Introduction
Long story short, using Zoom these days for video conferencing , meetings, webinars and so on, is quite popular. However, Zoom has also received a lot of critique for being insecure, which has resulted in several articles on the topic.
For your reference, here’s a few of the articles:
- https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/
- https://betanews.com/2020/04/04/zoom-china/
The Zoom installation has the ability to be installed in the current user’s profile (consumer download), as well as onto the local machine in programfiles(x86) (enterprise download). This makes for some annoying situations, coming from an enterprise point of view, if and when you are asked to promptly uninstall all Zoom applications again (due to above reasons).
So I put together a Powershell script which can be run as SYSTEM with Configuration Manager. The script will find all installed Zoom applications, whether they are installed locally or in the user’s profile, and uninstall them automatically.
Powershell
The script can be found on my GitHub page: https://github.com/imabdk/Powershell/blob/master/Uninstall-EverythingZoom.ps1
The length of the script might be intimidating, but have no fear. The most lengthy part, is the function which enables you to invoke the logged on user’s context coming from SYSTEM. I needed this, so I could remove everything coming from the same script.
Thank you @Michael Mardahl: https://github.com/mardahl/MyScripts-iphase.dk/blob/master/function_executeAsLoggedOnUser.ps1
Configuration Manager
Package and Program
Use the script in a regular package with a program running the script:
- powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File .\Uninstall-EverythingZoom.ps1
Finding Zoom installations
You will also need to be able to find devices where Zoom are installed. Some of the installations are inventoried with hardware inventory, some of them are not.
Use this snippet of Powershell to find either, assuming they at least are registered with the Windows installer:
$ZoomInstalledHKCU = Get-ChildItem -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall -Recurse | Get-ItemProperty | Where-Object {$_.Publisher -like "Zoom*" } | Select-Object Displayname,UninstallString
$ZoomInstalledHKLM = Get-ChildItem -Path HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall -Recurse | Get-ItemProperty | Where-Object {$_.Publisher -like "Zoom*" } | Select-Object Displayname,UninstallString
if (($ZoomInstalledHKCU) -OR ($ZoomInstalledHKLM)) {
Write-Output "INSTALLED"
}
else {
Write-Output "NOT-INSTALLED"
}
Configuration Item
Use above snippet of Powershell with a Configuration Item to locate devices with Zoom applications installed.
Below illustrations are the configuration taken from my environment.
Running the Script
Running the script manually for testing purposes can be done via psexec.exe.
See below illustration for inspiration, also showcasing that Zoom Outlook plugin as well as plugin for Skype for Business is being uninstalled.
ENJOY 🙂
Thx for script 😉 It will be very usefull.
One more point;
It is better to define user profile path as variable, or detect it from registry. For some environment, user profiles are not in C drive, maybe in D or E drives etc.
Valid point. I will make some changes to the script when I revisit it 🙂
unable to understand the package creation step please elaborate the package creation step.
Top
Hi Martin,
How can I run the script just to pull a list of devices having Zoom installed?
Thanks
You will need to create a Configuration Item as well as a Configuration Baseline, and based off of the deployment of the CB, you will be able to create further collections which will contain a full list of devices where Zoom is installed. (whether that be installed in the user’s profile or in programfiles).
Let me know if this needs further elaboration 🙂
Hello, Martin
Please elaborate, I’m not a “boss” on “Configuration Items” & “Configuration Baselines” yet 🙂
Ouch, I would think elaborating on everything around CIs and CBs will take more than a comment. What do you need specifically? My CI and CB for this topic? If so, please send me an email on mab@imab.dk and I’ll send you mine (an exported copy) 🙂
I’ve verified everything with this in my environment (thanks so much for the CB and script!) but I can’t seem to get the package to run properly – I get an error when I run it – 0xFFFD0000(-196608) – I think I did everything correct except resolve this error, which seems to be some sort of file path running error
As it turned out, 0xFFFD0000 is not a script error, but a path error. I recently changed a folder name where the script was located. So it was a simple path error.
Is there any way you could show how you set up your script path to run in the Package and Program step? I’m not sure if I’m selecting the right options in there and its hard to find information about how to properly set that step up.
Thanks!
Hi, I am trying to use your powershell Zoom script. I tested it on a fast push script to a particular device after adding the script to SCCM. Results of script seem encouraging.
VERBOSE: Script is running
VERBOSE: Running Uninstall-ZoomLocalMachine function
VERBOSE: No Zoom applications found in HKLM
VERBOSE: Running Uninstall-ZoomCurrentUser function
VERBOSE: Registry path not found for user: localonly
VERBOSE: Registry path not found for user: Administrator
VERBOSE: Registry path not found for user: ENGL_Installer
VERBOSE: Registry path not found for user: jdtest
VERBOSE: Registry path not found for user: su-cmelay
VERBOSE: Registry path not found for user: su-jdeering
VERBOSE: Installed Zoom applications found in HKCU for user: su-ispencer
VERBOSE: Uninstalling application: Zoom as the logged on user: su-ispencer (is that the problem?)
VERBOSE: Script is done running
However it doesn’t actually run the un-install and application remains. I added the script as a Program on a computer not device and guessed most of the settings in there. On setting in there was run with Admin rights and I did that ? Can you help with where to look for problems please?
