Yes, this works from an elevated command prompt or powershell. Of course it has to be from a local account with the trust issue breaking any domain admin access. Might be an issue for some remote package management that authenticate via those accounts?
Yes, I have a best practice to create a local account as admin .Usually it's the name of company and a default password.
All managed by WPKG installer.
Right now I have a half-way package to fix this. It removes the KB5028166 and deny download later.
I cannot find a way (yet) to test if those things are already done so it slow down the startup a minute.
I know about DOS errorlevel but it isn't working...not sure why:
This command call a PowerShell
<install timeout="300" cmd='%comspec% /C powershell -NoProfile -NonInteractive -ExecutionPolicy bypass -File "%SOFTWARE%\kb5028166.ps1"' />
and this is the powershell script:
If(-not(Get-InstalledModule pswindowsupdate -ErrorAction silentlycontinue)){
Set-PSRepository NuGet -InstallationPolicy Trusted
Set-PSRepository PSGallery -InstallationPolicy Trusted
Install-Module pswindowsupdate -Confirm:$False -Force
}
hide-windowsupdate -KBArticleID KB5028166
wusa /uninstall /kb:5028166 /quiet /norestart
If anyone knows how to verify a KB is installed better than:
wmic qfe list brief /format:table|findstr KB5028166
I'd thank you.
later something like:
if errorlevel 0 wusa /uninstall /kb:5028166
would make all automagically... but this ERRORLEVEL is a problem right now.
I think we could use if errorlevel 1 to run all other commands:
If(-not(Get-InstalledModule pswindowsupdate -ErrorAction silentlycontinue)){
Set-PSRepository NuGet -InstallationPolicy Trusted
Set-PSRepository PSGallery -InstallationPolicy Trusted
Install-Module pswindowsupdate -Confirm:$False -Force
}
hide-windowsupdate -KBArticleID KB5028166
and otherwise just remove it with
wusa /uninstall /kb:5028166just do not find the right sintax till now. My best guess till now in PS is this as
KB5028166.ps1 file content:
$instalado = wmic qfe list brief /format:table|findstr KB5028166
if ($instalado){
write-host "Encontrei o KB5028166, removendo... aguarde"
write-host "run: wusa /uninstall /kb:5028166"}
else{
If(-not(Get-InstalledModule pswindowsupdate -ErrorAction silentlycontinue)){
Set-PSRepository NuGet -InstallationPolicy Trusted
Set-PSRepository PSGallery -InstallationPolicy Trusted
Install-Module pswindowsupdate -Confirm:$False -Force
write-host "Nao encontrei o KB5028166, evitando instalacao... aguarde"
write-host "run: hide-windowupdate -KBArticle KB5028166"
}
}
Note the write-host is SHOWING the commands instead of running them.
Any tips are welcome.