Menu
CCMEXEC.COM – Enterprise Mobility
  • Home
  • General
  • Configuration Manager
  • Windows 10
  • Windows 11
  • Intune
  • GitHub
  • About
CCMEXEC.COM – Enterprise Mobility

Remediation on demand script – ResetWindowsUpdate

Posted on September 6, 2024September 6, 2024 by Jörgen Nilsson

Remediations on demand is an extremely powerful tool for managing our Intune managed devices. One of the biggest differences compared to how we managed Windows Devices on premises was that we could always connect to them using WinRm for example and solve problems.
In the Zero-trust world there is no such possibility, many are working from home and then Remote Control is the way to help them. However, this is both expensive and time-consuming both for IT and for the end-user as it takes up their time.

Remediations on demand is a great tool to try to solve issues without remote controlling the device. This is something that is important to train ServiceDesk and to use Scope tags to control which scripts they can run on the device. Scope tags are not used enough in my opinion.
For a ServiceDesk it could look like this for example when they select run remediation.

The ServiceDesk user can still see all the result from all remediations to be able to troubleshoot.

Remediation script to reset Windows Update

This script is based on the information in this Microsoft Learn article: Additional resources for Windows Update – Windows Client | Microsoft Learn. Instead of doing that manually we can do it using a remediation on demand and as a last resort (before wipe) when troubleshooting Windows Update failures. It should NOT be scheduled to run using remediations. Only used as on demand remediation when needed.
The script will:

  • Stop the necessary services (Bits, Cryptsvc, Wuauserv)
  • Store which services that depends on the Cryptographic Services (Cryptsvc) service was running when the script started.
  • Rename/delete the C:\Windows\SoftwareDistribution
  • Rename/delete the C:\Windows\System32\catroot2 folders.
  • Start the services again
  • Start dependent services again that depend on the Cryptographic Services (Cryptsvc) if they were running.
  • Trigger software update installations.

The script can be downloaded here https://github.com/Ccmexec/Remediation-Scripts.

It is based on the template that is available at the awesome remediation repository created by fellow MVP Jannik Reinhard. https://github.com/JayRHa/EndpointAnalyticsRemediationScripts
I will upload the script there as well. To add it in Intune as a remediation script there is a detection script that always will make the remediation run as well.

As I wrote before it should be used as a last resort fixing Windows Updates instead of doing this manually.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
All code is provided "AS-IS" with no warranties.

Recent Posts

  • Windows 365 Link – a week and some
  • Prevent software installations disguised as drivers
  • Tip when troubleshooting unexpected reboots during Autopilot – event ID 2800
  • New settings in Intune Security Baseline Windows 11 24H2 -2504
  • Managing extensions in Visual Studio Code
©2025 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT