question

DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 asked DucheminDominique-7551 rolled back

Enabling Windows Features and their dependencies...

Hello,

I am using this command:
Enable-WindowsOptionalFeature -Online -FeatureName “Windows-Defender-Features” -all

But the results is only for the main item "Windows Defender Features" which is enabled not the dependency "Windows Defender" ...

201577-2022-05-12-22-58-33-windows-defender.png

Thanks,
Dom


windows-server-powershell
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
1 Vote"
MotoX80 answered MotoX80 edited

Reference:

https://docs.microsoft.com/en-us/powershell/module/dism/enable-windowsoptionalfeature?view=windowsserver2016-ps

-NoRestart
Suppresses reboot. If a reboot is not required, this command does nothing. This option will keep the application from prompting for a restart or keep it from restarting automatically.
-All
Enables all parent features of the specified feature. If a parent feature is required for the specified feature to be enabled in the image, All will enable the parent and all of its default dependencies.


To supress the reboot prompt add the -norestart switch.

As to why the GUI gets installed... I do not have a VM with the same OS as your server, so I can't test for you.

Based on your replies you apparently have a parent feature; Windows-Defender-Features, and a sub feature; Windows-Defender.

If you installed Windows-Defender, and it didn't work, then that would indicate to me that it's parent feature might also be required. But since you don't want the GUI, then you don't want to use the -All switch because the GUI might be tagged as a default.

If you are testing on the same machine, make sure that all defender features are uninstalled and you reboot before trying again.

Try this:

 Enable-WindowsOptionalFeature -Online -FeatureName "Windows-Defender-Features" -NoRestart
 Enable-WindowsOptionalFeature -Online -FeatureName "Windows-Defender" -NoRestart
 add shutdown to reboot if desired/required


Update: What is the issue with installing the GUI feature? If I have a server that I suspect is compromised, then I would RDP to it, verify that the definitions are up to date, and then initiate a full system scan, most likely using the GUI interface. I don't know what specific functionality that feature enables, but it seems to me that at worst, it shouldn't hurt anything, and at best, I would need it to manage Defender.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
1 Vote"
MotoX80 answered

The -All switch is for parent features and dependencies.

https://docs.microsoft.com/en-us/powershell/module/dism/enable-windowsoptionalfeature?view=windowsserver2022-ps

The easiest solution appears to be using Get-WindowsOptionalFeature and filtering on FeatureName to identify every feature that you wish to install and then piping that to Enable-WindowsOptionalFeature.

To test, I used this command to list the printing features. This is on Win10.

 Get-WindowsOptionalFeature -Online -FeatureName "printing-foundation*" | Sort-Object | Format-Table

Then installed with this command.

 Get-WindowsOptionalFeature -Online -FeatureName "printing-foundation*" | Enable-WindowsOptionalFeature -Online




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 answered DucheminDominique-7551 published

Hello,

I tried
Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender-Features*,Windows-Defender*" | Sort-Object | Format-Table

This does not show anything!!!

This is the one which works....

PS C:\Windows\system32> Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Sort-Object | Format-Table

FeatureName State DisplayName Description RestartRequired CustomProperties


Windows-Defender Disabled Windows Defender Windows Defender helps protect your machine from malware. Possible {Description, DisplayName, Id, InstallWi...
Windows-Defender-Features Enabled Windows Defender Features Windows Defender helps protect your machine from malware. Possible {Description, DisplayName, Id, Type...}
Windows-Defender-Gui Disabled GUI for Windows Defender GUI for Windows Defender. Possible {Description, DisplayName, Id, Parent...}

This one is showing 3 items but I just need 2 so continuing with the enabling.... but I don't want the GUI enabled !!!

Thanks,
Dom

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
1 Vote"
MotoX80 answered

don't want the GUI enabled

You can exclude that with a where-object.

 Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike '*GUI*' | Format-Table



To install:

 Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike '*GUI*' |  Enable-WindowsOptionalFeature -Online



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 answered DucheminDominique-7551 published

Hello,

On the first test it failed...


PS C:\Windows\system32> Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Format-Table
Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Enable-WindowsOptionalFeature -Online
Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Format-Table

FeatureName State DisplayName Description RestartRequired CustomProperties


Windows-Defender-Features Enabled Windows Defender Features Windows Defender helps protect your machine from malware. Possible {Description, DisplayName, Id, Type...}
Windows-Defender Disabled Windows Defender Windows Defender helps protect your machine from malware. Possible {Description, DisplayName, Id, InstallWi...




Path :
Online : True
RestartNeeded : False

Enable-WindowsOptionalFeature : The referenced assembly could not be found.
At line:2 char:126
+ ... FeatureName -NotLike 'GUI' | Enable-WindowsOptionalFeature -Online
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Enable-WindowsOptionalFeature], COMException
+ FullyQualifiedErrorId : Microsoft.Dism.Commands.EnableWindowsOptionalFeatureCommand





FeatureName State DisplayName Description RestartRequired CustomProperties


Windows-Defender-Features Enabled Windows Defender Features Windows Defender helps protect your machine from malware. Possible {Description, DisplayName, Id, Type...}
Windows-Defender Disabled Windows Defender Windows Defender helps protect your machine from malware. Possible {Description, DisplayName, Id, InstallWi...



