Windows Update

Generate WindowsUpdate.Log Without Get-WindowsUpdateLog

Just like knowing that a shrimps heart is located in it’s head area (thorax) you can file this tidbit under useless facts.

If you find yourself in a situation where you need to convert some Windows Update .ETL files into human readable format and the Get-WindowsUpdateLog PowerShell cmdlet isn’t available for whatever reason, you can use TraceFmt.exe to do this for you.

The TraceFmt utility, available through both the Windows Software Development Kit (SDK) and Windows Driver Kit (WDK), takes the details in the trace logs and outputs a human-readable text file containing the formatted trace messages.


tracefmt.exe -o "%UserProfile%\Desktop\TraceFmt-WindowsUpdate.log" %SystemRoot%\Logs\WindowsUpdate\WindowsUpdate.20171002.085155.537.1.etl -r srv*%SystemDrive%\Symbols*


Setting log file to: C:\windows\logs\WindowsUpdate\WindowsUpdate.20171002.085155.537.1.etl
Examining C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\x64\default.tmf for message formats,  3 found.
Searching for TMF files on path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\x64
Logfile C:\windows\logs\WindowsUpdate\WindowsUpdate.20171002.085155.537.1.etl:
        OS version              10.0.14393  (Currently running on 10.0.14393)
        Start Time              2017-10-02-08:51:55.537
        End Time                2017-10-02-09:01:57.790
        Timezone is             @tzres.dll,-112 (Bias is 300mins)
        BufferSize              4096 B
        Maximum File Size       128 MB
        Buffers  Written        3
        Logger Mode Settings    (11002009) ( sequential newfile paged)
        ProcessorCount          1

Processing completed   Buffers: 3, Events: 70, EventsLost: 0 :: Format Errors: 0, Unknowns: 7

Event traces dumped to C:\Users\perkinsjg\Desktop\TraceFmt-WindowsUpdate.log
Event Summary dumped to C:\Users\perkinsjg\Desktop\TraceFmt-WindowsUpdate.log.sum







In Closing

The TraceFmt generated log file will not be identical to the one generated by the Get-WindowsUpdateLog PowerShell cmdlet; but it’ll help in a pinch!

For now, I bid you Good Providence!

Exploring Windows 10: CB, CBB, LTSB – Oh My!

The introduction of Windows 10 brings with it the concept of both Windows as a Service (WaaS) and Servicing Options.

  • Windows as a Service is the idea that Windows 10 may likely be the final numbered version of Windows (e.g.: don’t expect a monolithic Windows 15 upgrade in 5 years) and instead will continually evolve over time with cumulative releases or updates.
  • Servicing Options (or Windows Branches if you will) allow you to subscribe to varying levels of updates depending on your organizational needs for your particular build of Windows.

I’m not going to go deep into how you figure out which Windows Branch you want or what the benefits/drawbacks to each are because that’s too much to cover and Microsoft and others have documented that well.  Instead, I’ll summarize from other parts of the web some key considerations for each.

Windows Insider Branch (WIB)

IT users with test lab machines to spare who want to be on the cutting edge.

  • See new features before they are released and provide feedback.  Note, in some cases you may see features that are pulled prior to being released.
  • This gives you the ability to smoke test compatibility with existing applications and hardware.
  • The target audience is IT administrators & geeks on non-critical devices, because if something breaks, you don’t want to be down a day trying to fix it.


Current Branch (CB)

Early adopters in the organization, initial pilots and the IT machines to start preparing for broader rollout

  • CB is the broadly deployed branch of Windows 10 aimed at consumers.
  • New features and updates that make the cut for release are rolled out to this branch first.
  • Critical security updates and fixes (aka “Servicing Updates”) will still be released on the 2nd Tuesday of the month.
  • The expected cadence of new features (aka “Feature Upgrades”) is every few months but that may vary.
  • CB has all the bells and whistles of the given version of Windows such as both IE and Edge browsers, Store apps, etc.
  • You can go from CB to CBB by checking the the ‘Defer Upgrades’ box under the Advanced Options of Windows Updates.


Current Branch for Business (CBB)

Broad deployment to organization providing successful roll-out/pilot of Current Branch equivalent previously
Note: This can be delayed with the enterprise management tools etc.

  • This is the same OS as the Current Branch but the Feature Upgrade cadence is aimed at business users.
  • Follows the same critical security updates and fixes release as CB.
  • The new feature/functionality upgrades, though, will be deployed to CBB systems on a later schedule, months after CB systems receive them.
    • This can be from 4-12 months after they were released to the CB, depending on how they are deployed
      • Windows Update-connected CBB systems will defer the updates for 4 months
      • SCCM or other managed CBB systems can defer up to 12 months
  • CBB has all the bells and whistles of the given version of Windows such as both IE and Edge browsers, Store apps, etc
  • You can go from CBB to CB by unchecking the the ‘Defer Upgrades’ box under the Advanced Options of Windows Updates.


Long Term Servicing Branch (LTSB)

Very specific specialized systems; this should be a small percentage of systems within your organization.

  • This is for machines that are not interested in innovation and instead need the highest levels of stability such as kiosks, ATMs and so on
  • LTSB is actually a different OS SKU than the CB/CBB and it is intended for mission-critical systems (i.e. cash registers, health care systems, air traffic control, etc) where “set it and forget it” is a requirement.
  • Receives critical security updates and fixes just as CB and CBB.
  • The new feature/functionality upgrades, though, will not be deployable to an LTSB OS until the next version of an LTSB is released, which could be anywhere from 3 to 5+ years.
  • LTSB does NOT have all the bells and whistles of the given version of Windows – it only has IE (no Edge); it doesn’t have the Store Apps or support for it.
  • You cannot go from LTSB to WIB, or LTSB to CB or LTSB to CBB.  If you want to switch out, you’ll have to go to the media and upgrade.


So in our organization, we’ve settled on the following recommendation:

  • The large majority of our organization, including some members of IT, will be on CBB.
  • Key members of IT and members of our ‘Workstation Stability Group’ – which doesn’t exist yet but is a body of volunteers consisting of normal user in various departments – will be on CB.
  • The real tire-kickers in IT will likely use CB day-to-day with maybe one backup machine running CBB for regression testing.  (I primarily see ‘system owners’ – people who are primarily responsible for a user facing system – with this configuration.)
  • Myself and a few others will probably live on the edge with WIB and have machines running CB & CBB for smoke testing and regression testing.

There’s a lot to consider, and there’s no one size fits all but I hope this helps point you in a meaningful right direction.


Good Providence!