DISM Archives

Winsage

January 4, 2026

How to Install Windows Configuration Designer Using Winget Command

The Windows Configuration Designer is a tool from Microsoft that allows users to create provisioning packages for automating the setup of Windows devices. These packages, saved as .ppkg files, can pre-configure settings such as network configurations, user accounts, and device names. The tool is not pre-installed on Windows systems and is primarily intended for IT administrators. It can be downloaded from the Microsoft Store or installed via the command-line tool winget, which requires the package name to be enclosed in double quotes for proper recognition. The installation process involves opening a terminal as an administrator, checking for winget availability, and executing the installation command. The download size is approximately 30 to 50 MB, and installation typically completes in under a minute. Users can verify the installation by searching for the application or using winget commands. Alternative installation methods include using the Microsoft Store or the Windows Assessment and Deployment Kit (ADK). The tool is free and does not require a Microsoft account for winget installations.

Winsage

November 17, 2025

Windows 11 KB5068861 won’t install, File Explorer SMB search not working on network shares, and other issues

Windows 11 users are facing installation issues with the KB5068861 update from the November 2025 Patch Tuesday release, which addresses 63 critical security vulnerabilities. Errors reported include 0x80070306, 0x800f0983, and 0x800f081f. Affected users can wait for an optional release or use the Media Creation Tool, which downloads the same patch. Some users have reported a malfunctioning SMB search feature after the update. The installation errors have prompted reports of specific error codes, and attempts to resolve them through SFC scans or health checks have been largely ineffective. Downloading the .msu package from the Microsoft Update Catalog is recommended, followed by an installation attempt. If unsuccessful, the Media Creation Tool can be used while retaining user data. The November 2025 Update includes enhancements like a revamped Start menu, improved battery icons, and performance improvements, particularly for gamers. However, some users have encountered Bluetooth connectivity issues, especially on AMD PCs, with a temporary fix involving adjustments in Device Manager. The KB5068861 update has also caused a bug affecting search functionality over shared networks, leading to slower search results or empty listings for businesses. This issue arises from a breakdown in communication between the Windows client and the server’s search index. Users can restore functionality by restarting the Windows Search service or rebuilding the index. Additionally, the remote search functionality over SMB is compromised, preventing the Windows client from utilizing the server’s index. Users may need to uninstall the update to restore functionality, which requires disabling the Sandbox feature first. Specific DISM commands can be used to identify and remove the update, or it can be uninstalled through the Settings menu.

Tech Optimizer

November 5, 2025

Hackers Are Using Linux Malware to Invisibly Bypass Windows Security

Hackers are refining tactics to evade detection by EDR systems and antivirus software, with a notable strategy being the use of Linux malware to infiltrate Windows systems. Investigations by Bitdefender and CERT-GE revealed a campaign by the Russian hacker group Curly COMrades, which exploits the Hyper-V virtualization platform on Windows 10 to create covert access channels. They utilize Alpine Linux for lightweight virtual machines that are difficult to detect, requiring only 120 MB of disk space and 256 MB of RAM. The attackers maintain persistent access using tools like Resocks and Stunnel, starting their activities in early July 2024 by activating Hyper-V on compromised systems and deploying misleading virtual machines labeled “WSL.” They introduced custom malware, CurlyShell and CurlCat, for communication and remote access. This trend of using Linux malware against Windows systems is growing, as seen in recent Qilin ransomware attacks documented by Trend Micro.

Winsage

November 4, 2025

Russian Hackers Abuse Hyper-V to Hide Malware and Evade Endpoint Detection

A Russian-linked hacking group, Curly COMrades, is using Microsoft’s Hyper-V to conceal malware within compromised Windows systems. They install a small Alpine Linux virtual machine (VM) to run custom malware, evading endpoint detection and response (EDR) software since July. The group exploits Hyper-V's native features, enabling it on victim systems while disabling management clients to avoid detection. The VM, named “WSL,” hosts two C++ tools: ‘CurlyShell,’ a reverse shell, and ‘CurlCat,’ a reverse proxy, both designed to maintain persistence and obfuscate their activities. The VM occupies only 120MB of disk space and uses Hyper-V’s Default Switch for network traffic, making malicious communication appear to originate from the legitimate host. Additionally, Curly COMrades employs malicious PowerShell scripts for persistence and lateral movement, including creating local user accounts and using a modified TicketInjector for authentication across networks.

