This script will completely reset the Windows Update client settings. It has been tested on Windows 7, 8, 10, and Server 2008 R2, 2012 R2, 2016. It will configure the services and registry keys related to Windows Update for default settings. It will also clean up files related to Windows Update.
This worklet can either be run manually, or you can put in an evaluation code of:
Exit 1
if you want to always run the worklet on a set schedule.
<#
.SYNOPSIS
Resets the Windows Update components
.DESCRIPTION
This script will reset all of the Windows Updates components to DEFAULT SETTINGS, clean-up some files related to Windows Update, and notify the user that a reboot will occur in 15 minutes (which can be modified) giving them a second warning at 5 minutes.
.OUTPUTS
Results are output to the Activity Log.
#>
$arch = Get-WMIObject -Class Win32_Processor -ComputerName LocalHost | Select-Object AddressWidth
Write-Host "1. Stopping Windows Update Services..."
Stop-Service -Name BITS
Stop-Service -Name wuauserv
Stop-Service -Name appidsvc
Stop-Service -Name cryptsvc
Write-Host "2. Remove QMGR Data file..."
Remove-Item "$env:allusersprofile\Microsoft\Network\Downloader\qmgr*.dat" -ErrorAction SilentlyContinue
Write-Host "3. Renaming the Software Distribution and CatRoot Folder..."
Remove-Item $env:systemroot\SoftwareDistribution.bak -ErrorAction SilentlyContinue
Rename-Item $env:systemroot\SoftwareDistribution SoftwareDistribution.bak -ErrorAction SilentlyContinue
# This may not work if the folder is locked by having a contained file being accessed
Remove-Item $env:systemroot\System32\Catroot2.bak -ErrorAction SilentlyContinue
Rename-Item $env:systemroot\System32\Catroot2 catroot2.bak -ErrorAction SilentlyContinue
Write-Host "4. Removing old Windows Update log..."
Remove-Item $env:systemroot\WindowsUpdate.log -ErrorAction SilentlyContinue
Write-Host "5. Resetting the Windows Update Services to default settings..."
"sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)"
"sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)"
Set-Location $env:systemroot\system32
Write-Host "6. Registering some DLLs..."
regsvr32.exe /s atl.dll
regsvr32.exe /s urlmon.dll
regsvr32.exe /s mshtml.dll
regsvr32.exe /s shdocvw.dll
regsvr32.exe /s browseui.dll
regsvr32.exe /s jscript.dll
regsvr32.exe /s vbscript.dll
regsvr32.exe /s scrrun.dll
regsvr32.exe /s msxml.dll
regsvr32.exe /s msxml3.dll
regsvr32.exe /s msxml6.dll
regsvr32.exe /s actxprxy.dll
regsvr32.exe /s softpub.dll
regsvr32.exe /s wintrust.dll
regsvr32.exe /s dssenh.dll
regsvr32.exe /s rsaenh.dll
regsvr32.exe /s gpkcsp.dll
regsvr32.exe /s sccbase.dll
regsvr32.exe /s slbcsp.dll
regsvr32.exe /s cryptdlg.dll
regsvr32.exe /s oleaut32.dll
regsvr32.exe /s ole32.dll
regsvr32.exe /s shell32.dll
regsvr32.exe /s initpki.dll
regsvr32.exe /s wuapi.dll
regsvr32.exe /s wuaueng.dll
regsvr32.exe /s wuaueng1.dll
regsvr32.exe /s wucltui.dll
regsvr32.exe /s wups.dll
regsvr32.exe /s wups2.dll
regsvr32.exe /s wuweb.dll
regsvr32.exe /s qmgr.dll
regsvr32.exe /s qmgrprxy.dll
regsvr32.exe /s wucltux.dll
regsvr32.exe /s muweb.dll
regsvr32.exe /s wuwebv.dll
Write-Host "7) Removing WSUS client settings..."
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
Write-Host "8) Resetting the WinSock..."
netsh winsock reset
netsh winhttp reset proxy
Write-Host "9) Delete all BITS jobs..."
Get-BitsTransfer | Remove-BitsTransfer
Write-Host "10) Attempting to install the Windows Update Agent..."
if($arch -eq 64){
wusa Windows8-RT-KB2937636-x64 /quiet
}
else{
wusa Windows8-RT-KB2937636-x86 /quiet
}
Write-Host "11) Starting Windows Update Services..."
Start-Service -Name BITS
Start-Service -Name wuauserv
Start-Service -Name appidsvc
Start-Service -Name cryptsvc
Write-Host "12) Forcing discovery..."
wuauclt /resetauthorization /detectnow
#hardset the reboot countdown timer in seconds (e.g. 900 for 15 minutes)
$rebootimer = 900
#set the first notification message copy. Include the reboot time value set previously
$message1 = "Automox will automatically reboot your computer in 15 minutes. Please take time to save and close any open documents."
#Define the time to wait until the second notification message is sent in seconds (e.g. 600 to wait 10 minutes).
$message2wait = 600
#set the second notification message copy
$message2 = "Automox will automatically reboot your computer in 5 minutes. Please take time to save and close any open documents."
#reset the reboot time to match the time indicated in the previous notification message copy (e.g. 300 for 5 minutes)
$rebootimer2 = 300
shutdown /a
shutdown /r /t $rebootimer /d p:4:1 /c $message1
Start-Sleep -Seconds $message2wait
shutdown /a
shutdown /r /t $rebootimer2 /d p:4:1 /c $message2