Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

The Cumulative update Dilema [10]

I've got a nicely configured 10 LTSB but now big updates don't install because of removed components. So I follow the guide to install in place and the first time it failed at settings migration. I'm giving it another go with the easy migration feature re-enabled so we'll see what happens. (failed again)

My issue here is that:
A. This process takes forever and copies many files
B. What will happen to autokms? What will happen to "take ownership". My GPOs, My tweaks. etc
C. Am I really going to be doing this every month?

My 7 installs are YEARS old on personal machines. Seriously, my user folder was created 12/2010

So I have the following options I guess
1. Not use 10. Stick with 7 or gutted 8.1 (updates install there, I think)
2. Install 10 as is and try to manually disable the features I don't want.
3. Run 10 never installing updates and count on eset + firewall.

Why can we not have a list of the removed components or re-installable backups of the packages? Like wimtweak/package exporter solution.
Why can't we break up the cumulative updates and install pieces vs a preset of what was removed, etc?

On this system I'm doing it for giggles to see what can be done (no worry of data loss) but on a primary system the situation appears untenable.



  • edited April 2017
    Since Windows became so picky when installing updates, breaking when removing components, Nuhi implemented that thing called Host Refresh. You should try that. It wont remove anything, not programs, not personal information, just "refresh" the machine with presets of your choosing (updates, remove components, etc).

    Also I think that you should try to store all your precious data in a different partition, so you can always format C: without worrying, because if you save all in C: the day that you have a system failure you are screwed, and using NTlite to remove components basically increase the chance of a system failure if you use it too freely (removing sfc, for example).
  • As mentioned in the post host refresh failed. I haven't gotten to see what it saves. With a long running system a second partition won't really help anything. You would still have to re-install all of the software. On the 7 system that is 200 items.

  • edited April 2017
    For what you said I understood that you used the install updates wizard, not host refresh. Anyway, just in case, take in mind that you have to do the host refresh with an unmodified iso, not with a ntlited iso. Then ntlite will use the preset you specify to do all the updates and removals.
  • I tried that basic stuff. The host refresh fails to complete and rolls back. Plus I don't want to have to re-install every month. I don't have to do that on 8.1 or 7.
  • edited April 2017
    Same situation here, just that I am lucky and always got the "Host Refresh" to work just fine with my slimmed down ISOs. I´ve cross-graded from 2016 EnterpriseSN LTSB to Creators Update Enterprise now (by faking the EditionID in the registry, you can always keep all apps + settings, even if upgrading from Home to Enterprise or Enterprise to Home, combinations that would never be possible especially with keeping apps + settings) was it does not really help to use LTSB if it can´t update either, which I noticed quickly too. So if I have to use the "Host Refresh" method, I figured I could as well go with the latest Windows 10 version each time.

    That being said, "Host Refresh" is NOT as straight forward as Nuhi told me. While it keeps Programs and everything was running just fine, 50% of my registry tuning (not everything, but 50%) got lost completely, so I had to re-do that as well. What I´ve been doing now is to generate .reg files for my tuning, so that after the next "Host Refresh", I can get this sorted a lot quicker than having to walk through all the programs. I am also backing up services states and the same for the task scheduler / autologgers and ETW tracer instances. So the next refresh (if it works!), should be much quicker.

    I agree though that the situation is overly complicated if you want to use Windows 10 with NTLite. Microsoft has messed up a lot with the updates, I still have my 8.1 (super slim!) running aside and updates install just fine (at least for the components that are left in my slimmed down version). But for Windows 10, no way, not a single cumulative update will install on my slimmed down versions at all. It´s a pain in the *ss.

    I hope Nuhi can come-up with a good solution that can edit the update packages to not fail and only update components that we have installed. He mentioned that the plan is that NTLite can download updates directly from Microsoft in the future and install them for us, so that there is no more need to use Windows Update and so that they won´t fail. I am just not sure if this idea will still work with Unified Update Platform coming now...

