WURepair

Comprehensive Windows Update Repair Tool
Fix Windows Update when nothing else works

---

Overview

WURepair is a comprehensive repair tool that fixes Windows Update issues caused by privacy tools, malware, system corruption, or misconfiguration. It goes beyond basic troubleshooting by addressing root causes like hosts file blocks, disabled services, SSL/TLS misconfigurations, and blocking policies.

If you've run tools like privacy.sexy, O&O ShutUp10, or Windows debloaters and now Windows Update won't work, this tool can help restore functionality.

Features

🌐 Network & Connectivity Repairs

• Hosts File Cleanup: Removes blocks for 25+ Microsoft update domains
• SSL/TLS Repair: Enables TLS 1.2, configures .NET for strong cryptography
• Firewall Rules: Removes blocking rules, ensures update services are allowed
• Winsock/TCP Reset: Full network stack reset
• Proxy Cleanup: Clears proxy settings that may interfere

⚙️ Service Repairs

• BITS Repair: Fixes Background Intelligent Transfer Service dependencies and configuration
• Delivery Optimization: Re-enables if disabled by privacy tools
• Service Dependencies: Ensures RpcSs, EventSystem, SystemEventsBroker are running
• Correct Start Types: Resets all update services to proper configurations

📋 Policy & Registry Repairs

• Removes Blocking Policies: Clears 10+ registry values that disable Windows Update
• WSUS Detection: Identifies misconfigured WSUS server redirections
• Registry Cleanup: Removes stuck reboot flags and pending update markers
• Group Policy Refresh: Forces policy update after changes

🔧 System Repairs

• SoftwareDistribution Reset: Backs up and clears update cache
• Catroot2 Reset: Clears cryptographic catalog cache
• DLL Re-registration: Re-registers 35+ Windows Update DLLs
• DISM Integration: Repairs component store corruption
• SFC Integration: Scans and repairs system file integrity

📊 Diagnostics & Verification

• Diagnostic Pre-Check Report: Formatted status table showing service states, folder sizes, DISM health, pending reboot status, last successful update date, and last 5 Windows Update errors from event log
• Connectivity Testing: Tests all Microsoft update endpoints
• LTSC/IoT Detection: Identifies editions with limited update availability
• Post-repair Before/After Comparison: Re-runs diagnostic check after repairs and displays side-by-side comparison table
• Progress Tracking: Phase-by-phase progress bar with percentage (Write-Progress)
• Event Log Integration: Writes repair summary to Windows Application event log (Source: WURepair) for RMM tool detection
• Selective Repair: Run individual phases via -RepairServices, -RepairDLLs, -RepairStore, -RepairDISM, -RepairSFC, -RepairNetwork

Screenshots

Diagnostics Output

    ╦ ╦╦ ╦  ╦═╗┌─┐┌─┐┌─┐┬┬─┐
    ║║║║ ║  ╠╦╝├┤ ├─┘├─┤│├┬┘
    ╚╩╝╚═╝  ╩╚═└─┘┴  ┴ ┴┴┴└─
    Windows Update Repair Tool v2.1.0

======================================================================
  DIAGNOSTICS - Gathering System Information
======================================================================
    OS: Microsoft Windows 11 Pro (10.0.22631) Build 22631
    Architecture: 64-bit
    System Drive: 150.32 GB free of 476.94 GB

    Windows Update Service Status:
      Windows Update: Stopped (Manual)
      Background Intelligent Transfer Service: Running (Manual)
      Cryptographic Services: Running (Automatic)
      Delivery Optimization: Running (Automatic)

[+] No pending reboot detected
[+] No Microsoft blocks in hosts file

======================================================================
  CONNECTIVITY - Testing Windows Update Servers
======================================================================
[+] Windows Update: Reachable
[+] Microsoft Update: Reachable
[+] Download Center: Reachable
[+] Windows Update Catalog: Reachable
[+] Delivery Optimization: Reachable