Winsage

September 29, 2025

I used DISM to create a Windows installer with all my apps, and here’s how it works

To back up a Windows 11 image, start with a fresh installation and use the Sysprep tool to generalize the system, avoiding Microsoft Store apps to prevent Sysprep failure. Prepare two external drives: one for storing the Windows image (minimum 8GB) and another bootable drive configured with Windows Preinstallation Environment (Windows PE). Download the Windows Assessment and Deployment Kit (ADK) and the Windows PE add-on to create the bootable USB drive. Enter Audit Mode by pressing Ctrl+Shift+F3 at the out-of-box experience screen, disable app updates, and install desired applications for the entire system. Use Sysprep to enter Out of Box Experience (OOBE), check Generalize, and select Shutdown. Boot from the Windows PE drive, use diskpart to identify drive letters, and capture the image with the DISM command. To apply the image on a new PC, create a diskpart script for partitioning and a batch script for applying the image. Boot the new PC from the Windows PE drive, run the diskpart script to create partitions, and execute the batch script to apply the image. This method is efficient for deploying consistent applications across multiple PCs.

Winsage

September 24, 2025

Microsoft releases out-of-band Windows 11 update to fix Office problems

Microsoft has issued an unscheduled update for Windows 11, designated as KB5068221, to address issues with Microsoft Office applications in virtualized environments. The update also provides a workaround for connectivity problems related to the deprecated Server Message Block (SMB) v1 protocol. The update is cumulative, including all security fixes from the earlier KB5065426 update. The specific issue fixed by the update involves a failure in Microsoft Office applications running in Microsoft Application Virtualization (App-V) environments due to a double handle closure in system components. Additionally, after installing the September 2025 Windows update, users may experience connectivity issues with SMB v1 on NetBIOS over TCP/IP. Microsoft suggests allowing network traffic on TCP port 445 as a workaround to switch the connection to TCP. The KB5068221 update is available for download from the Microsoft Update Catalog and requires installation of MSU files in a specific sequence. Instructions for installation include using Deployment Image Servicing and Management (DISM) commands for both running Windows PCs and Windows installation media.

Winsage

September 23, 2025

7 ancient Windows commands that are still helpful for troubleshooting today

The Windows Command Prompt is a key tool for PC troubleshooting, especially for IT professionals. - Netstat -a -n -o: Initial release in 1983; used for diagnosing network errors by revealing active connections, ports, and their states. Parameters -a, -n, and -o provide additional insights. - Ping -n 100 IP or webaddress: Initial release in 1983; checks connectivity to a network location, measuring latency and hops. The -n parameter specifies the number of packets, and the -t option allows continuous testing. - ipconfig /release and ipconfig /renew: Initial release in 1998; essential for displaying network hardware status and resolving IP conflicts by refreshing network configurations. - DISM /Online /Cleanup-image /RestoreHealth: Initial release in 2009; maintains Windows installation images by checking and repairing the Windows Component Store. - Sfc /scannow: Initial release in 1998; verifies and repairs the integrity of the operating system, useful for resolving certain errors. - powercfg.exe /hibernate off: Initial release in 2004; disables hibernation to free up disk space by deleting the hiberfil.sys file. - OOBEbypassnro: Initial release in 2020; allows bypassing Microsoft account registration during Windows 11 installation, though its future is uncertain due to planned removal in an upcoming update.

Winsage

September 17, 2025

How to use DISM command tool to repair Windows 10 image

The Deployment Image Servicing and Management (DISM) tool is a command-line utility in Windows 10 used for preparing, modifying, and repairing system images, including the Windows Recovery Environment, Windows Setup, and Windows PE. It can address various system issues, and when system files are missing or corrupted, the System File Checker (SFC) can replace them using the recovery image. If local image files are compromised, the SFC command may fail, and using the "install.wim" image file with DISM can repair the image, allowing SFC to function without a complete OS reinstallation. DISM includes commands such as "CheckHealth," "ScanHealth," and "RestoreHealth" for repairing system images. The "CheckHealth" command identifies corruptions without repairing them, while "ScanHealth" performs a comprehensive scan for underlying issues. The "RestoreHealth" command scans and repairs common problems, connecting to Windows Update to download and replace damaged files if needed. If DISM encounters difficulties, an "install.wim" or "install.esd" file can be used as an alternative source for repairs. The Media Creation Tool can download a fresh Windows 10 ISO file if necessary. Specific commands can be executed to repair the image using these files, and troubleshooting common errors may involve checking for source file locations or ensuring a stable internet connection. Once the image is restored, the SFC command can be run to repair the installation of Windows 10. The SFC tool checks and repairs system files using local image files, with logs saved for further review. DISM does not delete files, and its execution time can vary based on system speed and the extent of corruption.