    What I will be trying is to manually patch my Windows 10 Creators Update 15063.14 to the newest cumulative update 15063.138 - which, naturallly, failed to install on my slimmed 15063.14. My plan is this: I have installed a full 15063.14 ISO into a VM and updated it to 15063.138 - worked just fine. Now I am going to automatically verify the file / folder differences in the whole \Windows directory (including WinSXS) and all it´s subfolders, then make an automated copy-list of files that need to be updated in my slimmed 15063.14 and copy them over (via booting to Windows PE, live you can´t replace them, even if running file operations as "TrustedInstaller", because many of them are in use). Also some registry tweaking will be needed for sure to update the component store entries there too (copying that over from the VM as well), but I bet I can make it work - although I agree again, it IS a pain in the *ss of having to do things like that to stay up to date. Then again, using the full blown Windows 10, even if Enterprise, is NOT an option, it is complete B L O A T ware and NOTHING less.

    I will report back how the first completely manual Windows Update did go:)
  • Does Refresh work with LTSB 2016? Thanks.
  • That's what I'm using. It probably works if you don't cut out too much. I will try more operations in VMs to be sure it works at all.

    I can already download windows updates with WHdownloader or wumt so not even using the proper windows update doesn't help. I looked at what the format actually is.

    It should be possible to go through and remove the components that are missing and install wtih DISM. NTlite could easily check after expanding the updates. There is a little bit more to the re-packing which is why I haven't been able to do it. I only ever found one guy posting trying to understand the format.

    Basically the latest update update splits into 4 cabs and then those split into something like 500+ individual patches. The mums are xml files with signatures and components. The first one indexes all the patches and what windows they are for. The individual ones have their own which list files, etc.

    The main thing that sticks out is that you'll have to do this dance EVERY month or run unpatched. On a low end machine it takes a long time even making the host refresh image. Its a whole lot of disk grinding that undoes the whole point of slim windows.
  • edited April 2017
    Heh, I think the issue is that they are deferred permanently.

    Taking out MS account support killed the start menu I wasn't using and prevents windows update from actually downloading even though it sees the files. On 8 it was fine to remove app support and MS account support completely.

    Not like it matters when the cumulatives fail. I'll see if that was the deal breaker with VM but I somehow doubt its the only one.

    I looked in the VM. If you remove telemetry, no updates for you!
    Error DISM DISM Package Manager: PID=1632 TID=1600 Failed opening package Microsoft-Windows-DiagTrack-Internal-Package~31bf3856ad364e35~amd64~~10.0.10240.16384. - CDISMPackageManager::Internal_CreatePackageByName(hr:0x800f0805)
    Error DISM DISM Package Manager: PID=1632 TID=1600 Failed to get the underlying cbs package. - CDISMPackageManager::OpenPackageByName(hr:0x800f0805)
    Error DISM DISM Package Manager: PID=1632 TID=1600 The specified package is not valid Windows package. - GetCbsErrorMsg
    Error DISM DISM Package Manager: PID=1632 TID=1600 Failed opening package with the name "Microsoft-Windows-DiagTrack-Internal-Package~31bf3856ad364e35~amd64~~10.0.10240.16384" - CPackageManagerCLIHandler::Private_GetPackageNameFromCommandLine(hr:0x800f0805)
    Error DISM DISM Package Manager: PID=1632 TID=1600 Failed while processing command remove-package. - CPackageManagerCLIHandler::ExecuteCmdLine(hr:0x800f0805)
  • It´s not related specifically to telemetry, it is related to ANY component that an update wants to update and that is not installed on your machine anymore. So basically even if just removing a basic component, all cumulative updates will start to fail. You can only use in-place-upgrades meanwhile or manually update the way I did today as mentioned in my post above (worked out just great and was not to difficult).
  • edited April 2017
    Well, if anything blame MS, not ntlite. I could update windows 7 with a shitton of removals without problem, but I cant with windows 10. In fact nuhi implemented host refresh because of this very same reason.

