abbodi1406's Batch Scripts Repo

Discussion in 'Scripting' started by abbodi1406, May 4, 2017.

  1. redsunset

    redsunset MDL Member

    Mar 16, 2022
    182
    86
    10
  2. June's Hill

    June's Hill MDL Novice

    Jul 1, 2021
    25
    17
    0
    Hello dear friend. Thank you for your testing and your reports.

    I really don't know what happen with Micro$oft. It seems that they want, in all ways, that everyone have "updated" PCs to install Windows 11. That certification problem is related to the UEFI/Firmware version of PC Motherboard, so, as @Carlos Detweiller said: "many older machines won't get firmware updates anymore and stay on the old cert forever".

    This situation is really disappointing. The worst part is when they want people to use their "New" Windows 11, after throwing an "old" PC (according to them), buy another computer, and use a system that has many bugs (with every monthly update), restrictions, and useless stuff (AI, some apps, and more).

    But this is not the end, some stupid companies, like Autodesk, said that the support for Windows 10 ends this year. So people using Win10-LTSC in a Industry, Avionics, Automotive environments, that use Autodesk Fusion, must now use Windows 11. All because Autodesk wants to comply Microsoft's dictatorship. Totally disgusting.
    https://www.autodesk.com/support/te...Announcing-End-of-Support-for-Windows-10.html
     
  3. VDev

    VDev MDL Member

    Sep 9, 2015
    129
    67
    10
    #3623 VDev, Mar 29, 2025
    Last edited: Mar 30, 2025
    @abbodi1406 Just an update. 24H2 ISO works without using NTLite custom profile. Used unattended answer file to do quick debug/testing. 23H2 with UpdBootFiles=1 doesn't work with secure boot on HyperV while 24H2 didn't complain at all. Both 23H2 and 24H2 were integrated with March CU 2025.

    I finally fixed the performance issue on my Ryzen machine. It was due to Windows Hello security not allowing newer Ryzen Chipset driver to removed even using uninstall tool. Used DriverStoreExplorer to wipe out all AMD drivers. Afterwards, I had to remove the PIN and redo fingerprint and Face enrollment with newly initialized TPM/Pluton and now I get a refreshed Windows Hello Sign-In. Also reverted AMD GPU driver to Dec 2024 due to some driver bugs in 25.3.1 WHQL. The NPU took a long to init, broken Mic array driver and Studio effects were super slow.

    Did a quick test, 24H2 all updates integrated without ISO took 19 mins while 23H2 took 25 mins as opposed to 2-3hrs for Home/Pro editions.
    Definitely new certs aren't accepted in build 22621 aka 23H2 while 24H2 does fine with and without secure boot. I think Windows 11 must be renamed to Windows Nah edition. Never saw weird bugs while testing Windows 10 Insider Builds on crappy pentium dual core than on certified Win 11 Business PC.

    EDIT: Re-did 23H2 with latest safe os and setup dynamic updates. Now you can enable secure boot post install in VMs and disable it during pre-install which fixes the dreaded error 0xc000000f
     
  4. Gladwin

    Gladwin MDL Member

    Dec 20, 2012
    244
    114
    10
    i have also same problem with update boot to Windows UEFI CA 2023 , after use W10UI v10.51 with UpdtBootFiles =1 create installation media it failed to boot when secure boot enabled , may i ask has any solution to fix ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. VDev

    VDev MDL Member

    Sep 9, 2015
    129
    67
    10
    You can follow my above post. 24H2 doesn't have issues with secure boot only 23H2 does. Sadly, MSFT didn't release 23H2 v3 ISO which has secure boot fixed.
    Add latest safe os and setup dynamic updates and you can install 23H2 without secure boot and enable it post install. The PC/VM simply blocks the new UEFI cert 2023.
     
  6. redsunset

    redsunset MDL Member

    Mar 16, 2022
    182
    86
    10
    #3626 redsunset, Apr 7, 2025
    Last edited: Apr 7, 2025
    With 24H2 and UpdBootFiles=1 I had success when selecting and installing via ' Previous Version of Setup'.
    Also, check the BIOS to see if the pc has the 2023 PCA.
     
