Enable Windows Update “Features on Demand” and “Turn Windows features on or off” in WSUS Environments

I Found this website very usefull and searched long for this.

If you are running Microsoft Windows in a domain environment with WSUS configured, you may notice that you’re not able to install some FODs (Features on Demand), or use the “Turn Windows features on or off”. This will stop you from installing things like the RSAT tools, .NET Framework, Language Speech packs, etc…

You may see “failure to download files”, “cannot download”, or errors like “0x800F0954” when running DISM to install packages.

To resolve this, you need to modify your domain’s group policy settings to allow your workstations to query Windows Update servers for additional content. The workstations will still use your WSUS server for approvals, downloads, and updates, however in the event content is not found, it will query Windows Update.

Enable download of “Optional features” directly from Windows Update

  1. Open the group policy editor on your domain
  2. Create a new GPO, or modify an existing one. Make sure it applies to the computers you’d like
  3. Navigate to “Computer Configuration”, “Policies”, “Administrative Templates”, and then “System”.
  4. Double click or open “Specify settings for optional component installation and component repair”
  5. Make sure “Never attempt to download payload from Windows Update” is NOT checked
  6. Make sure “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)” IS checked.
  7. Wait for your GPO to update, or run “gpupdate /force” on the workstations.

Please see an example of the configuration below:

Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)

You should now be able to download/install RSAT, .NET, Speech language packs, and more!

Windows 10 Professional 1703 – Turn Off Automatic Installation of Suggested Apps

For Windows 10 Professional it is not possible to do this with GPO. So add in the GPO this to the register.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager

SilentInstalledAppsEnabled DWORD
0 = Disable
1 = Enable

I Also disabked PreInstalledAppsEnabled

Located HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager

PreInstalledAppsEnabled DWORD
0 = Disable
1 = Enable

Install Notepad++ with GPO

For a different company I needed to install Notepad++ on some systems.

Created AD group. Created a Share. Give rights to the AD group.
In the ad Group place the computers.

Created GPO and rights to the AD group only.
Added the script in startup scripts in the computer configuration.

@echo off
REM #########################################
REM ##### Created by Daag van der Meer #####
REM ##### Blog.van-daag.nl             #####
REM ##### Filename NPPInstall.cmd      #####
REM #########################################
PING 1.1.1.1 -n 1 -w 900 >NUL

SET LOGLOC=%Systemdrive%\logs


REM ############### Create Log Dir ###################
mkdir %LOGLOC%
attrib +s +h %Systemdrive%\logs
GOTO INSTALL

:INSTALL
REM ######## Check NPP Installed #############
set Logfile=%LOGLOC%\NPPfile.log
if not exist "%Logfile%" (
echo NPP is Installed on %date% at %time% >> %LogFile%
GOTO NPPSTART)

GOTO END

:NPPSTART

if exist "%programfiles%\Notepad++\uninstall.exe" GOTO END

if exist "%programfiles(x86)%\ Notepad++\uninstall.exe" GOTO END

start /wait \\<SERVER>\<SHARE>\npp.7.4.2.Installer.exe /S



:END

 

Policy Windows 10 – Mobile hotspot

How to disable the Mobile hotspot feature in Windows 10 1607

Using GPO, you can disable Mobile Hotspot in the UI by settings the GPO setting Prohibit use of Internet Connection sharing on your DNS domain network to Enabled. This settings is located under Computer configuration > (Policies) > Administrative templates > Network > Network Connections.