But on the second it works ... but not as expected

it needs a reboot so how to do it automatically?

![201995-2022-05-14-14-21-10-vipsccmdp02-install-windows-de.png][1]

and also the exclusion of the GUI does not work...

![202011-2022-05-14-14-26-27-vipsccmdp02-install-windows-de.png][2]

Checking again...

Thanks,
Dom
[1]: /answers/storage/attachments/201995-2022-05-14-14-21-10-vipsccmdp02-install-windows-de.png
[2]: /answers/storage/attachments/202011-2022-05-14-14-26-27-vipsccmdp02-install-windows-de.png


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 answered MotoX80 commented

Hello,

Apparently the exclusion works on the
Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Format-Table

but not on the
Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Enable-WindowsOptionalFeature -Online


PS C:\Windows\system32> Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Format-Table

FeatureName State DisplayName Description RestartRequired CustomProperties


Windows-Defender-Gui Enabled GUI for Windows Defender GUI for Windows Defender. Possible {Description, DisplayName, Id, P...
Windows-Defender-Features Enabled Windows Defender Features Windows Defender helps protect your machine from malware. Possible {Description, DisplayName, Id, T...
Windows-Defender Enabled Windows Defender Windows Defender helps protect your machine from malware. Possible {Description, DisplayName, Id, I...

Any idea?
Thanks,
Dom

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If you can't exclude the GUI, then that tells me that it's a dependent (required) component. What OS are you running this on? I have a Win11 laptop and a Win10 VM that I test with and neither have a GUI component. They typically match server versions.

 PS C:\> Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Format-Table
    
 FeatureName                             State DisplayName                          Description
 -----------                             ----- -----------                          -----------
 Windows-Defender-Default-Definitions Disabled
 Windows-Defender-ApplicationGuard    Disabled Microsoft Defender Application Guard Offers a secure container for int...

As to the referenced assembly problem, I have no idea what state your machine is in. Are you running this install as part of a build script? Has all of the available Windows Update features been installed?

To reboot, just run

shutdown.exe /r /c "Installing defender"

0 Votes 0 ·
DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 answered DucheminDominique-7551 commented

Hello,

"If you can't exclude the GUI, then that tells me that it's a dependent (required) component. What OS are you running this on? I have a Win11 laptop and a Win10 VM that I test with and neither have a GUI component. They typically match server versions."

I have Windows Server 2016... And if I install manually the "Windows Defender Features" I could select the "Windows Defender" without installing the "GUI for Windows Defender"
201935-2022-05-14-16-35-31-windows-defender-features.png

Also the exclusion works on the display but not on the enabling!!!... strange...
Let me try on a brand new server not touched by the previous testing....

All servers (20) were installed in July 2017 and patched Tuesday last week and are Windows Server 2016 only the first one was giving me the error, they all are at the same state.

Thanks,
Dom



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Then don't use Get-WindowsOptionalFeature, just use Enable-WindowsOptionalFeature and spell out the feature(s) that you want installed. It should just be 2 lines of PS code instead of one.

1 Vote 1 ·

Hello,

testing now:


Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Format-Table

Enable-WindowsOptionalFeature -Online -FeatureName "Windows-Defender"

Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Format-Table

shutdown.exe /r /c "Installing defender - installation Windows Defender"


Thanks ,
Dom

0 Votes 0 ·
DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 answered

Hello,

I used also:


Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Format-Table

Enable-WindowsOptionalFeature -Online -FeatureName "Windows-Defender"

Get-WindowsOptionalFeature -Online -FeatureName "Windows-Defender*" | Where-Object -Property FeatureName -NotLike 'GUI' | Format-Table

shutdown.exe /r /c "Installing defender - installation Windows Defender"



But there are two stops...

Waiting for reboot on line 2!!!
Then the line 4 reboot but there is a stop at line 2... "Do you want to reboot" ? How to bypass these questions not needed during a Configuration Manager Push!!


and also the two features "Windows-Defender" & "GUI For Windows Defender" got enabled even the GUI!!!

Thanks,
Dom

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 answered

Hello,

I tried manually
Enable-WindowsOptionalFeature -Online -FeatureName "Windows-Defender"


I did not enabled anything...
Thanks,
Dom

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 answered DucheminDominique-7551 rolled back

Hello,

Yes "Windows-Defender-Features" & "Windows-Defender" are dependent...

I tried:
202006-2022-05-15-10-03-55-vipsccmdp01-windows-defender-f.png

then:
202019-2022-05-15-10-08-02-vipsccmdp01-windows-defender-f.png

Results:
201940-2022-05-15-10-06-51-vipsccmdp01-windows-defender-f.png

Thanks you for your help as the -NoRestart works so that a progress...
The GUI I will live with it in for now and might ask Microsoft if they have idea why this is not working per Powershell as I think you proposed all options so not sure what's next...

I will try another test on another machine maybe 2012 or 2019 to see how it reacts ...

I tried the command line alone:
Enable-WindowsOptionalFeature -Online -FeatureName "Windows-Defender" -NoRestart

and both the "Windows-Defender" and "Windows-Defender-GUI" got enabled but not the parent "Windows-Defender-Features"

Thanks,
Dom


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.