Microsoft released a new tool for analyzing and comparing sets of Group Policy Objects (GPOs). The tool is is deliverd in a .zip file and requires no installation.
A short guide for troubleshooting Windows Update Agent:
1. Download and execute//install “System Update Readiness Tool (CheckSur)” from https://support.microsoft.com/en-us/kb/947821.
Check the following log for errors C:WindowsLogsCBSCheckSUR.log
2. For any updates that could not be repaired by CheckSur, download the msu-package manually from Microsoft Catalog, http://catalog.update.microsoft.com/v7/site/Home.aspx or from Microsoft Download Center, http://www.microsoft.com/download
3. Create the folder C:WindowsCheckSurpackages if it doesnt already exists and move the downloaded updates there.
4. Execute “System Update Readiness Tool (CheckSur)” again.
5. Install updates from Windows Update.
MDT creates a partition named BDEDrive when it installs Windows OS. This drive is used with Bitlocker to boot the OS. If Bitlocker never will be used the BDEDrive can be removed using the following procedure:
1. Start an elevated command promt and execute the following command to copy startup files to the C-drive:
bcdboot C:Windows /s C:
2. Set partition C: as active:
select disk 0
select part 1
3. Reboot the computer:
shutdown -r -t 0
4. Delete the BCD Drive:
select disk 0
select part 2
There is a more indepth explanation at the following site:
Microsoft released KB2871997 to address the “Pass the hash” vulnerability, but according to the following blog post pass the hash is still possible using the local Administrator account (SID 500):