Many Thanks Ian Spencer
Hi, is the user in question actually logged into Windows? The script might find the Zoom application installed for the user, but the Zoom uninstaller probably need the user’s context in order to run. 🙂
Sorry to dig up an old post but I also added it to scripts to test on my machine.
I can run via psexec and it works. then I reinstalled zoom and tried running from sccm scripts which does not work.
I even added whoami to the end of the script that is run on the remote system and I can see it returns as system in the sccm console but it does not uninstall for the logged in user (which was myself in this case).
Just providing more info.
I will follow your guide then keep you posted shortly
For a machine with multiple user profiles etc is there any implications? Will is recursively check each users appdata folder? Or does it need to run ‘If user is logged on’?
Disregard, I read thru the script and found my answer.
Uninstall-ZoomCurrentUser : Failed to uninstall application: Zoom for user: xxx
At C:\Windows\Temp\Uninstall-EverythingZoom.ps1:427 char:5
+ Uninstall-ZoomCurrentUser
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Uninstall-ZoomCurrentUser
Trying to run it through SCCM also tried locally get this error
Are you running the script as the logged on user? (user rights in configmgr terms). If so, this will fail, as the uninstall is relying on coming from SYSTEM context. You should run this with administrative rights, and if run manually directly on your computer, you should run this with PSEXEC.EXE 🙂
I will that.
command line:
“C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe” -ExecutionPolicy Bypass -NoLogo -NoProfile -File Uninstall-EverythingZoom.ps1
still getting this error
Uninstall-ZoomCurrentUser : Failed to uninstall application: Zoom for user: xxx
At C:\Windows\Temp\Uninstall-EverythingZoom.ps1:427 char:5
+ Uninstall-ZoomCurrentUser
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Uninstall-ZoomCurrentUser
installed as admin and local user same thing using SCCM
Are you using psexec as suggested? I have a feeling that you don’t 🙂
that is a ps tool that is not on all the windows 10 machines. How would you call it in sccm? Put it in the folder in SCCM and run program first in the delployment? What would it look like in SCCM?
psexec let you test this manually, as system context is required. This is always a handy tool when troubleshooting configmgr related deployments. You don’t use psexec with the actual deployment in configmgr, but you use psexec manually when things are not working as expected.
Why not just deploy a script line without files;
like
wmic product where “name like ‘%%Zoom%%'” call uninstall
Because WMI is slooooow as fuck. You can obviously do whatever you prefer. I tried WMI, and depending on how many products the device already had installed, the lookup took ages. Not to my liking. Also, not much error handling in that one line to cater for various situations. 🙂
How could i create script and baseline to remove the one drive application. We have almost 1000 system which have outdated one drive installed, each system having multiple user profile configured. Could you suggest me script to remove the application from those user profile as well as current user profile.
How could i do it through baseline? Please assist.
I’m trying to uninstall the One Drive application, so i just changes the name. But script doesn’t seem to work.
Could you please assist, getting following error
PS C:\temp> .\OneDriveUninstall.ps1 VERBOSE: Script is running
VERBOSE: Something went wrong during running of the script
VERBOSE: Script is done running
Thanks for sharing this information!
Is there a way to make the user-based uninstall section silent? I’ve not found a way to do this.
The installer simply doesn’t have a silent option 🙁
Tried it with psexec but it did not find any users. Managed to figure it out. We have Azure AD users which have a different SID so I added that one as well to $userProperties
So this works with both Onsite AD and Azure AD users:
$userProfiles = Get-ItemProperty “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*” | Where-Object {($_.PSChildName -match “S-1-12-1-(\d+-?){4}$” -or $_.PSChildName -match “S-1-5-21-(\d+-?){4}$”)} | Select-Object @{Name=”SID”; Expression={$_.PSChildName}}, @{Name=”UserHive”;Expression={“$($_.ProfileImagePath)\NTuser.dat”}}
Should be “so I added that one as well to $userProfiles”
Good afternoon, I need to uninstall the Yahoo Search Set software via Configuration Manager, but some tests and it didn’t work, could I help. https://www.shouldiremoveit.com/Yahoo-Search-Set-159048-program.aspx
Hi Martin, I’ve managed to successfully deploy the script as a package from SCCM and it works well for any Windows 10 devices but fails on Windows 8.1:
VERBOSE: Script is running
VERBOSE: Running Uninstall-ZoomLocalMachine function
VERBOSE: No Zoom applications found in HKLM
VERBOSE: Running Uninstall-ZoomCurrentUser function
VERBOSE: Registry path not found for user: jf1000-ha
VERBOSE: Installed Zoom applications found in HKCU for user: aat123
VERBOSE: Uninstalling application: Zoom as the logged on user: aat123
PS>TerminatingError(): “Method invocation failed because [System.CodeDom.Compiler.CompilerParameters] does not contain a method named ‘new’.”
Uninstall-ZoomCurrentUser : Failed to uninstall application: Zoom for user:
aat123
At C:\WINDOWS\ccmcache\16\Uninstall_All_Zoom.ps1:427 char:5
+ Uninstall-ZoomCurrentUser
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorExcep
tion
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorExceptio
n,Uninstall-ZoomCurrentUser
VERBOSE: Registry path not found for user: jf1000
VERBOSE: No Zoom applications found in HKCU for user: user4
VERBOSE: Script is done running
**********************
Could this be a PowerShell version issue or .Net perhaps?