  7. Gladwin

    Gladwin MDL Member

    Dec 20, 2012
    244
    114
    10
    now i also disable secure boot in bios and install the windows use new Installation Media in Windows UEFI CA 2023, after it go back to bios and enable back , but my problem is 24H2 also cant boot if enable secure boot , excepted roll back to Windows Production PCA 2011, it will boot normally with out any issue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Gladwin

    Gladwin MDL Member

    Dec 20, 2012
    244
    114
    10
    how to check bios have 2023 PCA or not ? because i roll back to Windows Production PCA 2011, it can boot the Installation media with enable secure boot , if use W10UI v10.51 with UpdtBootFiles =1 update the Windows UEFI CA 2023 will get error booting if enable secure boot.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. redsunset

    redsunset MDL Member

    Mar 16, 2022
    182
    86
    10
    Check the secure boot menu

    [​IMG]
     
  10. Gladwin

    Gladwin MDL Member

    Dec 20, 2012
    244
    114
    10
    thanks for teaching , but my laptop dont have this settting in scure boot , just got enable and disable only, now if i install windows use installation media need disable secure boot first on bios , after it enable back once done log in windows.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Paul Mercer

    Paul Mercer MDL Expert

    Apr 6, 2018
    1,975
    4,213
    60
    #3631 Paul Mercer, Apr 8, 2025
    Last edited: Apr 8, 2025
    no big deal if your ISO is from a trusted source
    as for how to fix it - update your UEFI firmware, which doesn't apply to EOL products

    some motherboards also allow you to manually upload trusted certificates in custom mode

    Ventoy in UEFI mode with the old bootloader should work as a workaround, I think
    upd: not really, boot.wim should support the old CA, otherwise the ISO wouldn't boot
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. redsunset

    redsunset MDL Member

    Mar 16, 2022
    182
    86
    10
    Is there a 'Setup Mode' or a 'Delete all Secure boot variables' option ? if there are you can use https://github.com/pbatard/Mosby
    Either of these options will put secure boot in setup mode or you could search google to check if your motherboard can be put somehow into secure boot setup mode. Then you can use that tool to update the variables.
     
  13. Gladwin

    Gladwin MDL Member

    Dec 20, 2012
    244
    114
    10
    UEFI fireware has been updated, still same, i use USB Installation media, not use ISO, enable secure boot still can boot if i roll back Windows Production PCA 2011, just the new Windows UEFI CA 2023 updated the installation media booting error if i enable secure boot.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Gladwin

    Gladwin MDL Member

    Dec 20, 2012
    244
    114
    10
    for laptop just have enable and disable secure boot only, on desktop maybe can choose it, now i just can roll back for Windows Production PCA 2011 on the installation media.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. VDev

    VDev MDL Member

    Sep 9, 2015
    129
    67
    10
    Not all BIOS has updated certificates/dbx files and old PCs will not accept 2023 cert file on laptops. It thinks 2011 cert is still safe. Haha. What you can do is add safeos and dynamic updates for 24H2 without update boot files to get updated winpe/boot.wim that is aligned with March 2025 update so that it won't throw boot media incorrect error
     
  16. Paul Mercer

    Paul Mercer MDL Expert

    Apr 6, 2018
    1,975
    4,213
    60
    #3636 Paul Mercer, Apr 10, 2025
    Last edited: Apr 12, 2025
    can't boot 19045.5737 in VMware WS 17.6.3 with secure boot enabled, UpdtBootFiles=1 in W10UI config file
    VBS is disabled in VMware WS settings

    VMware WS hasn't been updated to support CA 2023?

    upd: 26100.3775 boots fine with UpdtBootFiles=1, weird
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. tcntad

    tcntad MDL Guru

    Oct 26, 2009
    4,632
    1,651
    150
    #3637 tcntad, Apr 11, 2025
    Last edited: Apr 12, 2025
    I dont think this is actually related to W10UI but since I was using it Im asking here. During the night (consumer) and few hours ago (Business) I ran W10UI.cmd v10.51 process W11-24H2-EN (complete stock untouched geniune ISOs)

    It would appear 14028 implies a faulty update file but it worked in 9/10 index and in Boot.wim it failed to find source with error "Error: 0x800f081f" "Package_for_RollupFix: The source files could not be found."

    Is this beacuse something faulty with my ssd or mounted wims or something else? The log doesnt tell that much to me
    I'll add that I ran script on Business this morning and it failed to mount Index7 but a rerun after it worked.


    Edit: Ran script on my much older/slower Server 2019 with no errors for Install.wim but Boot.wim errors are still there

    I have all following updates
    1/10: defender-dism-x64.cab
    2/10: Windows11.0-KB5048779-x64.cab [OOBE]
    3/10: windows11.0-KB5050575-x64_ae49edf83bd6a86deffdf42f84803e000bb7bb69.cab
    4/10: Windows11.0-KB5054979-x64-NDP481.cab [NetFx]
    5/10: windows11.0-kb5054981-x64_4e25402830fd6863eb840ce751fc65812e15ccf8.cab [Setup DU]
    6/10: windows11.0-kb5055671-x64_896616712b59f152393be3c3ac1fcb5399eaff83.cab [SafeOS DU]
    7/10: Windows11.0-KB5043113-x64_inout.cab [SSU]
    8/10: Windows11.0-KB5058538-x64_inout.cab [SSU]
    9/10: Windows11.0-KB5043080-x64.wim [LCU]
    10/10: Windows11.0-KB5055523-x64.wim [LCU]


