The dynamic part of this is really simple and can be made into really complex installation sequences. Here I will only showcase the simplest of ways to use it.
So we are talking about installation that uses base variable. This an be used in many ways
You can write them with powershell to your computer as you go. Meaning that you have some kind of SQL query to search something and based on results you write them into variables to that computer being installed. Or query AD group based variables of premade computer account or what ever. Its not really limited on ways how to use it.
So lets play with the idea for a sec.
So here we have a multiple collection that have a variable placed upon the collection. If your computer is a member of this group then it will get the app01 variable that guides installation to
With app variable you need to have the variables placed in a right order. So if you have app01 and app03 being deployed, you will only install app01. You have to play around the problem by re-writing the computer variables so you will get app01 and app02. There are examples of this in the internet.
Behind the link you may have an example script on how to rename variables.
Based upon David O’Brian’s script there is a variable named APP used in the example script. And It uses App_Variables.log filename to log events.
if ($args.Count -eq 1)
{
$BaseVariableName = $args[0]
}
elseif ($args.Count -eq 2)
{
$BaseVariableName = $args[0]
$LengthSuffix = $args[1]
}
Function Write-Message(
[parameter(Mandatory=$true)]
[ValidateSet("Info", "Warning", "Error", "Verbose")]
[String] $Severity,
[parameter(Mandatory=$true)]
[String] $Message
)
{
if((Test-Path -Path $LogFile))
{
Add-Content -Path "$($LogFile)" -Value "$(([System.DateTime]::Now).ToString()) $Severity - $Message"
}
else
{
New-Item -Path $LogFile -ItemType File
}
Switch ($Severity)
{
"Info" {$FColor="gray"}
"Warning" {$FColor="yellow"}
"Error" {$FColor="red"}
"Verbose" {$FColor="green"}
Default {$FColor="gray"}
}
Write-Output "$(([System.DateTime]::Now).ToString()) $Severity - $Message" -fore $FColor
}
$BaseVariableList = @()
$BaseVariableName = "App"
$LengthSuffix = 2
$objSMSTS = New-Object -ComObject Microsoft.SMS.TSEnvironment
$SMSTSVars = $objSMSTS.GetVariables()
$SMSTSLogPath = $objSMSTS.Value("_SMSTSLogPath")
if (Test-Path $SMSTSLogPath)
{
$LogFile = $(Join-Path $SMSTSLogPath Apps_variables.log)
}
#Writing the Variables to Logfile
Write-Message -Severity Info -Message "This is the Dynamic Variable List BEFORE rebuilding it."
foreach ($Var in $objSMSTS.GetVariables())
{
if ( $Var.ToUpper().Substring(0,$var.Length-$LengthSuffix) -eq $BaseVariableName)
{
Write-Message -Severity Info -Message "$($Var) = $($objSMSTS.Value($Var))"
$BaseVariableList += @{$Var=$objSMSTS.Value($Var)}
}
}
$objects = @()
$fixed = @()
$objects = $BaseVariableList
[int]$x = 1
# Writing the variables to Logfile after being reordered
Write-Message -Severity Info -Message "------------------------------------------------------"
Write-Message -Severity Info -Message ""
Write-Message -Severity Info -Message "This is the Dynamic Variable List AFTER rebuilding it."
foreach ($i in $objects)
{
$Name = "$($BaseVariableName){0:00}" -f $x
$Value = "$($i.Values)"
$fixed += @{$Name=$Value}
Write-Message -Severity Info -Message "$($Name) = $($Value)"
$x++
$Name = ""
$Value = ""
}
$BaseVariableListFixed = @()
$BaseVariableListFixed += $fixed
foreach ($BaseVariable in $BaseVariableListFixed)
{
""
$objSMSTS.Value("$($BaseVariable.Keys)") = "$($BaseVariable.Values)"
}
The idea of the script is still the same. You need to have a prefix on what to search and re-write the numbers as shown in the picture.
This also can be done to computers already installed. Meaning that you can run task sequence over and over again but hide progress bar for it. This means you can have your AD groups that guide your application installation. Running all AD groups against their variables will automatically detect correctly installed apps and re-apply missing ones or add the new ones. Please do not use this. This is not really clever way to use this. Its just an example.
I am quite sure there are ton of ways I have missed the “how you might use these”. But the idea of how and why you might want to add these to your repertoire could be in those example scenarios. Or better yet have your own idea what suits you and your own environment.
