Category: Patch Management


Troubleshooting slow logons:

Logon process:

Tools for troubleshooting:

And powershell:

Analyze GPOs load time:


How to use Xperf, Xbootmgr, Procmon, WPA?

xperf;xbootmgr;xperfview comes from Windows ADK (Windows performance toolkit sub part). Procmon is a sysinternal tool.

Other interesting articles:


Windows Performance Analyzer (wpa.exe) youtube:

Xperf data collection tool:


For boot tracing:

xbootmgr -trace boot -traceFlags BASE+CSWITCH+POWER -resultPath C:\TEMP

with boot phases:
xbootmgr -trace boot -traceflags base+latency+dispatcher -stackwalk profile+cswitch+readythread 
       -notraceflagsinfilename -postbootdelay 120 -resultPath C:\TEMP

For shutdown tracing:

xbootmgr -trace shutdown -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP

For Standby+Resume:

xbootmgr -trace standby -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP

For Hibernate+Resume:

xbootmgr -trace hibernate -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP

replace C:\TEMP with any temp directory on your machine as necessary to store the output files

Analyses of the boot trace:


To start create a summary xml file, run this command (replace the name with the name of your etl file)

xperf /tti -i boot_BASE+CSWITCH+POWER_1.etl -o summary_boot.xml -a boot

Analyses of the shutdown trace:

The shutdown is divided into this 3 parts:


To generate an XML summary of shutdown, use the -a shutdown action with Xperf:

xperf /tti -i shutdown_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdown



wusa <update>.msu /quiet /norestart /log

example: wusa d:\hotfixes\Windows8.1-KB29456426.msu /quiet /norestart

You can use the Windows Management Instrumentation Command-line (WMIC) to view the installed updates on your computer:

wmic qfe list

Caption CSName Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status

Else If the WMIC output is difficult to read, you can use Systeminfo instead, as follows:

systeminfo | findstr /i /c:”KB29456426″

[18]: KB29456426

How to use WUSA with Powershell?

Get-Item .\* | %{Expand-ZipFile -FilePath $_.FullName -OutputPath d:\hotfixes}

Get-Item d:\hotfixes\* | foreach {WUSA “”$_.FullName /quiet /norestart””;while(get-process wusa){Write-Host “Installing $_.Name”}}

Get-HotFix | Where Description -match hotfix
(Get-HotFix | Where Description -match hotfix).count






Microsoft .net Framework is a software package that is used by many applications, it runs in a software environment as opposed to hardware environment. The Microsoft .net Framework provides language interoperability across several programming languages. Microsoft .net Framework does a lot of really cool things and is widely used, the only problem is there are several different versions of the Microsoft .net Framework, and finding out if you have the right version of the program can be a bit tricky. I would like to give you a quick and easy way to find out if you have the version you need and if you don’t a simple way to get it.

Click Start>>Type Regedit>>Hit Enter>>Click Edit>>Click Find>>Type NET Framework>>Check the installed versions

I prefer instead to download this free program called .NET Version Detector ( download here ). The reason this tool is so much more effective is that you simply have to download the file, extract it, and run it. You don’t even have to install the program, it’s completely portable. You run the program and get a nice graphical interface that will tell you what versions of the Microsoft .net Framework are installed on your system and what versions are missing from your system.


Note: With win7 .NET Framework 3.5 is installed by default.

Windows Update hangs and new updates are uninstalled after a restart

The installation of:

KB3058163, KB3058168, KB3092627

Causes during installation of those patches on Windows 2012 OS or greater – then reverting changes takes too long time. Which is not acceptable for a Server.


Check the KB3064434:

Change the key permission to full control before to edit and to change the value:

HKLM\System\CurrentControlSet\Services\TrustedInstaller\BlockTimeIncrement value to 2a30 (Hexadecimal).