowsUpdate" -ErrorAction SilentlyContinue
131 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DriverSearching" -Name "DriverUpdateWizardWuSearchEnabled" -ErrorAction SilentlyContinue
132 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "ExcludeWUDriversInQualityUpdate" -ErrorAction SilentlyContinue
133 Write-Host "Defaulting Windows Update automatic restart..."
134 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -ErrorAction SilentlyContinue
135 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUPowerManagement" -ErrorAction SilentlyContinue
136 Write-Host "Clearing ANY Windows Update Policy settings..."
137 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "BranchReadinessLevel" -ErrorAction SilentlyContinue
138 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferFeatureUpdatesPeriodInDays" -ErrorAction SilentlyContinue
139 Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" -Name "DeferQualityUpdatesPeriodInDays" -ErrorAction SilentlyContinue
140 Remove-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies" -Recurse -Force -ErrorAction SilentlyContinue
141 Remove-Item -Path "HKCU:\Software\Microsoft\WindowsSelfHost" -Recurse -Force -ErrorAction SilentlyContinue
142 Remove-Item -Path "HKCU:\Software\Policies" -Recurse -Force -ErrorAction SilentlyContinue
143 Remove-Item -Path "HKLM:\Software\Microsoft\Policies" -Recurse -Force -ErrorAction SilentlyContinue
144 Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies" -Recurse -Force -ErrorAction SilentlyContinue
145 Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" -Recurse -Force -ErrorAction SilentlyContinue
146 Remove-Item -Path "HKLM:\Software\Microsoft\WindowsSelfHost" -Recurse -Force -ErrorAction SilentlyContinue
147 Remove-Item -Path "HKLM:\Software\Policies" -Recurse -Force -ErrorAction SilentlyContinue
148 Remove-Item -Path "HKLM:\Software\WOW6432Node\Microsoft\Policies" -Recurse -Force -ErrorAction SilentlyContinue
149 Remove-Item -Path "HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies" -Recurse -Force -ErrorAction SilentlyContinue
150 Remove-Item -Path "HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" -Recurse -Force -ErrorAction SilentlyContinue
151 Start-Process -NoNewWindow -FilePath "secedit" -ArgumentList "/configure", "/cfg", "$env:windir\inf\defltbase.inf", "/db", "defltbase.sdb", "/verbose" -Wait
152 Start-Process -NoNewWindow -FilePath "cmd.exe" -ArgumentList "/c RD /S /Q $env:WinDir\System32\GroupPolicyUsers" -Wait
153 Start-Process -NoNewWindow -FilePath "cmd.exe" -ArgumentList "/c RD /S /Q $env:WinDir\System32\GroupPolicy" -Wait
154 Start-Process -NoNewWindow -FilePath "gpupdate" -ArgumentList "/force" -Wait
155 Write-Progress -Id 7 -ParentId 0 -Activity "Removing Group Policy Windows Update settings" -Status "Completed" -PercentComplete 100
156
157
158 # Reset WinSock
159 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Status "Resetting WinSock..." -PercentComplete 65
160 Write-Progress -Id 7 -ParentId 0 -Activity "Resetting WinSock" -Status "Resetting WinSock..." -PercentComplete 0
161 Start-Process -NoNewWindow -FilePath "netsh" -ArgumentList "winsock", "reset"
162 Start-Process -NoNewWindow -FilePath "netsh" -ArgumentList "winhttp", "reset", "proxy"
163 Start-Process -NoNewWindow -FilePath "netsh" -ArgumentList "int", "ip", "reset"
164 Write-Progress -Id 7 -ParentId 0 -Activity "Resetting WinSock" -Status "Completed" -PercentComplete 100
165
166
167 # Get and delete all BITS jobs
168 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Status "Deleting BITS jobs..." -PercentComplete 75
169 Write-Progress -Id 8 -ParentId 0 -Activity "Deleting BITS jobs" -Status "Deleting BITS jobs..." -PercentComplete 0
170 Get-BitsTransfer | Remove-BitsTransfer
171 Write-Progress -Id 8 -ParentId 0 -Activity "Deleting BITS jobs" -Status "Completed" -PercentComplete 100
172
173
174 # Change the startup type of the Windows Update Services and start them
175 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Status "Starting Windows Update Services..." -PercentComplete 90
176 Write-Progress -Id 9 -ParentId 0 -Activity "Starting Windows Update Services" -Status "Starting BITS..." -PercentComplete 0
177 Get-Service BITS | Set-Service -StartupType Manual -PassThru | Start-Service
178 Write-Progress -Id 9 -ParentId 0 -Activity "Starting Windows Update Services" -Status "Starting wuauserv..." -PercentComplete 25
179 Get-Service wuauserv | Set-Service -StartupType Manual -PassThru | Start-Service
180 Write-Progress -Id 9 -ParentId 0 -Activity "Starting Windows Update Services" -Status "Starting AppIDSvc..." -PercentComplete 50
181 # The AppIDSvc service is protected, so the startup type has to be changed in the registry
182 Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\AppIDSvc" -Name "Start" -Value "3" # Manual
183 Start-Service AppIDSvc
184 Write-Progress -Id 9 -ParentId 0 -Activity "Starting Windows Update Services" -Status "Starting CryptSvc..." -PercentComplete 75
185 Get-Service CryptSvc | Set-Service -StartupType Manual -PassThru | Start-Service
186 Write-Progress -Id 9 -ParentId 0 -Activity "Starting Windows Update Services" -Status "Completed" -PercentComplete 100
187
188
189 # Force Windows Update to check for updates
190 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Status "Forcing discovery..." -PercentComplete 95
191 Write-Progress -Id 10 -ParentId 0 -Activity "Forcing discovery" -Status "Forcing discovery..." -PercentComplete 0
192 try {
193 (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
194 } catch {
195 Set-WinUtilTaskbaritem -state "Error" -overlay "warning"
196 Write-Warning "Failed to create Windows Update COM object: $_"
197 }
198 Start-Process -NoNewWindow -FilePath "wuauclt" -ArgumentList "/resetauthorization", "/detectnow"
199 Write-Progress -Id 10 -ParentId 0 -Activity "Forcing discovery" -Status "Completed" -PercentComplete 100
200 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Status "Completed" -PercentComplete 100
201
202 Set-WinUtilTaskbaritem -state "None" -overlay "checkmark"
203
204 $ButtonType = [System.Windows.MessageBoxButton]::OK
205 $MessageboxTitle = "Reset Windows Update "
206 $Messageboxbody = ("Stock settings loaded.`n Please reboot your computer")
207 $MessageIcon = [System.Windows.MessageBoxImage]::Information
208
209 [System.Windows.MessageBox]::Show($Messageboxbody, $MessageboxTitle, $ButtonType, $MessageIcon)
210 Write-Host "==============================================="
211 Write-Host "-- Reset All Windows Update Settings to Stock -"
212 Write-Host "==============================================="
213
214 # Remove the progress bars
215 Write-Progress -Id 0 -Activity "Repairing Windows Update" -Completed
216 Write-Progress -Id 1 -Activity "Scanning for corruption" -Completed
217 Write-Progress -Id 2 -Activity "Stopping Services" -Completed
218 Write-Progress -Id 3 -Activity "Renaming/Removing Files" -Completed
219 Write-Progress -Id 4 -Activity "Resetting the WU Service Security Descriptors" -Completed
220 Write-Progress -Id 5 -Activity "Reregistering DLLs" -Completed
221 Write-Progress -Id 6 -Activity "Removing Group Policy Windows Update settings" -Completed
222 Write-Progress -Id 7 -Activity "Resetting WinSock" -Completed
223 Write-Progress -Id 8 -Activity "Deleting BITS jobs" -Completed
224 Write-Progress -Id 9 -Activity "Starting Windows Update Services" -Completed
225 Write-Progress -Id 10 -Activity "Forcing discovery" -Completed
226}