If variable app name does not exists it does make an error in smsts.log:
Application policy for ‘WrongAppNameHere‘ not received. Make sure the application is marked for dynamic app install. Policy download failed, hr=0x80004005.
So its not really unknown app. Variable is clearly written in smsts.log. And smsts.log will be your friend on debugging problems.
If I’d do my this on my own environment I’d probably would go for premade computer accounts with AD group based install. This can also be made so you copy the ad groups from an example computer. You could do this by running query against the old computer and create the computer account with the same ad groups. It would be quite an easy function to build and should be easily maintained.
I must say apologizes to Guy, he contacted me and it took me over a month to reply. He asked me if I could fix my site. I couldn’t but now I have re-write the content. This once again is a great reminder on the importance of getting backups.
Rant over and topic at hand. There is a simple way to make a powershell script to add computer to your SCCM database.
Start Powershell ISE to see the script that is needed to connect to your SCCM instance. Script will be auto-generated like the below screenshot shows:
When you run the script. You might get a popup saying the following:
This allows you to do much more with SCCM. This gives you a base script for your own environment for your scripts. So gather the needed lines from the generated script and add more after the pre-requisite steps.
I bet when you have been googling, you haven’t found anything worthy results that actually makes the security portals hide the classic teams. Well I made a script that is bad, I mean its bad as it really should have been Microsoft all along to fix this and not IT admins.
So this can be done with application based “install” or remediation based script.
SCCM – Application example
Detection method:
# Microsoft Teams Classic Uninstall Detection
$goRemediate = $false
$UserProfiles = Get-ChildItem "C:\Users" -Directory
$TeamsClassicFound = $false
foreach ($profile in $UserProfiles) {
$TeamsClassicPath = "$($profile.FullName)\AppData\Local\Microsoft\Teams\current\Teams.exe"
if (Test-Path $TeamsClassicPath) {
#write-host "Teams Classic found in user profile located in $($profile.FullName), setting remediation needs to $true"
$TeamsClassicFound = $true
break
}
}
if (!$TeamsClassicFound) {
#write-host "No Teams Classic found." -ForegroundColor Green
} else {
# write-host "Teams Classic was found, needs to be remediated."
$goRemediate = $true
}
$registryPath = @(
"HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*",
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*"
)
$MachineWide = Get-ItemProperty -Path $registryPath | Where-Object -Property DisplayName -eq "Teams Machine-Wide Installer"
$classic = Get-WmiObject -Query "SELECT * FROM Win32_Product WHERE Name = 'Microsoft Teams classic'"
$hkuKeys = Get-ChildItem -Path "Registry::HKEY_USERS"
foreach ($userKey in $hkuKeys) {
$teamsKeyPath = "Registry::HKEY_USERS\$($userKey.PSChildName)\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Teams"
if (Test-Path $teamsKeyPath) {
# write-host "User registry still lurking, setting remediation needs to $true"
$goRemediate = $true
}
}
if ($MachineWide) {
#write-host "Still lurking: Teams Machine-Wide Installer, setting remediation needs to $true"
$goRemediate = $true
}
if ($classic) {
#write-host "Still lurking: Microsoft Teams Classic Installer, setting remediation needs to $true"
$goRemediate = $true
}
# Finding SIDs for loop
$PatternSID = 'S-1-5-\d+-\d+-\d+\-\d+\-\d+$'
# Get Username, SID, and location of ntuser.dat for all users
$ProfileList = gp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $PatternSID} |
Select @{name="SID";expression={$_.PSChildName}},
@{name="UserHive";expression={"$($_.ProfileImagePath)\ntuser.dat"}},
@{name="Username";expression={$_.ProfileImagePath -replace '^(.*[\\\/])', ''}}
# Get all user SIDs found in HKEY_USERS (ntuder.dat files that are loaded)
$LoadedHives = gci Registry::HKEY_USERS | ? {$_.PSChildname -match $PatternSID} | Select @{name="SID";expression={$_.PSChildName}}
# Get all users that are not currently logged
$UnloadedHives = Compare-Object $ProfileList.SID $LoadedHives.SID | Select @{name="SID";expression={$_.InputObject}}, UserHive, Username
# Loop through each profile on the machine
Foreach ($item in $ProfileList) {
IF ($item.SID -in $UnloadedHives.SID) {
reg load HKU\$($Item.SID) $($Item.UserHive) | Out-Null
}
# Check and potentially remove outdated Teams versions
$teamsUninstallKeys = Get-ItemProperty registry::HKEY_USERS\$($item.SID)\Software\Microsoft\Windows\CurrentVersion\Uninstall\Teams*
if ($teamsUninstallKeys) {
foreach ($teamsKey in $teamsUninstallKeys) {
#write-host "Teams found in user profile: $($item.Username) with version $displayVersion"
$goRemediate = $true
}
}
}
IF ($item.SID -in $UnloadedHives.SID) {
[gc]::Collect()
reg unload HKU\$($item.SID) | Out-Null
}
if (!$goRemediate) {
write-output "Installed."
