jetjock wrote:
> On Mon, 23 Aug 2021 16:38:53 -0500, jetjock <jetjock@unkown.com>
> wrote:
>
>> On Mon, 23 Aug 2021 09:00:24 -0500, jetjock <jetjock@unkown.com>
>> wrote:
>>
>>> On Sun, 22 Aug 2021 17:16:05 -0400, Paul <nospam@needed.invalid>
>>> wrote:
>>>
>>>> jetjock wrote:
>>>>> On Sat, 21 Aug 2021 17:17:47 -0400, Paul <nospam@needed.invalid>
>>>>> wrote:
>>>>>
>>>>>> jetjock wrote:
>>>>> Deleted both partitions from his first install after determining that
>>>>> There were (apparently) serious problems with it (the install). Did a
>>>>> clean install from there.
>>>>>> Your symptom-set sounds for all the world, like a
>>>>>> Repair Install over a live infection. A clean install (nuke
>>>>>> and pave) should not be showing this symptom-set.
>>>>>>
>>>>>> This is why I can't reproduce your level of brokenness in
>>>>>> Firefox here, in a VM. It could be that something is
>>>>>> actively hijacking DNS.
>>>>> I'll know more on Monday after I get a chance to work on it some more.
>>>>> When I was on his machine doing the WSUSOffline downloads, I looked at
>>>>> Chrome some more. I checked his history for two sites that gave him
>>>>> errors the other day, and opened them both fine with no error (cert)
>>>>> problems. He wasn't there so I couldn't ask him about it. Will know
>>>>> more by Monday aft.
>>>>>
>>>>> More questions. Do I just delete the line
>>>>> "windows6.1-KB976932-X64.exe" from "wsusoffline_win7\client\w61
>>>>> x-64\glb" to keep from installing SP1 again? Or do I have to delete
>>>>> it from "wsusoffline_win7\client\w61\glb" which has
>>>>> "windows6.1-KB976932-X86.exe" also. Anything else you can think of
>>>>> that should be deleted?
>>>>>
>>>>> And what's the deal with "Windows6.1"? Why not Windows 7?
>>>>>
>>>>> Why did WSUSOffline download for both x-86 and x-64? Oopps, never
>>>>> mind. I see from your earlier post that you requested both versions.
>>>>> I only requested x-64 so BIL should only have those on his machine,
>>>>> right?
>>>> The 6.x numbering scheme means "a derivative of Vista".
>>>> It's a generation of OS. Win2K and WinXP were 5.x.
>>>>
>>>> *******
>>>>
>>>> You should not need to remove anything.
>>>>
>>>> WSUSOffline is a "WSUS Server in a can" in a sense.
>>>>
>>>> The OS might ask "what relevant patches do you have?".
>>>>
>>>> The installer then provides the patch that the
>>>> OS dependency calculation asks for.
>>>>
>>>> If KB 1234 is dependent on a certain SSU (Servicing Stack Update),
>>>> the OS will say "do you got that SSU I need?". The WSUSOffline
>>>> install order, then coughs up the SSU first, then the
>>>> KB 1234 next.
>>>>
>>>> The final stage of WSUSOffline is "dynamic" and the install
>>>> list is determined by the OS dependency calculation. Just
>>>> as if the OS was talking to the Microsoft WU server. Your
>>>> OS doesn't keep asking for SP1 over and over again, and it
>>>> should not when talking to WSUSOffline either. Only
>>>> improperly closed patch installations loop like that
>>>> (an error).
>>>>
>>>> What is installed, and in what order, is determined
>>>> by the OS. If the OS looks at the cache and says
>>>> "I only need July Cumulative and August Cumulative",
>>>> then only two KBs get installed.
>>>>
>>>> WSUSOffline should never install an update and
>>>> get a "not for this OS" error. All of the information
>>>> used, origins from the same Microsoft master file
>>>> (WSUSSCN2.cab, now 1GB in size). The dependency calculation
>>>> and the state of the packages in the WinSXS maintenance
>>>> folder, is all that's needed for orderly custom install
>>>> in the correct order.
>>> Great info. I'm calling BIL right now. Will let you know how it
>>> goes.
>> WSUSOffline appeared to finish installing updates after about 6 hours.
>> Probably wouldn't have taken so long if there weren't so many low on
>> memory warnings. Sometimes I didn't see them soon enough and the
>> updater would not install the update. So when it finished, it would
>> have to check again for missing updates,which took about 16 minutes
>> each time, and then install them again.
>>
>> I say it appeared to finish as I couldn't find log file for the
>> installs,and I thought I saw that there were still some uninstalled
>> updates when it just suddenly quit. I checked the update history in
>> Windows and it had installed a whole bunch of updates, so maybe he got
>> all the important ones anyway. One I know that was missing each time
>> it checked was KB2687455 (SP 2 for Office) so if you think he needs
>> it, I can always install it from MS's Site.
>>
>> I really want to thank you again for all the time and effort you have
>> put into helping. Wish there was some way to repay you! I hope this
>> puts an end to this thread. Please, continue your good work for
>> everyone. I hope they appreciate it as much as I do!
>
> I figured there was something wrong when WSUSOffline shut down as it
> did. We are now in kind of an infinite loop. Whenever he reboots, a
> log in screen comes up with his account name and a WOUTempadmin
> account. If I then start with his account, the WSUSOffline installer
> command prompt window opens and it takes another 15+ minutes to check
> for missing installs. After it checks, it just minimizes to the
> command window that I can "Exit" out of.
>
> I have looked for how to get rid of that WOUTemp, account but
> everything says to:
>
> Run "regedit"
>
> Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
> NT\CurrentVersion\Winlogon
> Change DefaultUserName to your default user
> delete AutoAdminLogin
> Press F3 and search for any entry containing "woutemplogin" and
> delete it as long as the searchphrase can't be found any more.
>
> Only problem is there is no "DefaultUserName" there for him so I can't
> change it, I ran a Temp folder cleaner to clean out his default Temp
> folder, but that didn't help.
>
> Any ideas how to shut WSUSOffline down for good, and get rid of the
> WOUTempadmin log in screen?
>
>
> >>>>>>>>>>jetjock<<<<<<<<<<

