Uninstall IE9 via SCCM

Post PicInternet Explorer 9 is the fastest, most secure iteration of IE yet!  Unfortunately, some companies are not ready to deploy it into production or are in a testing phase.  In environments with System Center Configuration Manager (SCCM) you may have cases where an administrator accidentally rolled out IE 9 via SCCM’s Software Updates.  In this scenario you may need to uninstall IE9 and reinstall at a later time.  But how do you go about removing IE9 from systems?



I have seen various ways to do this with SCCM, and I am a fan of simple solutions.  Microsoft has provided a Microsoft Fix It link within this article:  http://support.microsoft.com/kb/2579295#phrss.  The awesome part is that the link runs an MSI.  MSI installers are a perfect item to package up in SCCM for easy distribution!
Here is the summary of how I set it up for one of my customers:
  1. Create a Collection of Workstations with IE9 installed
  2. Package the MSI downloaded by clicking “Fix this problem” in the above article
  3. Package a script that kills the iexplore.exe process to ensure Internet Explorer is not running when the uninstall is executed
  4. Create a Task Sequence that runs through all the packages in logical order
  5. Advertise the Task Sequence to the Collection of Systems with IE9 installed
Part 1: Create a Collection of Systems with IE 9 Installed
Here is an example query that will find all Workstation Systems (we don’t want to reboot Servers) with IE 9 installed:
select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceId = SMS_R_System.ResourceId where SMS_G_System_SoftwareFile.FileName = “iexplore.exe” and SMS_G_System_SoftwareFile.FileVersion like “9.%” and SMS_R_System.OperatingSystemNameandVersion like “%NT%Workstation%”
                          else you can run: 

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceID inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceID where SMS_G_System_SoftwareFile.FilePath like "%\\Program Files\\Internet Explorer\\" and SMS_G_System_SoftwareFile.FileName like "iexplore.exe" and SMS_G_System_SoftwareFile.FileVersion like "9.%" and SMS_G_System_OPERATING_SYSTEM.Version like "6.1%"

Part 2: Package the MSI
Download the MSI from http://go.microsoft.com/?linkid=9787447 and create a package in SCCM containing the MSI file.  Run the following command line for the install:
msiexec.exe /i MicrosoftFixit50778.msi /qn /norestart
or
msiexec.exe /i MicrosoftFixit50778.msi /qn 
or
msiexec.exe /i MicrosoftFixit50778.msi /qn /passive

Part 3: Package a Script That Kills IE
The script I used can be downloaded here.  Extract the VBS file and package it in SCCM.  Run the following command to execute the script.If it doesn't work you can skip step coz i have found it does not kill the process from all users.

cscript.exe killIE.vbs
Part 4: Create a Task Sequence
You will want to put all the above items into a Task Sequence as it’s the simplest way to chain multiple steps together.  The Task Sequence should:
  • Stop the Internet Explorer process, iexplore.exe, from running
    IE Task Sequence Step 1
    IE Task Sequence Step 1
  • Uninstall IE 9
    IE Task Sequence Step 2
    IE Task Sequence Step 2
  • Restart the computer but provide a 60 minute warning so the user has plenty of time to save work before rebooting
    IE Task Sequence Step 3
    IE Task Sequence Step 3


    Otherwise you can also Create a task sequence like wise:
    - Restart Computer
    - Package the MSI Part 2
    - Restart Computer
Part 5: Advertise the Task Sequence
How you want to set this up is really up to the administrator.  The wizard is very flexible!  I let the Task Sequence be visible to users, meaning we selected the check box to Show Task Sequence Progress.
And you’re done!  Pat yourself on the back.  I do want to add my disclaimer that you should always test on a couple machines before advertising to a large number of computers.  Better safe than sorry!



Comments

Post a Comment

Popular posts from this blog

Java Control Panel Icon "Application Not Found"

Image
Howto: Fix the "Application not found" error in the Java Control Panel icon. These same steps may be useful for other malfunctioning Windows Control Panel icons. In Windows 7, the Java Control Panel icon may be damaged / corrupted. Attempting to launch the icon results in "Explorer.exe : Application not found". Note the generic icon: When working properly, the circled icon should look like this: This problem appears to be an artifact from previous JRE installations and Sun's installation routines were flawed. Re-installing JRE (the Java Runtime Environment) does not resolve the problem. Immediate workaround: If needed, the Java Control Panel can be manually launched using this location: C:\Program Files (x86)\Java\JRE6\bin\Javacpl.exe As a side note, when launching, other-mouse-click the .exe and choose "Run as Administrator".  Running as Administrator resolves a bug where changes in the Control Panel (especially Auto-update changes) do not stic
Read more

Enterprise CA option is greyed out / unavailable

Image
Many times, when installing Active Directory Certificate Services they cannot choose to install Enterprise Certification Authority, because it’s unavailable as in following picture: Well, you need to fulfill basic requirements: Server machine has to be a member server (domain joined). You can run an Enterprise CA on the Standard, Enterprise, or Data Center Windows Edition. The difference is the number of ADCS features and components that can be enabled. To get full functionality, you need to run on Enterprise or Data Center Windows Server 2008 /12/R2/ Editions.  In order to install an Enterprise CA, you must be a member of either Enterprise Admins or Domain Admins in the forest root domain (either directly or through a group nesting). If issue still persists, there is probably a problem with getting correct credentials of your account. There are many thing that can cause it (network blockage, domain settings, server configuration, and other issues). In all ca
Read more

Unable to connect to Wireless profile being pushed using GPO

Image
Today , some laptop users started reporting as they are unable to connect to ‘Wireless profile’ after SCEP installation has taken place. I found, most of the laptop users were having this issue. I immediately uninstalled SCEP but that didn’t help , tried removing Wi-Fi profiles under the path ‘C :\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\ Interface’ but that didn’t help too. Error - When checking event viewer, the only error that showed up is as follows 5 times in a row.          “Error skipping EAP method DLL path name validation failed. Error: typeId=25, authorId=0,vendorId=0,vendorType=0”, This error indicates a registry or missing corrupt file issue. ‘ EAPHost is a Microsoft Windows Networking component that provides an Extensible Authentication Protocol (EAP) infrastructure for the authentication of following protocols such as   802.1X   and   Point-to-Point (PPP). Cause - Symantec didn’t uninstall properly caused this issue. Resolution – After chec
Read more