}
So as you might wonder. This is reverse logic. If not found then Installed. This app is only to remove and use “INSTALL” as the logic of which is build:
So there you have the detection method and why its done weirdly.
Application install – SCCM
#"C:\ProgramData\Microsoft\IntuneManagementExtension\Logs"
#"C:\Windows\CCM\Logs\TeamsUninstaller.log"
$logFilePath = "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs"
function Log-Message {
param (
[string]$Message
)
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Add-Content -Path $logFilePath -Value "$timestamp - $Message"
}
$UserProfiles = Get-ChildItem "C:\Users" -Directory
$TeamsClassicFound = $false
foreach ($profile in $UserProfiles) {
$TeamsClassicPath = "$($profile.FullName)\AppData\Local\Microsoft\Teams\current\Teams.exe"
if (Test-Path $TeamsClassicPath) {
Log-Message "Teams Classic found in user profile located in $($profile.FullName)"
}
}
if (!$TeamsClassicFound) {
Log-Message "No Teams Classic found."
}
$registryPath = @(
"HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*",
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*"
)
$MachineWide = Get-ItemProperty -Path $registryPath | Where-Object -Property DisplayName -eq "Teams Machine-Wide Installer"
Log-Message "$($MachineWide.DisplayName) Was found in the installed applications."
$hkuKeys = Get-ChildItem -Path "Registry::HKEY_USERS"
foreach ($userKey in $hkuKeys) {
$teamsKeyPath = "Registry::HKEY_USERS\$($userKey.PSChildName)\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Teams"
if (Test-Path $teamsKeyPath) {
Log-Message "User registry still lurking, setting remediation needs to true"
}
}
function Uninstall-TeamsClassic($TeamsPath) {
try {
$process = Start-Process -FilePath "$TeamsPath\Update.exe" -ArgumentList "--uninstall /s" -PassThru -Wait -ErrorAction Stop
if ($process.ExitCode -ne 0) {
Log-Message "Uninstallation failed with exit code $($process.ExitCode)."
}
}
catch {
Log-Message "Uninstallation failed: $($_.Exception.Message)"
}
}
$AllUsers = Get-ChildItem -Path "$($ENV:SystemDrive)\Users"
foreach ($User in $AllUsers) {
Log-Message "Processing user: $($User.Name)"
$localAppData = "$($ENV:SystemDrive)\Users\$($User.Name)\AppData\Local\Microsoft\Teams"
$programData = "$($env:ProgramData)\$($User.Name)\Microsoft\Teams"
if (Test-Path "$localAppData\Current\Teams.exe") {
Log-Message "Uninstall Teams for user $($User.Name)"
Uninstall-TeamsClassic -TeamsPath $localAppData
} elseif (Test-Path "$programData\Current\Teams.exe") {
Log-Message "Uninstall Teams for user $($User.Name)"
Uninstall-TeamsClassic -TeamsPath $programData
} else {
Log-Message "Teams installation not found for user $($User.Name)"
}
}
$TeamsIcon_old = "$($ENV:SystemDrive)\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams*.lnk"
Get-Item $TeamsIcon_old | Remove-Item -Force -Recurse
$registryPath = @(
"HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*",
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*"
)
$MachineWide = Get-ItemProperty -Path $registryPath | Where-Object -Property DisplayName -eq "Teams Machine-Wide Installer"
if ($MachineWide) {
$registryKeyPath = $MachineWide.PSPath
$cleanRegistryPath = $registryKeyPath -replace "Microsoft.PowerShell.Core\\Registry::", "Registry::"
Remove-Item -Path $cleanRegistryPath -Recurse -Force
} else {
Log-Message "Teams Machine-Wide Installer not found in the registry."
