Installation and Patching
-
Possible Bug - Group Policy: Domain controller: Allow vulnerable Netlogon secure channel connections
POSSIBLE BUG: On Server 2012 R2, When the Policy "Domain controller: Allow vulnerable Netlogon secure channel connections"* is set to NOT DEFINED, this registry key STILL contains old PREVIOUSLY set entries (security descriptors) in the list!
[HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"vulnerablechannelallowlist"Details: When you enable the policy "Domain controller: Allow vulnerable Netlogon secure channel connections" and add a user account or security group and then later disable the policy by setting it to Not Defined, the associated registry key is NOT cleared.
*Reference: How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472
See Section Section 3b
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc8 votes -
On a server by server basis, allow individual patches/updates to be installed
On a server by server basis, we need to make decisions on whether or not to allow individual patches/updates to be installed. In a typical scenario, this would be because of things like .NET version compatibility (or rather, incompatibility) with applications such as SharePoint, Exchange, Skype For Business and line-of-business applications.
We want to be able to approve patches in WSUS generally, but then ignore or just delay those on a particular server on a case-by-case basis, according to the needs of various applications. We used to be able to run Windows Update, see the list of patches for that…
3 votes -
WSUS import from update catalog should by supported by EDGE Chromium
IE is dead!
But it is not possible to use an other browser for import updates from update catalog!
Why is there no support for Edge Chromium until now ?
OR: WSUS gets possible to import patches in any other way.3 votes -
WSUS Server Should Be Manageable Using PowerShell 7
PowerShell 7 does not support the WSUS module. The module is not loaded by default as it does not support .NET Core. And if loaded via the compatibility mechanism, the deserialized objects returned have no methods thus can not be used.
There are, I am sure, some significant issues in improving this module such that it runs with .NET Core 3. I also understand SOAP is involved in these cmdlets, which may well complicate a quicky and dirty solution.
That being said, PowerShell 7 provides some very significant performance enhancements, particularly involving large collections (like all the computers in a…
10 votes -
ip-cam
innstalere wabscam
1 vote -
Installed updates not able to search in server 2019
We are not able to search the installed patches and Kb/Hot fix in Server 2019 same as 2012R2 Servers.
2 votes -
Fix Windows Updates on Server 2016
Please fix Windows Updates on Server 2016 to allow more control in search and installing updates, similar to previous Windows Server versions. The inability to control which updates can be applied is outrageous! The ability for updates to install without any control is mind boggeling. FIX THIS AT ONCE!!!
56 votes -
kendukona
i have no idea
1 vote -
Server 2019 - Do not force updates to be installed automatically
On Server 2019 you should have the option to see the newly released updates, select which ones to install, and be able to manually install them when desired in all situations. Updates should not be automatically installed.
8 votes -
Install on alternate drive issue: installdir param doesn't seem to work
We're installing to D:... on command line but application ignores the installation option. Log attached.
MSI (s) (74:68) [16:46:59:878]: Command Line: INSTALLDIR=d:\Program Files\Windows Admin Center SMEPORT=443 SMETHUMBPRINT=XYZ SSLCERTIFICATEOPTION=installed CURRENTDIRECTORY=D:\temp CLIENTUILEVEL=3 CLIENTPROCESSID=3721 vote -
Bigger problem is automatic installation of buggy patches!!!!
Scary part about Windows Server patching is when Microsoft issues a buggy patches that disables SQL server, Exchange server or causes BSODs! We have seen all of that lately causing widespread chaos for Systems Administrators. Always WAIT for patches to be one or two months old if possible before deploying. You do not want to volunteer to be a Microsoft Patch Beta Tester! Luckily Microsoft has a method to boot offline to a USB stick or CDROM now that lets you undo the bad patch on an unbootable system but still causes a lot of stress and headaches for sysadmins.
4 votes -
Windows Malicious Software Removal November 2019 reinstall
I have posted on Technet forums about this as well: Windows Malicious Software Removal Tool November 2019 reinstalling each time I run Windows Update on Windows Server 2019 (build 17763.864 ) . It ia not re-downloaded, just re-installed (re-ran) Is this a bug? I guess so, I hope the machine is not infected with some nasty thing.
3 votes -
Please split security update and feature update from cumulative update and let administrators decide what they need to install
Please split security update and feature update from cumulative update and let administrators decide what they need to install
-- TLDR; Too long don't read --
https://social.technet.microsoft.com/Forums/en-US/baa4a8b1-39b7-4dd3-b692-bdab5ccd30ae/what-is-best-practice-to-keep-windows-server-201620122008-most-secured-and-high-available?forum=winservergen
Here is a reddit thread why people don't like windows updates.
Warning: If you are a Microsoft's employee or fans, you will definitely not like it. Don't read.
https://www.reddit.com/r/sysadmin/comments/dv6k1z/whyiswindowsupdatealwaysthetop_reason/
Why is Windows update always the top reason people don't like Microsoft Windows?
Hi Ahmed MALEK,
Thanks for your reply. Since Microsoft decides to deliver cumulative updates only(I don't know, maybe in these two years), I guess the…
3 votes -
need to change boot flag in second partition how get back there to do that
need to change boot flag in second partition how get back there to do that
1 vote -
1 vote
-
"BUG by Design" in Windows Server 2019 (Windows Updates)
Hi,
That is a bug in Windows Server 2019!
We have Group Policy for Windows Updates and use in our infrastracture WSUS. According to Group Policy, the updates will be downloaded to the system, and then an administrator will install manually the downloaded updates.
We tested Windows Updates onsome Windows Server 2019 machines.
If the click "Check for updates", then the updates will be downloaded and automatically installed!!! That is fatal!
If I check "View configured update policy", then our policy are listed for the updates. It seems all are correct.
"BUG by Design"?
Best regards
Birdal
8 votes -
Resume allowing unused features to be removed from Windows Server 2019
Using the following PowerShell snipet to remove the binaries from unused roles and features worked great in Windows Server 2012-2016.
Get-WindowsFeature | Where-Object {$PSItem.InstallState -eq "Available"} | Uninstall-WindowsFeature -Remove
When used in conjunction with Features on Demand this results in smaller install footprints for VMs and VM templates. Doing so in Windows Server 2019 breaks future CU installs due to the new PSFX update engine (error code 0x800F0982 PSFXEMATCHINGCOMPONENTNOT_FOUND is returned).
9 votes -
1 vote
-
[New tool] [WSUS] WSUS Server should be manageable via Windows Admin Center
On the Windows Admin Center Manager WSUS, allow updates, allow machines, create groups ...
28 votes -
Fix Windows Update to Expire Cumulative Updates When New One Released
Why is my Windows Server 2016 1607 installing, in order:
2018-05 Cumulative Update
(Download, reboot)
2018-06 Cumulative Update
(Download, reboot)
2018-07 Cumulative Update
(Download, reboot)If the update is cumulative, should not only the last one be requited? This is an incredibly wasteful and annoying time sink.
17 votes
- Don't see your idea?