That's probably a reference to a thread like this.

https://answers.microsoft.com/en-us/windows/forum/all/woutempadmin/ae3998fd-02da-4a86-b7f0-8228b44dab15

"Queen Elsa

I know the reason that a software called WSUS Offline Updater must
have been runned in your conmpter with the function of updating
Windows or/and Office suit offline and must have been stopped by
accident when running.

So how does it come?

When a control function reads Automatic reboot and recall inside
UpdateInstaller.exe, windows will start updating itself. After the
installation of the first part of updates is done, your system will
reboot and config them. When that is over, your windows is driven
into WOUtempadmin account by WSUS Offline Updater. In this account,
the software has closed some functions such as display monitor power off,
screensaver to make sure updating process without being interrupted.

When the process including a few times of rebooting is all over ,
windows will run into your former account. But if someone stop the
process, system will stay in WOUtempadmin account.
"

"AdiKanugo

I didn't need to delete AutoAdminLogin.

Just change the set value from 1 to 0
"

*******

I don't run that thing in unattended mode, and I've been manually
rebooting and manually starting the process again, through each
stage. Perhaps that's why I haven't run into this.

In your Wsusoffline folder, look for

DoUpdate.cmd 78KB
CleanupRecall.cmd 5KB

DoUpdate calls CleanupRecall.

Since there is no parameter zero passed, the cd (ChangeDir) command
probably isn't doing anything and the current working directory
is whatever DoUpdate normally uses. Perhaps it is using
cd /d H:\wsusoffline_win7\client\cmd at that point ?

You can see in CleanupRecall.cmd, how the script cleans up the
AutoAdminLogin.

I would expect, if DoUpdate.cmd is called enough
times, one way or another, CleanupRecall is called.

if exist %SystemRoot%\Temp\WOURecall\wourecall.1
ren %SystemRoot%\Temp\WOURecall\wourecall.1 wourecall.2

What it is doing, is using a file handle as a counter.
The filename indicates the counter value. The script
also defines the case where the wourecall filename
has reached its "maximum value", implying the
script is out of control. That would be if there is a
%SystemRoot%\Temp\WOURecall\wourecall.9, it will not
increment past there.

set WOU_ENDLESS=9 [ SetTargetEnvVars.cmd ]

The logic seems to end up calling "CleanupRecall.cmd"
as part of the WOU_ENDLESS being detected. It looks
like you could CD to the

cd /d H:\wsusoffline_win7\client\cmd # adjust to your path
CleanupRecall.cmd

There is also logic for flddling with the Power Schema,
but a visit to the Power control panel, you can probably
see Schema Names, and if an odd Schema Name is there, you
might change it to Balanced or High Performance or one
of the other standard Windows ones. While removing
the schema would be hygienic , it might not be absolutely
essential.

Hope that helps,

Paul