Requirements

• OS: Windows 10 / Windows 11 (all editions including LTSC/IoT)
• Privileges: Administrator
• PowerShell: 5.1 or later (included with Windows)
• Disk Space: At least 5 GB free recommended

Installation

1. Download WURepair.ps1 from the Releases page
2. Save to a convenient location (e.g., Desktop)

Usage

Method 1: Right-Click Run

1. Right-click WURepair.ps1
2. Select Run with PowerShell
3. If prompted by UAC, click Yes

Method 2: PowerShell Direct

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
.\WURepair.ps1

Command Line Options

Option	Description
-Quick	Skip DISM and SFC scans (faster, less thorough)
-SkipDISM	Skip only DISM component store repair
-SkipSFC	Skip only System File Checker
-SkipBackup	Skip backup of Windows Update folders
-Help	Display help information

Selective Repair Switches

Run individual repair phases instead of the full pipeline:

Switch	Description
-RepairServices	Only reset/restart Windows Update services
-RepairDLLs	Only re-register Windows Update DLLs
-RepairStore	Only rename SoftwareDistribution/catroot2
-RepairDISM	Only run DISM component store repair
-RepairSFC	Only run System File Checker
-RepairNetwork	Only reset network stack
-RepairAll	Run all phases (default when no switch given)

Switches can be combined (e.g., -RepairStore -RepairDLLs).

Examples

# Full repair (recommended)
.\WURepair.ps1

# Quick repair - skip lengthy scans
.\WURepair.ps1 -Quick

# Skip only DISM
.\WURepair.ps1 -SkipDISM

# Skip backup (if low on disk space)
.\WURepair.ps1 -SkipBackup

# Only reset services
.\WURepair.ps1 -RepairServices

# Reset data stores + re-register DLLs
.\WURepair.ps1 -RepairStore -RepairDLLs

What Gets Fixed

Hosts File Domains Unblocked

The tool removes blocks for these Microsoft domains (and more):

Domain	Purpose
update.microsoft.com	Windows Update service
download.windowsupdate.com	Update downloads
download.delivery.mp.microsoft.com	Delivery Optimization
ctldl.windowsupdate.com	Certificate Trust List
settings-win.data.microsoft.com	Windows settings sync

Registry Policies Removed

Policy	Location
DisableWindowsUpdateAccess	Blocks WU UI access
DoNotConnectToWindowsUpdateInternetLocations	Blocks online updates
NoAutoUpdate	Disables automatic updates
UseWUServer	Forces WSUS (when misconfigured)
SetDisableUXWUAccess	Hides update settings

Services Repaired

Service	Default State
wuauserv (Windows Update)	Manual
bits (BITS)	Manual (Delayed Start)
cryptsvc (Cryptographic Services)	Automatic
dosvc (Delivery Optimization)	Automatic (Delayed Start)
msiserver (Windows Installer)	Manual
TrustedInstaller (Modules Installer)	Manual

Troubleshooting

"Script won't run" / Execution Policy Error

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force

Still getting 403 Forbidden errors after repair

• Check for third-party firewall software (Norton, McAfee, etc.)
• Disable VPN temporarily
• Check corporate proxy settings
• Run the script again after restart

BITS service still won't start

1. Restart your computer
2. Run the script again
3. If still failing, check Event Viewer for BITS errors

Updates found but won't install

• Ensure at least 10 GB free disk space
• Try installing updates one at a time
• Run DISM /Online /Cleanup-Image /RestoreHealth manually

LTSC/IoT Edition - Limited Updates

Windows 10/11 LTSC and IoT editions only receive security updates. Feature updates are not available. This is by design, not a bug.