}
$PatternSID = 'S-1-5-\d+-\d+-\d+\-\d+\-\d+$'
$ProfileList = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $PatternSID} |
Select @{name="SID";expression={$_.PSChildName}},
@{name="UserHive";expression={"$($_.ProfileImagePath)\ntuser.dat"}},
@{name="Username";expression={$_.ProfileImagePath -replace '^(.*[\\\/])', ''}}
$LoadedHives = Get-ChildItem Registry::HKEY_USERS | Where-Object {$_.PSChildname -match $PatternSID} | Select @{name="SID";expression={$_.PSChildName}}
$UnloadedHives = Compare-Object $ProfileList.SID $LoadedHives.SID | Select @{name="SID";expression={$_.InputObject}}, UserHive, Username
function Load-Hive {
param (
[string]$SID,
[string]$HivePath
)
$maxRetries = 2
$retryDelay = 2 # seconds
for ($attempt = 1; $attempt -le $maxRetries; $attempt++) {
try {
# Attempt to load the hive
reg load HKU\$SID $HivePath | Out-Null
Log-Message "Successfully loaded hive for SID $SID"
return $true
} catch {
Log-Message "Failed to load hive for SID $SID on attempt: $(${_}.Exception.Message)"
if ($attempt -lt $maxRetries) {
Log-Message "Retrying in $retryDelay seconds..."
Start-Sleep -Seconds $retryDelay
} else {
Log-Message "Maximum retries reached for loading hive $SID. Skipping this profile."
return $false
}
}
}
}
foreach ($item in $ProfileList) {
Log-Message "Checking $($item.Username)"
if ($item.SID -in $UnloadedHives.SID) {
Log-Message "Hive not loaded for $($item.Username). Attempting to load hive."
$hiveLoaded = Load-Hive -SID $item.SID -HivePath $item.UserHive
if (-not $hiveLoaded) {
Log-Message "Skipping user $($item.Username) due to failed hive load."
continue
}
}
$teamsUninstallKeys = Get-ItemProperty registry::HKEY_USERS\$($item.SID)\Software\Microsoft\Windows\CurrentVersion\Uninstall\Teams*
if ($teamsUninstallKeys) {
foreach ($teamsKey in $teamsUninstallKeys) {
# Remove the Teams uninstall key
Remove-Item -Path "registry::HKEY_USERS\$($item.SID)\Software\Microsoft\Windows\CurrentVersion\Uninstall\$($teamsKey.PSChildName)" -Recurse
# Remove Teams folder from profile
if ($teamsPath) {
Remove-Item -Path $teamsPath -Recurse -Force
}
}
}
if ($item.SID -in $UnloadedHives.SID) {
Log-Message "Unloading hive for $($item.Username)"
[gc]::Collect()
reg unload HKU\$($item.SID) | Out-Null
}
}
exit 0
This to run on client that have detected that there are still hints of Legacy Teams in user profiles or in some user accounts appdata folder.
But that’s that then. Deploy with caution. This isn’t very professional way to approach this, but neither was Microsoft’s approach to deploy new teams and not do anything for legacy Teams.
Intune Remediation
Discovery script:
# Microsoft Teams Classic Uninstall Detection
$goRemediate = $false
$UserProfiles = Get-ChildItem "C:\Users" -Directory
$TeamsClassicFound = $false
foreach ($profile in $UserProfiles) {
$TeamsClassicPath = "$($profile.FullName)\AppData\Local\Microsoft\Teams\current\Teams.exe"
if (Test-Path $TeamsClassicPath) {
#write-host "Teams Classic found in user profile located in $($profile.FullName), setting remediation needs to $true"