    About host refresh, I think it does exactly that, refresh. This is, reg keys added by programs and configs arent touched, but all system related registry keys get refreshed/reinstalled like new, so thats probably what happened when you said that you lost a lot of registry configs. Anyway you should have all of those registry configs saved somewhere so you can install them anytime.

    About host refresh, it doesnt take too long for me, about the same as a format, maybe a little more since it has to config the image before refreshing. A little trick is to use an almost unmodified iso, just with the updates integrated. This is less important now since a new version was just released, but in the previous version it was over 1 GB of updates and it takes some time to integrate.

    This said, its fast for me but I use an SSD for my main system and for ntlite stuff. If you dont, you should do the same if you can, you wont regret it. Not just for ntlite but everything will be faster.
  • edited April 2017
    Yep, same here, also using SSD, so it´s all a matter of a few minutes and being prepared with the right .REG files (as mentioned in my initial post). Drivesnapshot comes in handy on top, in case something fails that worked in the VM but fails in live install, just revert back to the previous state within mintues.

    I was just merely referring to that Nuhi told me that the hosh refresh is straigt forward and keeps all apps + their settings + all windows settings. It´s the case for the first two, but not for to the windows settings, 50% of them are gone afterward. That is where you will need to have your .reg files ready + group policy editor (which can quickly apply *most* of your previous tweaks). It´s better than having to go through all the tweaking programs, I´ve done that in the past, but for the previous 2 installations, I just did it for one of them and recoreded all changes those tweaking programs made in the registry via ProcMon (Process Monitor) and created .reg files out of that afterward via Powershell (AppInstallRecorder Powershell script, which can take ProcMon´s logfiles and create resulting .reg files out of those).

    I also liked this one a lot (in case someone doesn´t know it yet, it works with normal non-VM machines too):

    Just make sure you carefully select the tweaks and do not blindly apply them (some are for VM´s only and you do not want those on a non-VM install).

    Anyhow, I agree that MS f*cked up big time with the updates for Windows 10. Well, for their perspective they did not f*ck up at all, because it makes live even harder for us modders. They don´t want us to do that and want to make us stick to the full installations, of course. Yes, even for Windows 8.1 all updates install fine, only a few fail for the components that are removed anyway. However, for Windows 10, the complete update fails if just one component is not there anymore - it´s a pity. But host refresh + a well prepared user in terms of tweaks, does the job.

    Again, I am fully with you, NTLite rocks, it´s MS that is making this extra-hard for us. But as I´ve succeeded with my "100% manual update" by simply exchanging related files and registry entries "by hand" today, I am all fine and give a damn about MS:) F*ck MS:)
  • I looked in dism/cbs some more. There are 2 packages that are missing. So editing update.mum and removing the offending packs would work if it weren't for signature verification on the updates. This is bypassed on obsolete OS like win2k but no clue how to crack it on 10.


    I do have some SSDs but not in everything. I like the idea of the diff method. It should be possible to read the changes out of the update files and apply them to the OS in that manner, technically without the separate VM. I think its all listed in the mums.

    I know that the "refresh" idea kinda sorta maybe works... unfortunately it failed on my live system. I haven't tried it in VM, that might tell me the reason why. Since it failed at all on something that will be a monthly thing I can't really accept it as any kind of real solution. A stopgap or workaround maybe, but that's it.

    I'd rather run without updates and just make sure windows isn't running any services than go through possibly a full re-install every month. And if we're talking about rolling out to multiple machines its a complete non starter.
  • edited April 2017
    In relation to having your .reg files ready after a host refresh, I came accross this handy little bastard:

    Creates .reg files from registry changes a program you´ve selected did. Monitor your "Tweaking apps" with that nasty little boy and have all the changes it did in a simple .reg file for the next time to apply them in one shot.
  • edited April 2017
    Hi NsaFarm,

    0. If the migration fails, it's 99% because of Windows Setup cannot cope with the current OS state for some reason, can be an installed app or a driver. I have quite a lite setup and it works, so it's up to debugging logs.
    Let me know which error you get and before deleting temp files we should gather some logs.
    That 1% could be that some more components are needed, but if you use Host Refresh wizard it will protect the needed ones for you.
    If you have a non-working Host Refresh wizard preset, let me know and I'll check.