Files Created

File	Location	Purpose
WURepair_[timestamp].log	Desktop	Detailed operation log
SoftwareDistribution.bak.[timestamp]	C:\Windows	Backup of update cache
catroot2.bak.[timestamp]	C:\Windows\System32	Backup of crypto cache
hosts.backup.[timestamp]	C:\Windows\System32\drivers\etc	Backup of hosts file

Recovery

If something goes wrong:

1. System Restore: The script creates a restore point before making changes
2. Registry Backups: Original registry values are logged
3. Folder Backups: SoftwareDistribution and catroot2 are renamed, not deleted
4. Hosts Backup: Original hosts file is preserved with timestamp

To restore the hosts file manually:

Copy-Item "C:\Windows\System32\drivers\etc\hosts.backup.[timestamp]" "C:\Windows\System32\drivers\etc\hosts" -Force

How It Works

┌─────────────────────────────────────────────────────────────────┐
│                      WURepair v2.1.0 Flow                       │
├─────────────────────────────────────────────────────────────────┤
│  1. Diagnostic Pre-Check Report (status table)                  │
│  2. Create System Restore Point                                 │
│  3. Run Diagnostics (OS, services, disk, connectivity)         │
│  4. Repair Hosts File (remove Microsoft blocks)                 │
│  5. Repair SSL/TLS (enable TLS 1.2, strong crypto)             │
│  6. Repair Firewall Rules (allow update traffic)               │
│  7. Repair Service Dependencies (BITS, DO)                      │
│  8. Remove Blocking Policies (registry cleanup)                 │
│  9. Stop Update Services                                        │
│ 10. Backup & Clear Caches (SoftwareDistribution, catroot2)     │
│ 11. Re-register DLLs (35+ Windows Update DLLs)                 │
│ 12. Reset Network Stack (Winsock, TCP/IP, DNS, proxy)          │
│ 13. Reset Windows Update Agent                                  │
│ 14. Run DISM (component store repair)                          │
│ 15. Run SFC (system file check)                                │
│ 16. Start Update Services                                       │
│ 17. Refresh Group Policy                                        │
│ 18. Post-Repair Connectivity Test                               │
│ 19. Post-Repair Verification (before/after comparison)          │
│ 20. Trigger Update Scan                                         │
│ 21. Write Event Log Summary                                     │
└─────────────────────────────────────────────────────────────────┘

Privacy & Safety

• ✅ No data collection - Everything runs locally
• ✅ No external downloads - Uses only built-in Windows tools
• ✅ Open source - Full source code available for review
• ✅ Creates backups - All changes can be reversed
• ✅ Restore point - System restore point created automatically
• ✅ Detailed logging - Full audit trail saved to Desktop

Contributing

Contributions are welcome! If you encounter a Windows Update issue that WURepair doesn't fix:

1. Run the script and save the log file
2. Note any error messages
3. Open an issue with the log and description

Changelog

v2.1.0

• Diagnostic pre-check report with formatted status table (services, folders, DISM health, pending reboot, last update, recent errors)
• Selective repair via -RepairServices, -RepairDLLs, -RepairStore, -RepairDISM, -RepairSFC, -RepairNetwork switches
• Progress tracking with Write-Progress (Phase X of Y with percentage)
• Event log integration: writes start/completion summary to Application log under source "WURepair"
• Post-repair before/after comparison table
• Triggers Windows Update check after all repairs

v2.0.0

• Added hosts file cleanup for Microsoft domains
• Added SSL/TLS configuration repair
• Added firewall rules repair
• Added service dependency repair (BITS, Delivery Optimization)
• Added Windows Update policy removal
• Added post-repair connectivity verification
• Added LTSC/IoT edition detection
• Improved service start logic (checks for disabled state)
• Better error messages with actionable guidance

v1.0.0

• Initial release
• Basic service stop/start
• Cache clearing
• DLL re-registration
• DISM/SFC integration

License

This project is licensed under the MIT License - see the LICENSE file for details.

Disclaimer

This tool modifies Windows system settings, registry values, and network configuration. While it creates backups and is designed to be safe:

• Use at your own risk
• Always have backups of important data
• Test in a VM first if unsure
• A restart is required after running
• The author is not responsible for any issues arising from use of this tool

Related Tools

• DefenderShield - Repair Windows Defender and Firewall after privacy tools disable them

---

Made with ☕ by Matt