Uninstall MSI Applications with Run Scripts and CMPivot

As Config Manager admins, we're frequently approached by managers that want us to do something NOW. Enter the Run Scripts feature in Config Manager. If you're not familiar with CMPivot, Run Scripts, and Client Notification then it would be super helpful for you to read a few of my past blogs.


Today's ramble is on how to use Run Scripts with a parameter to instantly uninstall an MSI application from your device(s). We're going to use a quick 12 year old PowerShell script (it's an oldie, but a goodie) I found on Stack Overflow.

#Uninstall an MSI application

Param(
[Parameter(Mandatory=$True)]
[string]$ApplicationName
)

Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -eq $ApplicationName} | foreach-object -process {$_.Uninstall()}

In you SCCM or MEMCM or MECM or whatever you call it now console, go to Software Library > Scripts and click on Create Script. Be sure to pick the Script Language of PowerShell, PowerShell, or PowerShell. Paste the above script into the box and click on Next.


The next screen of the wizard lets you see the Parameter for the script. If you click on Edit (not pictured in the below screenshot), you can change things about the Parameter like if it's mandatory, a friendly name, etc. Once you're happy with your Parameter, click on Next. Verify the data in the Summary window and click Next. Once it's done, close the wizard.


Your script will show up with an “Approval State” of Waiting for approval. Before you can use the script, you have to highlight the script and click on Approve/Deny in your ribbon or when you right click on your script. This opens the Approve or Deny Script wizard and the first screen shows you basic info like the script name, the script language (is it PowerShell or PowerShell or PowerShell), and the script itself. Click on Next and then on the next screen select Approve and click Next / Next / Close.
By default, you’ll need another administrator to click on the Approve/Deny button. If you want to take the safeguards off and make it so you can approve your own scripts, go to Administration > Site Configuration > Sites, right click your site and click on Hierarchy Settings, go to the General tab, and uncheck the box for Script authors require additional script approver.
To use the script, you'll need to know the name of an application as it shows up in Add/Remove Programs. You can either look it up in the Control Panel, or you can run the part of the script that enumerates applications. Get-WmiObject -Class Win32_Product will list out applications and you'll want the NAME field. For my testing, I used the Enterprise MSI install of Google Chrome which conveniently has a simple name of Google Chrome. To test out the script, go to Assets & Compliance > Devices (or you could run it against a Device Collection the same way), right click on one of your devices, and click on Run Scripts. Select the script you just made and click Next.


You'll now input a value for your Parameter. For my test, I'm doing "Google Chrome" and clicking Next. At the Summary screen you can click Next and then Close.


At this point the script is running on that workstation and uninstalling Google Chrome. If you watch Task Manager, you can tell the script kicks off almost instantly because you'll see new processes of MSIEXEC running. You'll then notice that the installation of Chrome has disappeared from your machine. You can follow up on the status of your Run Scripts action in Monitoring > Script Status. For more on how to monitor your script status, check out my previous ramblings at the links I posted way up top.

SECURITY TIP (Again):  CMPivot and Run Scripts both execute PowerShell scripts on clients from C:\Windows\CCM\ScriptStore. Create an exception rule for your security software to allow PS1 files to execute from this directory.

If you want to check in real time how many devices have an application installed, open up CMPivot. Go to you Query tab, and use the query InstalledSoftware | where ProductName like '%chrome%' which will return all systems in your collection with Google Chrome. If you have 1906 or higher, results should return instantly in a light gray font (which is information from your Config Manager DB) and then as the CMPivot query runs on systems you'll start to see real time results showing up in dark / black font. 

Comments

Popular posts from this blog

CMPivot to check Services and start them (with a little help)

Run Scripts with Parameters in MEMCM (R.I.P. SCCM)

SCCM CMPivot and Run Scripts