Remove XPS Viewer
Log In or Register to download the BES file, and more.

0 Votes

Description


Property Details

ID648
TitleRemove XPS Viewer
DomainBESC
CategoryCommon Tasks
Download Size0
Sourcedanielheth@bigfix.me
Source ID<Unspecified>
Source Severity<Unspecified>
Source Release Date4/21/2011 12:00:00 AM
KeywordsWindows Feature
Is TaskTrue
Added by on 10/30/2012 2:53:07 PM
Last Modified by on 10/30/2012 2:53:07 PM
Counters 2177 Views / 6 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 9 fixlets and 4 analyses   * Results in a true/false
Show indented relevance
name of operating system as string contains "Win"
Used in 11 fixlets and 5 analyses   * Results in a true/false
Show indented relevance
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1" whose (value "Install" of it as integer = 1) of registry
Used in 3 fixlets   * Results in a true/false
Show indented relevance
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine" whose (value "PowerShellVersion" of it as string as version >= "2.0") of registry

Actions

Action 1 (default)

Action Link Click  here  to deploy this action.
Script Type BigFix Action Script
//============================================================================
//PowerShell Script...
//
//1. Save old ExecutionPolicy value
parameter "PolicyExisted"="{exists value "ExecutionPolicy" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of (if exists x64 registry then x64 registry else registry)}"
parameter "oldExecutionPolicy"="{if (parameter "PolicyExisted" as boolean) then (value "ExecutionPolicy" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of (if exists x64 registry then x64 registry else registry) as string) else ""}"
//2. set to ExecutionPolicy=Unrestricted and Pull PowerShell exe from registry... if 64bit then pull PowerShell x64
if {x64 of operating system}
    regset64 "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"="Unrestricted"
    parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of x64 registry}"
else
//we need to determine what the current execution policy is so we can put it back when we're done.
    regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"="Unrestricted"
    parameter "PowerShellexe"="{value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of registry}"
endif
//3. Create PowerShell script and save to a ps1 file
delete __appendfile
delete script.ps1
createfile until END
Import-Module c:\windows\system32\WindowsPowerShell\v1.0\Modules\ServerManager
New-Item c:\temp\new_file.txt -type file
#Remove-XPS Viewer - no reboot required
$XPS = Get-WindowsFeature XPS-Viewer
if ($XPS.Installed -eq "True")
{
    Write-Host ""
    Write-Host "Removing XPS Viewer"
    Remove-WindowsFeature XPS-Viewer
    Add-Content c:\temp\new_file.txt "XPS Viewer Uninstalled"
}
else
{
    Add-Content c:\temp\new_file.txt "XPS Viewer Not Installed"
}
END
move __createfile script.ps1
//4. Execute PowerShell with ps1 script file
action uses wow64 redirection false
waithidden "{parameter "PowerShellexe"}" -file "{pathname of client folder of current site}\script.ps1"
action uses wow64 redirection {x64 of operating system}
//5. Restore ExecutionPolicy back
if {x64 of operating system}
    if {parameter "PolicyExisted" as boolean}
        regset64 "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"="{parameter "oldExecutionPolicy"}"
    else
        regdelete64 "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"
    endif
else
    if {parameter "PolicyExisted" as boolean}
        regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"="{parameter "oldExecutionPolicy"}"
    else
        regdelete "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]" "ExecutionPolicy"
    endif
endif
//============================================================================
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
jgstew -
Here is mention from 2008: http://blogs.msdn.com/b/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspx
jgstew -
This talks about one method: http://obscuresecurity.blogspot.com/2011/08/powershell-executionpolicy.html but a commenter on that blog post states: Just start your script like this: powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File C:\myscript.ps1
jgstew -
That would be a significant simplification.
danielheth -
Does that apply only to a particular version of powershell? or will that will with PS1 and PS2?
BrianK -
Thank you for these examples. I have been working with BigFix and PowerShell for years now, but hadn't ventured down the road of combining them. One thing I discovered when experimenting with this was the command line switch "-ExecutionPolicy Bypass" for powershell.exe. If you use it when executing your script, it entirely ignores the ExecutionPolicy of the machine. This saves you from having to run parts 1 and 4 of this example script.