Enable Windows Update “Features on Demand” and “Turn Windows features on or off” in WSUS Environments

I Found this website very usefull and searched long for this.

If you are running Microsoft Windows in a domain environment with WSUS configured, you may notice that you’re not able to install some FODs (Features on Demand), or use the “Turn Windows features on or off”. This will stop you from installing things like the RSAT tools, .NET Framework, Language Speech packs, etc…

You may see “failure to download files”, “cannot download”, or errors like “0x800F0954” when running DISM to install packages.

To resolve this, you need to modify your domain’s group policy settings to allow your workstations to query Windows Update servers for additional content. The workstations will still use your WSUS server for approvals, downloads, and updates, however in the event content is not found, it will query Windows Update.

Enable download of “Optional features” directly from Windows Update

  1. Open the group policy editor on your domain
  2. Create a new GPO, or modify an existing one. Make sure it applies to the computers you’d like
  3. Navigate to “Computer Configuration”, “Policies”, “Administrative Templates”, and then “System”.
  4. Double click or open “Specify settings for optional component installation and component repair”
  5. Make sure “Never attempt to download payload from Windows Update” is NOT checked
  6. Make sure “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)” IS checked.
  7. Wait for your GPO to update, or run “gpupdate /force” on the workstations.

Please see an example of the configuration below:

Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)

You should now be able to download/install RSAT, .NET, Speech language packs, and more!

Install Fonts with Powershell

Enable Windows Photo Viewer in Windows 10

In windows 10 Windows Photo Viewer is gone.
Here is how to activate it.
Download the following regkeys.

When runned. Right click on a picture. Goto open with, Choose another app.

Now you get a list, Select Windows Photo Viewer and check Always use this app to open .* files.

Source: howtogeek.com

Here is the XML for GPO import Registry. Save as XML and drag and drop it in Computer Configuration > Preferences > Windows Settings > Registry

AD Change Roaming profile Path Terminal server

I created this script because of moving the profiles to a server in the data center were also the terminal server is located.

Powershell needs to be runned as Administrator


Windows 10 Professional 1703 – Turn Off Automatic Installation of Suggested Apps

For Windows 10 Professional it is not possible to do this with GPO. So add in the GPO this to the register.


SilentInstalledAppsEnabled DWORD
0 = Disable
1 = Enable

I Also disabked PreInstalledAppsEnabled

Located HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager

PreInstalledAppsEnabled DWORD
0 = Disable
1 = Enable

Remove Windows 10 1703 default apps

I Use this script in MDT to remove all Windows 10 Apps.
Add more in $Appslist if you need to remove more.

Location in MDT:

Install Notepad++ with GPO

For a different company I needed to install Notepad++ on some systems.

Created AD group. Created a Share. Give rights to the AD group.
In the ad Group place the computers.

Created GPO and rights to the AD group only.
Added the script in startup scripts in the computer configuration.


MDT 8443 / W10 1703 auto login issue

Create powershell script

Place it high in the State Restore.