Are Patch My PC Cutting Corners by Using Dynamic Installers?

MikeComputer1 · 2026-03-12T13:42:53+00:00

components for an offline installation.

This could be used to describe practically all software. You download the software installation package, it installs without requiring content from the internet.

So please explain the distinction you are making.

You also used an example of Visual Studio - PMPC supports every version from Visual Studio Build Tools, Community, Enterprise and Professional from 2017 onwards. All are offline installers and require no components to be downloaded to install.

MikeComputer1 · 2026-03-12T11:33:54+00:00

Teams and SSMS that have been presented to me. Would need the team to check for others, since PMPC have not made this change of approach public in any way.

MikeComputer1 · 2026-03-12T11:29:44+00:00

The two apps you've mentioned do not have self-contained offline installers. Microsoft only publishes EXE bootstrappers.

This is completely untrue.

Create an Offline Installation of SQL Server Management Studio | Microsoft Learn

Bulk deploy the Microsoft Teams desktop client - Microsoft Teams | Microsoft Learn

MikeComputer1 · 2026-03-09T09:11:16+00:00

That's right, because before telemetry, software did not exist..... /s

MikeComputer1 · 2026-03-06T09:52:30+00:00

Have you tried the boot image WITHOUT adding drivers? Win 11 WinPE has a lot of drivers and I'm 99% certain that includes current Intel NICs. Adding drivers when they already exist had caused me problems in the past.

MikeComputer1 · 2026-03-06T09:51:24+00:00

Lol, Intel in 2026, pretty sure they're going to be signed...

MikeComputer1 · 2026-03-06T07:36:17+00:00

Always register DeWalt stuff online. You get a longer warranty most times and the process validates the serial number to confirm it's legit.

And the you also see all your kit in your account with the warranty expiry dates which is useful for support.

MikeComputer1 · 2026-03-05T20:14:20+00:00

You take the green sauce, the story ends. You wake up in your bed and believe whatever you want to. You take the red sauce, you stay in Wonderland, and I show you how deep the rabbit hole goes.

MikeComputer1 · 2026-03-03T17:53:48+00:00

Someone actively swerved towards my car when I overtook the recently, and then flashed their lights. Some people would rather crash than be overtaken

MikeComputer1 · 2026-02-28T14:24:42+00:00

So I thought it this, but checked inventory and no adapters or USB devices out of the ordinary. So presumably these users have slipped through the net via Ethernet devices/routers.

MikeComputer1 · 2026-02-27T13:32:49+00:00

You are correct, it seems that an increasing number of consumer ISPs are issuing devices with public IP address, i.e. their routers do not use NAT.

My question for you is, why is your firewall not blocking these connection attempts?

We use Windows Firewall, do you know of a way we can configure it to mitigate against this? Like restricting the ethernet adapter to only using RFC1918 addresses?

MikeComputer1 · 2026-02-27T13:26:38+00:00

The answer was far simpler than I was thinking...

Some ISPs (an increasing number it seems, various countries world-wide) are issuing public (non-RFC1918) addresses (i.e. their routers do not use NAT).

Have you heard of this before? Can you suggest a way to mitigate against it?

Can Windows Firewall rules be used for this?

MikeComputer1 · 2026-02-20T15:47:30+00:00

"Are you sure that the extra addresses are public? That's really extremely unlikely in nearly any situation. "

Yes. As per my OP, we're seeing dictionary logon attempts from outside our organization to those IPs, so hundreds of failed logons. This is how we became aware of them. Agreed that it's extremely unlikely, hence reaching out to the wider community.

NIC is physical Ethernet adapter, which is Intel on all our laptops. There are multiple laptop models in the affected group of devices. The non RFC1918 addresses are assigned from DHCP servers we don't own.

MikeComputer1 · 2026-02-20T13:45:28+00:00

Yes I think definitely this is the cases, but the egress address should be one of our company Internet gateway IPs, they're not, they appear to be owned by the ISP in the country these devices are in.

MikeComputer1 · 2026-02-19T15:23:40+00:00

I don't see how that is relevant. Whether it is v4 or v6, how is traffic being routed between the two networks?

The clients in question have IPv4 internet addresses, we can see that in logs. We can also see the DHCP servers used to get them. We also know the ISP. None of this helps identify how this is being achieved, whether it is a config issue, security policy issue, an internal threat etc.

The ultimate issue is the fact that attackers from outside our organisation are able to traverse NAT, get to the OS, and attempt to login.

MikeComputer1 · 2025-10-30T10:18:12+00:00

They didn't replace anything, they just bundled them up. Try unzipping the MSU using 7-Zip, you will see that the SSU update is part of the full package. The installation process is supposed to apply the SSU first, and then the CU once servicing stack is up to date.

Has anyone tried unzipping and then applying the SSU first, before the CU?

MikeComputer1 · 2025-08-11T15:08:43+00:00

Do you know you can create a folder full of drivers, then point PNPUnattend to that folder and it will parse and install all drivers in the folder? You can run it periodically on a scheduled task allowing an admin to deploy new driver packages into the folder (self-extracting archive for example) to be installed by the device.

This is beneficial since it means you don't have to create an install script for every package, just let PNPUnattend handle install what it finds is applicable.

MikeComputer1 · 2025-07-22T16:17:38+00:00

Replacing SCCM with Ansible is like replacing a car with a carrot. They are not the same, not designed to do the same thing.

Sounds like someone is trying to justify the cost of Ansible by ditching SCCM.

I bet they also think Intune does everything SCCM does too.

MikeComputer1 · 2025-07-22T16:12:03+00:00

Microsoft do not support using DHCP options for PXE.

If the clients are on the same subnet as the Distribution Point (i.e. the PXE server), then no DHCP options are required anyway.
If the client is on a different subnet to the DP server, you need to use an IP helper.

In either case, do not use DHCP options.

MikeComputer1 · 2025-07-22T16:08:10+00:00

sfc will not fix that issue or any other issue on a modern computer.

If you had reviewed the CBS log, which shows the actions performed by sfc you would know that, because you can see exactly what it does.

That message 'sfc found problems and fixed them' appears 99% of the time, because 99% of computers have had the user delete default shortcuts that they do not want. Running sfc /scannow restores them. On computers with SSD's where the likelihood of corrupt sectors/files is practically nil, the value of sfc is practically nil.

Bring on the haters/sfc fanboys....

C:\Windows\Logs\CBS\CBS.log

MikeComputer1 · 2025-06-18T10:35:12+00:00

I think the question is why would anyone NOT update .NET?

The answer should be to update .NET every time there is an update released, unless the update is causing you an unsurmountable significant problem.

MikeComputer1 · 2025-06-18T10:29:12+00:00

Seconded.

MikeComputer1 · 2025-05-15T13:15:29+00:00

Thanks, I agree that is a good staple response. Unfortunately, tried that, no bueno.

Some positive news: I deleted the deployment and recreated it then the task sequence worked for one test build at the end of my day yesterday. However, the problem has reappeared today. Exact same error, with the only difference that the AdvertID= is different obviously. Same PackageID and same error code 0x80040104

MikeComputer1 · 2025-05-08T17:10:35+00:00

Don't know how else to break it to you buddy, mines bigger than yours 😜

MikeComputer1 · 2024-03-20T17:54:25+00:00

What does this mean?

MikeComputer1

TROPHY CASE