Intune Remediation script to uninstall 7-Zip

Question 1

I just wanted to have some advice on those remediation scripts; what do you think?

The idea is to detect every 7-Zip installed on the computer and search for those not up to date and uninstall them. Got some Struggle with placing correctly the exits code used by Intune.

Detection Script:

64ドルbits = Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object DisplayName -match "7-Zip"
32ドルbits = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object DisplayName -match "7-Zip"
if (!(64ドルbits) -and !(32ドルbits)){
 Write-Host "7-Zip isnt detected at all"
 exit 0
}
if (64ドルbits){
 foreach ($soft in 64ドルbits){
 Write-Host "7-Zip(x64) ver:" $soft.DisplayVersion "detected"
 if ($soft.DisplayVersion -lt "23.01"){
 exit 1
 }
 }
}
else {
 Write-Host "7-Zip(x64) isnt detected"
}
if (32ドルbits){
 foreach ($soft in 32ドルbits){
 Write-Host "7-Zip(x86) ver:" $soft.DisplayVersion "detected"
 if ($soft.DisplayVersion -lt "23.01"){
 exit 1
 }
 }
}
else {
 Write-Host "7-Zip(x86) isnt detected"
}

Remediation Script:

64ドルbits = Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object DisplayName -match "7-Zip"
if (64ドルbits){
 foreach ($soft in 64ドルbits){
 if ($soft.DisplayVersion -lt "23.01"){
 
 Write-host "Uninstall" $soft.DisplayName $soft.DisplayVersion
 Start-Process $soft.UninstallString -ArgumentList "/S"
 }
 }
}
32ドルbits = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object DisplayName -match "7-Zip"
if (32ドルbits){
 foreach ($soft in 32ドルbits){
 if ($soft.DisplayVersion -lt "23.01" -or $soft.DisplayVersion -eq $null){
 Write-Host "7-Zip(x86) ver:" $soft.DisplayVersion "detected"
 Start-Process $soft.UninstallString -ArgumentList "/S"
 Write-host "Uninstall" $soft.DisplayName $soft.DisplayVersion
 }
 }
}
exit 0

Question 2

Some quick and superficial comments:

Some constants like 64ドルbits and 32ドルbits should be defined once. It makes sense to put them in a separate file and include the file in your script.

Here is an example of how you could load (include) files residing in your script directory.

Better yet, create a Powershell module. The script could be much more versatile and be used for other programs as well. Then, consider using a parameter to pass the program name from the command line.

In a corporate environment, I think a group policy of some sort would be the chosen route for maintaining software on the workstations. I noticed that you mentioned Intune.

The software version is hardcoded multiple times. It shouldn't. This should be a parameter, because the value will change over time. You don't want to change your code every time there is an upgrade.

There is unneeded duplication, the loops for 64ドルbits and 32ドルbits are functionally identical. You just need one additional nested ForEach loop and you can reduce the size of the code by an half.

exit 0 isn't really needed, it is implicit.

But it would really make sense to check the exit code after running Start-Process (with -Wait), because the uninstalling could indeed fail.

I have noticed minor discrepancies in spelling like Write-Host vs Write-host, which makes me think that maybe you are not using an IDE (eg Visual Studio Code) at the moment, but a generic editor. If that is not the case I would recommend using an IDE + some plugins for code completion, formatting, syntax checking etc.

I have not tested this script, being on Linux at the moment.

I think there is one thing that is problematic, it is that you are uninstalling software that is not up to date, which is bound to cause loss of functionality and frustration among end users. The proper remediation should be to upgrade the software to the latest stable release, not remove it unless it is not in your approved list. Or unless you can guarantee that another mechanism (Intune?) is already taking care of that.

Question 3

Thank you for taking time to answer, really appreciate! With Intune I don't think it's possible to include a separate file. You manage app with in tune, but there is some old version still installed on some computer: the idea is just too used this once just to clean old version and then installed app with intune. I'll take a look to nested loop to reduce the script. I'll also implement a test in case the uninstallation failed. Yeah, i'm Using the default ISE from powershell, I'm only using Powershell, which plugin do you recommand ?

Kate 8,3139 silver badges21 bronze badges · Accepted Answer · 2024-03-25 17:35:26Z

Some quick and superficial comments:

Some constants like 64ドルbits and 32ドルbits should be defined once. It makes sense to put them in a separate file and include the file in your script.

Here is an example of how you could load (include) files residing in your script directory.

Better yet, create a Powershell module. The script could be much more versatile and be used for other programs as well. Then, consider using a parameter to pass the program name from the command line.

In a corporate environment, I think a group policy of some sort would be the chosen route for maintaining software on the workstations. I noticed that you mentioned Intune.

The software version is hardcoded multiple times. It shouldn't. This should be a parameter, because the value will change over time. You don't want to change your code every time there is an upgrade.

There is unneeded duplication, the loops for 64ドルbits and 32ドルbits are functionally identical. You just need one additional nested ForEach loop and you can reduce the size of the code by an half.

exit 0 isn't really needed, it is implicit.

But it would really make sense to check the exit code after running Start-Process (with -Wait), because the uninstalling could indeed fail.

I have noticed minor discrepancies in spelling like Write-Host vs Write-host, which makes me think that maybe you are not using an IDE (eg Visual Studio Code) at the moment, but a generic editor. If that is not the case I would recommend using an IDE + some plugins for code completion, formatting, syntax checking etc.

I have not tested this script, being on Linux at the moment.

I think there is one thing that is problematic, it is that you are uninstalling software that is not up to date, which is bound to cause loss of functionality and frustration among end users. The proper remediation should be to upgrade the software to the latest stable release, not remove it unless it is not in your approved list. Or unless you can guarantee that another mechanism (Intune?) is already taking care of that.

Thank you for taking time to answer, really appreciate! With Intune I don't think it's possible to include a separate file. You manage app with in tune, but there is some old version still installed on some computer: the idea is just too used this once just to clean old version and then installed app with intune. I'll take a look to nested loop to reduce the script. I'll also implement a test in case the uninstallation failed. Yeah, i'm Using the default ISE from powershell, I'm only using Powershell, which plugin do you recommand ?

Stack Exchange Network

Intune Remediation script to uninstall 7-Zip

1 Answer 1

You must log in to answer this question.

Hot Network Questions

Intune Remediation script to uninstall 7-Zip

1 Answer 1

You must log in to answer this question.

Related

Hot Network Questions