    Don't forget to backup any valuable install before playing further, then you are safe to even revert if you don't like the result.

    A. 30min or so, but yes, copies more than normal install due to installed apps and files being moved after reinstall.
    B. As with any Windows upgrade, depends on the situation. I haven't seen any major issues, once I had to reinstall Nvidia driver, and once a keyboard software settings were not reapplied.
    C. It is automated, one button with the wizard, you might want it to stop for replacing the update and that's it. Or install full Windows, not really our choice as updating unfortunately demands all files.

    Windows 7 and 8.1 are also switching to cumulative updates, so same issue would apply, difference being that Host Refresh wizard/method works only on Win10.
    You can install 10, disable Windows Update, update it manually (or use Install Updates wizard with NTlite + downloaded update).
    Then decide will you remove any components, maybe it's good enough for you even full, if updating faster is that important.

    Not all components are split per packages, and packages sometimes remove too much.

    Cumulative update splitting is something on my radar, but no time for now as that is not guaranteed to work, but is most promising.
    Let me know if anyone succeeds, I would gladly implement it in a heartbeat if it's not hacky.

    As the last chance, which with Host Refresh is not necessary to spend time on, would be to implement own package engine to update files and registries more resiliently.
  • RegFromApp is a handy ickle beastie. I can harvest reg tweaks from tweaker programs(a god send) and for programs that you have to install(but which can also run without the installer), install X with regfromapp running and get any changes to the registry, file associations etc. Truly a handy little beastie :)
  • edited May 2017
    Heh, I am failing on windows mail dll. After trying to re-sign the updates a few times deleting the 2 packages from update.mum I think using a VM with all things installed and trying to extract the missing package is what I'll go with next.

    Everyone is missing the point: I don't want to have to re-install windows every month. "Refresh" is a install in place. It has been possible since forever. Neither my 7s or 8.1s are failing on cumulative updates, despite removing almost just as many components.

    I like your idea of the package engine and can't understand why you didn't go that route to begin with. When you remove, lets say asimov, it should dump it into a CAB file so that if you need it for something it can be installed again.

    heh, now it failing on this:
    ?xml version="1.0" encoding="utf-8"?>
    assembly xmlns="urn:schemas-microsoft-com:asm.v3" manifestVersion="1.0">
    assemblyIdentity name="04a49a01c791c27c3c7dfad23b0c4a8f" version="10.0.14393.953" processorArchitecture="amd64" language="neutral" buildType="release" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS" />
    deployment />
    dependency discoverable="false">
    dependentAssembly dependencyType="install">
    assemblyIdentity name="Microsoft-Windows-Help-Client" version="10.0.14393.953" processorArchitecture="wow64" language="neutral" buildType="release" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS" />

    but I installed help client.
  • So *some* of the updates will install if you extract the cabs. While there are 6000ish of them a simple loop will fix that.

    For /R c:\path %f in (*.mum) do dism /online /norestart /add-package /packagepath:”%f”

    After that I made sure the pieces were hidden so they don't spam windows update history using cbsenum. Incompatible updates and updates for components I had removed error-ed out but who needs them!

    Previous cumulative updates operated the exact same way and I see all of their hidden pieces in the CBS. Much better than host refresh, which I had tried multiple times until it corrupted the component store.

  • I agree, I am neither convinced about Host Refresh, you might have seen my issues with it over here?:

    It resets much to many things, so I am trying to find a good way around too. So you are saying that you just "dump on" all the MSUs via DISM? But doesn´t that lead to a overcrowded component store / WinSXS? Because normally, the cumulative update would remove the updates packages in WinSXS that have been replaced with new versions. With your approach, it just adds on top of the previous ones, but does not remove them. Does Windows still ONLY use the latest distributions in WinSXS then (if you have verified that)?
    Also, didn´t it bring back previously removed components either?

