- Code: Select all
cmd\DoUpdate.cmd /nobackup /instielatest /updatercerts /updatecpp /instdotnet35 /instdotnet4 /updatetsc /autoreboot
on my Win 8.1 Pro 32-bit and gone to sleep.
Today I've seen account selection screen, where were WOUTempAdmin account listed (and it was said "logged in", so autologin worked, but after that session locked due to user idleness), but I couldn't login with it (I didn't know its password).
So I just logged in with my account, but, before I managed to start procexp to see what's happening, console window appeared with usual wsusoffline after-reboot cleanup, and then windows restarted.
After reboot, There still was WOUTempAdmin account listed, but no auto-login happened. So I just logged in my usual account, and even before shell (explorer.exe) get displayed, console window appeared with running filenames. I thought, WTF, has Microsoft come to updating this way again? (this was after installing update rollups). After a minute I suspected something goes wrong, because it was my files, and some access errors, opened task manager, then procexp from it (because shell still wasn't onscreen, and it didn't react to Win+R), and found it's
- Code: Select all
rd /s /q "full path to my profile"
Reset, cold sweat, etc.
It was running under RunOnce.exe.
And I guess it was scheduled by WSUS Offline when I logged in with my account when WOUTempAdmin didn't finish yet. WSUSOffline thought it's my account is temporary, and decided to kill it. Another witness of this is that Users\WOUTempAdmin dir is still intact.
Currently I'm recovering from backups, but I propose adding some sanity checks before running rd /s /q (both automated, like checking username, and interactive, like displaying «I'm going to remove "path" if you won't close this window in 30 seconds»).
At least check "%USERNAME%" before running RD /S /Q, like that:
- Code: Select all
%comspec% /C IF /I "%USERNAME%"=="WOUTempAdmin" RD /S /Q …
But also, you can read WOUTempAdmin profile path from
- Code: Select all
REG ADD "HKEY_CURRENT_USER\Software\Sysinternals\PsGetSid" /v "EulaAccepted" /t REG_DWORD /d 1 /f
FOR /F "usebackq tokens=1 delims=" %%Z IN (`psgetsid.exe WOUTempAdmin`) DO IF NOT "%%Z"=="" SET SID=%%Z
FOR /F "usebackq tokens=2*" %%Y IN (`REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\%SID%" /v "ProfileImagePath"`) DO SET ProfileImagePath=%%Z
(though note, I didn't read actual script code, so maybe my code-suggestions are invalid, yet they'll help you get the picture)
--
This is latest current wsusoffline, ver. 9.51.
, so please be patient.