$TeamsClassicFound = $true
break
}
}
if (!$TeamsClassicFound) {
#write-host "No Teams Classic found." -ForegroundColor Green
} else {
# write-host "Teams Classic was found, needs to be remediated."
$goRemediate = $true
}
$registryPath = @(
"HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*",
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*"
)
$MachineWide = Get-ItemProperty -Path $registryPath | Where-Object -Property DisplayName -eq "Teams Machine-Wide Installer"
$classic = Get-WmiObject -Query "SELECT * FROM Win32_Product WHERE Name = 'Microsoft Teams classic'"
$hkuKeys = Get-ChildItem -Path "Registry::HKEY_USERS"
foreach ($userKey in $hkuKeys) {
$teamsKeyPath = "Registry::HKEY_USERS\$($userKey.PSChildName)\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Teams"
if (Test-Path $teamsKeyPath) {
# write-host "User registry still lurking, setting remediation needs to $true"
$goRemediate = $true
}
}
if ($MachineWide) {
#write-host "Still lurking: Teams Machine-Wide Installer, setting remediation needs to $true"
$goRemediate = $true
}
if ($classic) {
#write-host "Still lurking: Microsoft Teams Classic Installer, setting remediation needs to $true"
$goRemediate = $true
}
# Define minimum acceptable version (replace with your desired version)
$minVersion = "1.7.0.4689"
# Finding SIDs for loop
$PatternSID = 'S-1-5-\d+-\d+-\d+\-\d+\-\d+$'
# Get Username, SID, and location of ntuser.dat for all users
$ProfileList = gp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $PatternSID} |
Select @{name="SID";expression={$_.PSChildName}},
@{name="UserHive";expression={"$($_.ProfileImagePath)\ntuser.dat"}},
@{name="Username";expression={$_.ProfileImagePath -replace '^(.*[\\\/])', ''}}
# Get all user SIDs found in HKEY_USERS (ntuder.dat files that are loaded)
$LoadedHives = gci Registry::HKEY_USERS | ? {$_.PSChildname -match $PatternSID} | Select @{name="SID";expression={$_.PSChildName}}
# Get all users that are not currently logged
$UnloadedHives = Compare-Object $ProfileList.SID $LoadedHives.SID | Select @{name="SID";expression={$_.InputObject}}, UserHive, Username
# Loop through each profile on the machine
Foreach ($item in $ProfileList) {
IF ($item.SID -in $UnloadedHives.SID) {
reg load HKU\$($Item.SID) $($Item.UserHive) | Out-Null
}
# Check and potentially remove outdated Teams versions
$teamsUninstallKeys = Get-ItemProperty registry::HKEY_USERS\$($item.SID)\Software\Microsoft\Windows\CurrentVersion\Uninstall\Teams*
if ($teamsUninstallKeys) {
foreach ($teamsKey in $teamsUninstallKeys) {
$displayVersion = $teamsKey.DisplayVersion
if ($displayVersion -lt $minVersion) {
#write-host "Teams found in user profile: $($item.Username) with version $displayVersion"
$goRemediate = $true
}
}
}
IF ($item.SID -in $UnloadedHives.SID) {
[gc]::Collect()
reg unload HKU\$($item.SID) | Out-Null
}
}
if (!$goRemediate) {
write-output "Installed."
}
if ($goRemediate) {
write-host "Issues detected. Proceeding with remediation."
exit 1
} else {
write-host "No issues detected. No remediation needed."
exit 0
}
Remediation:
#"C:\ProgramData\Microsoft\IntuneManagementExtension\Logs"
#"C:\Windows\CCM\Logs\TeamsUninstaller.log"
$logFilePath = "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs"
function Log-Message {
param (
[string]$Message
)
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Add-Content -Path $logFilePath -Value "$timestamp - $Message"
}
$UserProfiles = Get-ChildItem "C:\Users" -Directory
$TeamsClassicFound = $false
foreach ($profile in $UserProfiles) {
$TeamsClassicPath = "$($profile.FullName)\AppData\Local\Microsoft\Teams\current\Teams.exe"
if (Test-Path $TeamsClassicPath) {
Log-Message "Teams Classic found in user profile located in $($profile.FullName)"
}
}
if (!$TeamsClassicFound) {
Log-Message "No Teams Classic found."
}
$registryPath = @(
"HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*",
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*"
)
$MachineWide = Get-ItemProperty -Path $registryPath | Where-Object -Property DisplayName -eq "Teams Machine-Wide Installer"
Log-Message "$($MachineWide.DisplayName) Was found in the installed applications."
$hkuKeys = Get-ChildItem -Path "Registry::HKEY_USERS"
foreach ($userKey in $hkuKeys) {
$teamsKeyPath = "Registry::HKEY_USERS\$($userKey.PSChildName)\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Teams"
if (Test-Path $teamsKeyPath) {
Log-Message "User registry still lurking, setting remediation needs to true"
}
}
function Uninstall-TeamsClassic($TeamsPath) {
try {
$process = Start-Process -FilePath "$TeamsPath\Update.exe" -ArgumentList "--uninstall /s" -PassThru -Wait -ErrorAction Stop
if ($process.ExitCode -ne 0) {
Log-Message "Uninstallation failed with exit code $($process.ExitCode)."