    Only on Index 7 I recieve follow errors (copied from script window)
    First process
    Code:
    ============================================================
    Installing updates...
    ============================================================
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Image Version: 10.0.26100.3476
    
    Processing 1 of 3 - Adding package Package_for_KB5048779~31bf3856ad364e35~amd64~~26100.2448.1.2
    [==========================100.0%==========================]
    Processing 2 of 3 - Adding package Package_for_KB5050575~31bf3856ad364e35~amd64~~26100.1588.1.0
    [==========================100.0%==========================]
    Processing 3 of 3 - Adding package Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9300.1
    [==========================100.0%==========================]
    The operation completed successfully.
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Image Version: 10.0.26100.3476
    
    Processing 1 of 1 - Adding package Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.1742.1.10
    [==========================100.0%==========================]
    The operation completed successfully.
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Image Version: 10.0.26100.3476
    
    Processing 1 of 1 - Adding package Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.3775.1.17
    [==========================100.0%==========================]
    An error occurred - Package_for_RollupFix Error: 0x800736cc
    
    Error: 14028
    
    A component's file does not match the verification information present in the component manifest.
    
    The DISM log file can be found at C:\windows\Logs\DISM\DismLCU.log
    
    Second process, reinstalling cumulative updates
    Code:
    ============================================================
    Reinstalling cumulative update(s)...
    ============================================================
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Image Version: 10.0.26100.3476
    
    Processing 1 of 3 - Adding package Package_for_DotNetRollup_481~31bf3856ad364e35~amd64~~10.0.9300.1
    [==========================100.0%==========================]
    Processing 2 of 3 - Adding package Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.1742.1.10
    [==========================100.0%==========================]
    Processing 3 of 3 - Adding package Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.3775.1.17
    [==========================100.0%==========================]
    An error occurred - Package_for_RollupFix Error: 0x800736cc
    
    Error: 14028
    
    The command completed with errors.
    For more information, refer to the log file.
    
    The DISM log file can be found at C:\windows\Logs\DISM\DismNetFx3.log
    

    And for Boot I get these errors
    Index 1
    Code:
    ============================================================
    Installing updates...
    ============================================================
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Image Version: 10.0.26100.3476
    
    Processing 1 of 1 - Adding package Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.1742.1.10
    [==========================100.0%==========================]
    Package_for_RollupFix: The source files could not be found.
    Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see https://go.microsoft.com/fwlink/?LinkId=243077.
     Error: 0x800f081f
    
    Error: 0x800f081f
    
    DISM failed. No operation was performed.
    For more information, review the log file.
    
    The DISM log file can be found at C:\windows\Logs\DISM\DismLCU_boot.log
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Image Version: 10.0.26100.3476
    
    Processing 1 of 1 - Adding package Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.3775.1.17
    [==========================100.0%==========================]
    The operation completed successfully.
    
    Index 2
    Code:
    ============================================================
    Installing updates...
    ============================================================
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Image Version: 10.0.26100.3476
    
    Processing 1 of 1 - Adding package Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.1742.1.10
    [==========================100.0%==========================]
    Package_for_RollupFix: The source files could not be found.
    Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see https://go.microsoft.com/fwlink/?LinkId=243077.
     Error: 0x800f081f
    
    Error: 0x800f081f
    
    DISM failed. No operation was performed.
    For more information, review the log file.
    
    The DISM log file can be found at C:\windows\Logs\DISM\DismLCU_boot.log
    
    Deployment Image Servicing and Management tool
    Version: 10.0.26100.2454
    
    Image Version: 10.0.26100.3476
    
    Processing 1 of 1 - Adding package Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.3775.1.17
    [==========================100.0%==========================]
    The operation completed successfully.
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    17,461
    92,543
    340
    Neither to me :D
    since the error occur for one index, probably a glitch or some file got corrupted during servicing or mounting

    boot.wim error is expected and harmless
    because WinPE does not keep the Baseline files
    it could be fixed by ignore installing KB5043080 if already installed, but there are too many scenarios to predict with w11 24H2
     
  19. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    17,461
    92,543
    340
  20. tcntad

    tcntad MDL Guru

    Oct 26, 2009
    4,632
    1,651
    150
    yea I wont care about the boot.wim errormsg. I also figured something bugged out on the first run but final ISO seems to work fine in a VM anyway.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...