    Would be great to have a way around these in place upgrades and am happy to test.... Just spent the last 8 hours restorting all the tweaks / adjustments that got lost because of the in place upgrade, absolutely hate it :(
  • edited May 2017
    P.S.: Thanks for CBSEnum, that is a amazing tool, just what I needed too! Thanks again.... Do you know though if there is a newer compiled version than "" ? This one is dated March 2016, while the current commits go up to December 2016 already....

    P.S.2: As a tip from me: use to run CBSEnum, then there is no need to let it take ownership of the registry keys, as you are running it as "TRUSTEDINSTALLER" this way, which is the owner of these keys.
  • Yes, the idea of filtering out components that go to sub-package level did occur to me, so it would be easier to support forced fragmented cumulative update if you can only remove components that are on a package level.
    - what happens if a person runs a normal update via Windows update even if just packages were removed, does it still revert properly or it leaves some half-updated OS, or returns some components?
    - you may want sub-package components to be removable, will have to resist the further removal :)

    Either way, I was planning on adding a package manager for the Updates uninstalling reason, it should be usable for packaged-up components as well.
    Then people will be able to choose package removals, or go deep with the current custom engine.

    Btw during NTLite alpha tests (pre 1.0), I was planning to go that route, but didn't like package removals, quite limited and dangerous (as some packages include a a lot, need to be filtered out and sometimes a certain DLL needs to be kept for compatibility reasons...)0.
    That was before Win10, now it's kinda useful.
    More about it in coming months.
  • Hi Nuhi,

    this sounds like a great idea! "Forced Fragmented Cumulate Updates" <- that would be absolutely great. I couldn´t care less about Windows Update, I actually even have ripped it out in my last attempts, because it is not useful at all anymore. Each cumulative update fails anyway, so the only reason to leave it on would be it´s driver updates, but then I can install drivers (and more current / right ones) on my own anyway, so why keep that annoyance at all, right?

    Really looking forward to what you can come up with, but for now CBSEnum did great as well (made a post to the components removal wishlist thread and listed some things that should be considered for a standard removal in NTLite "out of the box").

    Thank you so much :)
  • I use NTsudo with cbsenum. It makes me into trustedinstaller. From what I could tell all windows does is install the pieces and *hide* the mini packages while leaving the main update visible. All of the subs can be uninstalled. They are called Package_4244_of_6023_KB666666 so not very descriptive. If you tracked down what the pieces were you could go back and remove them with CBS.

    My OS was pre-updated to march so I only see a few pieces of what looks like the last cumulative update. This one installed a bunch more. My only worry is that the main package is a pre-req for something. I should find out with this next set of patches, for all I know the next one will install just fine.

    Double checking, I was installing KB4015217 (1255pkg) and I have 1239 packages from KB 4016635 so theory must be correct.

    When the updates failed, all KB packages were rolled back. If I run the update now after all of the installs I've got no clue if it reverts what I manually DISM'ed. It should skip what is already installed and just try the "missing" packages. In the manual install quite a few were not applicable.

    On 8.1 I've seen updates bring components back so I have 0 trust there. With this 10 update... I swear I didn't have so many diag services. I don't remember diagnostic system host and I removed diagtrack previously. I go and try to remove "troubleshooting" stuff with cbsenum and 2 packages refuse to uninstall, just like that one search2 pkg I can't get.
  • Hi :)

    You don´t need to run CBSEnum as TrustedInstaller, the SYSTEM account that Powerrun brings on, has all privileges for the registry and removal of any kind of packages or system files, it goes a bit deeper than NTSudo does in terms of permissions (with NTSudo I still had a few reg keys that could not be changed because of "access denied").