}
}
catch {
Log-Message "Uninstallation failed: $($_.Exception.Message)"
}
}
$AllUsers = Get-ChildItem -Path "$($ENV:SystemDrive)\Users"
foreach ($User in $AllUsers) {
Log-Message "Processing user: $($User.Name)"
$localAppData = "$($ENV:SystemDrive)\Users\$($User.Name)\AppData\Local\Microsoft\Teams"
$programData = "$($env:ProgramData)\$($User.Name)\Microsoft\Teams"
if (Test-Path "$localAppData\Current\Teams.exe") {
Log-Message "Uninstall Teams for user $($User.Name)"
Uninstall-TeamsClassic -TeamsPath $localAppData
} elseif (Test-Path "$programData\Current\Teams.exe") {
Log-Message "Uninstall Teams for user $($User.Name)"
Uninstall-TeamsClassic -TeamsPath $programData
} else {
Log-Message "Teams installation not found for user $($User.Name)"
}
}
$TeamsIcon_old = "$($ENV:SystemDrive)\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams*.lnk"
Get-Item $TeamsIcon_old | Remove-Item -Force -Recurse
$registryPath = @(
"HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*",
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*"
)
$MachineWide = Get-ItemProperty -Path $registryPath | Where-Object -Property DisplayName -eq "Teams Machine-Wide Installer"
if ($MachineWide) {
$registryKeyPath = $MachineWide.PSPath
$cleanRegistryPath = $registryKeyPath -replace "Microsoft.PowerShell.Core\\Registry::", "Registry::"
Remove-Item -Path $cleanRegistryPath -Recurse -Force
} else {
Log-Message "Teams Machine-Wide Installer not found in the registry."
}
$PatternSID = 'S-1-5-\d+-\d+-\d+\-\d+\-\d+$'
$ProfileList = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $PatternSID} |
Select @{name="SID";expression={$_.PSChildName}},
@{name="UserHive";expression={"$($_.ProfileImagePath)\ntuser.dat"}},
@{name="Username";expression={$_.ProfileImagePath -replace '^(.*[\\\/])', ''}}
$LoadedHives = Get-ChildItem Registry::HKEY_USERS | Where-Object {$_.PSChildname -match $PatternSID} | Select @{name="SID";expression={$_.PSChildName}}
$UnloadedHives = Compare-Object $ProfileList.SID $LoadedHives.SID | Select @{name="SID";expression={$_.InputObject}}, UserHive, Username
function Load-Hive {
param (
[string]$SID,
[string]$HivePath
)
$maxRetries = 2
$retryDelay = 2 # seconds
for ($attempt = 1; $attempt -le $maxRetries; $attempt++) {
try {
# Attempt to load the hive
reg load HKU\$SID $HivePath | Out-Null
Log-Message "Successfully loaded hive for SID $SID"
return $true
} catch {
Log-Message "Failed to load hive for SID $SID on attempt: $(${_}.Exception.Message)"
if ($attempt -lt $maxRetries) {
Log-Message "Retrying in $retryDelay seconds..."
Start-Sleep -Seconds $retryDelay
} else {
Log-Message "Maximum retries reached for loading hive $SID. Skipping this profile."
return $false
}
}
}
}
foreach ($item in $ProfileList) {
Log-Message "Checking $($item.Username)"
if ($item.SID -in $UnloadedHives.SID) {
Log-Message "Hive not loaded for $($item.Username). Attempting to load hive."
$hiveLoaded = Load-Hive -SID $item.SID -HivePath $item.UserHive
if (-not $hiveLoaded) {
Log-Message "Skipping user $($item.Username) due to failed hive load."
continue
}
}
$teamsUninstallKeys = Get-ItemProperty registry::HKEY_USERS\$($item.SID)\Software\Microsoft\Windows\CurrentVersion\Uninstall\Teams*
if ($teamsUninstallKeys) {
foreach ($teamsKey in $teamsUninstallKeys) {
# Remove the Teams uninstall key
Remove-Item -Path "registry::HKEY_USERS\$($item.SID)\Software\Microsoft\Windows\CurrentVersion\Uninstall\$($teamsKey.PSChildName)" -Recurse
# Remove Teams folder from profile
if ($teamsPath) {
Remove-Item -Path $teamsPath -Recurse -Force
}
}
}
if ($item.SID -in $UnloadedHives.SID) {
Log-Message "Unloading hive for $($item.Username)"
[gc]::Collect()
reg unload HKU\$($item.SID) | Out-Null
}
}
exit 0
That’s that then. Try and be careful. Do not deploy to all computers at once.