    Nevertheless, I will try your method as well (brute forcing the update install via the extract MSU files), but I am wondering too if this will bring back components. Once I do that, I will monitor everything of course via a Regshot before and after and of course my services + drivers + etw tracers snapshots. I will let you know what I find....

    By the way, I´ve also got some packages that you cannot remove 100% via CBSEnum, most likely because they are to deep linked into the system - the fail with error 14003 (no such package), although the package is clearly there. But, all you´d need to go in such a case to fix the component store again, is to simply search the registry for the package that can´t be uninstalled (copy -> packagename in CBSEnum) and remove all references to it. Do the same on your hard drive, just search the package name to find all related files (most reside in catroot) and delete them (of course you´d also need to do that under the SYSTEM account, otherwise you can´t delete them - I simply launch SpeedCommander via PowerRun, so all operations go just fine and I can use a good interface to do it instead of the command prompt). Afterward run:

    dism /Online /Cleanup-Image /StartComponentCleanup
    dism /Online /Cleanup-Image /StartComponentCleanup /ResetBase

    If this completes without errors, then you´ve fixed the component store just fine, because if a package gets stuck like this and you don´t clean it up as described above, both of these DISM command will fail with "Element missing".

    Maybe it helps something...
  • Thanks I'll give it ago. I figured the search2 was just the search box in file explorer but I have no need for the troubleshooting packages.
  • NSudo is more superior tool, and it's the source that powerrun and other tools are built on
    TrustedInstaller is not an account, it's a token to enable all privileges
    both tools runs as SYSTEM account with TI token
  • So I finally managed to break my system. I removed diagnostics live and got a permanent BSOD (windows event tracing fatal error).

    I ended up making another image with some more stuff that I wanted to keep. i.e I want the "compatibility" options and I had removed them, had broken the start menu, etc.

    I integrated the update and looking at CBSenum there are 1346 packages. So maybe 91 packages weren't installed via the brute force method and who knows if component removal hasn't killed them while leaving the package "installed".

    Setup was way faster the second time around and I can still test multi brute force updates in VM whenever they cough up the next update.
  • edited May 2017
    I see... Personally I had removed "Compatibility" as well, but it did not break the start menu, but the "Compatibility" button, so you could not execute programs in Windows 7 / Vista mode etc anymore.

    I have attached my NTLite Preset for you (working on Windows Creators Update + all latest updates (10563.250)). This is fully working with that preset, but almost everything is ripped out still. Of course, there is no more network sharing (you should reenable SMB if you need it), no modern app support (except for the Settings-App), but at least no Bluescreens or anything and blazing fast with over 723 components removed.

  • MS account support removal killed the start menu. You removed a lot of drivers.

    This is my latest:
    This is what I had before:
  • edited May 2017
    I should have mentioned that this is for Creators Update with latest updates (15063.250). MS Account removal does not kill the start menu there. Apart from that, I am not using it anyway, using ClassicShell or StartIsBack.
    On top of that I have afterward (via CSBEnum) removed ShellHostExperience completely, this indeed kills the start menu completely, but you can then disable even more services too (Tile Data Layer etc.), making it even more lightweight. With disabling even more things like all ETW Trace Sessions, all Performance Counters, all general Windows tracing (Kernel Logger etc), I´ve managed to have it with 400mb RAM usage after startup now, haha. Benchmarks like PC Mark show huge improvement as well, especially after disabling all the tracing which cannot be disabled via NTLite. I think I´ve managed to have the most lightweight Windows 10 I´ve ever had so far and that pays off - I can go down to 2ms(!) with my ASIO drivers now without any crackle. On my previous customizations I could not go below 10ms without crackling. This is super amazing for me when making music / processing audio in realtime (which is my main job).

    And yes, everything I don´t need has to go, why should I keep it?;) I never use Bluetooth, I never use NFC, I don´t even use DHCP for the network, no modern apps, just kernel + audio drivers + plain Win32 app support is enough for me basically :)

    Will take a look at yours too.
Sign In or Register to comment.