This worklet uninstalls Microsoft Team and cleans up as recommended by Microsoft:
Evaluation:
# Define desired registry settings
$regPath = "software\Microsoft\Office\Teams"
# Get User details including SID from Get-LocalUser
$users = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount = 'True'"
# Add HKEY_USERS to a PSDrive for easy access later
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS -ErrorAction SilentlyContinue | Out-Null
$nonCompliant = @()
# Loop through the list of users to check each for compliance
foreach ($user in $users) {
# Retrieve SIDs for each user
$sid = $user.SID
$name = $user.Name
# Load Registries for users, if ntuser.dat exists
# this prevents us from attempting to load Administrator and similar accounts
if (Test-Path "C:\Users\$name\ntuser.dat") {
# Load user's ntuser.dat into the registry
& reg load "HKU\$sid" "C:\Users\$name\ntuser.dat" | Out-Null
# If this value doesn't match the desired value, add the user name to nonCompliant list
If (Test-Path ("HKU:\$sid\$regPath")) {
$nonCompliant += $name
}
}
}
# Clean-up the PSDrive
Remove-PSDrive -Name HKU
# If any users are non-compliant, "Exit 1" to flag remediation. Else "Exit 0" for Compliant
if ($nonCompliant.Count -gt 0) {
Exit 1
} else { Exit 0}
Remediation:
# Define paths
$localPath = (Get-WmiObject -Class Win32_UserProfile -Filter "Special = $false" -ErrorAction Stop).LocalPath + "\AppData\Local"
$TeamsPath = [System.IO.Path]::Combine($localPath, 'Microsoft', 'Teams')
$TeamsUpdateExePath = [System.IO.Path]::Combine($localPath, 'Microsoft', 'Teams', 'Update.exe')
# Define uninstall command for task scheduler
$appName = 'Teams Machine-Wide Installer'
$execute = "$TeamsUpdateExePath"
$arg = "-uninstall -s"
# Current user info
$currentUsr = (Get-WmiObject -class win32_process -ComputerName 'localhost' | Where-Object name -Match explorer).getowner().user | Select-Object -First 1
# Close Teams if running
Stop-Process -Name Teams -Force
# Create, run, then delete the uninstall scheduled task
$time = (Get-Date).AddSeconds(30)
$triggerAt = New-ScheduledTaskTrigger -At $time -Once
$action = New-ScheduledTaskAction -Execute $execute -Argument $arg
Register-ScheduledTask -TaskName "Uninstall $appName" -Trigger $triggerAt -Action $action -User $currentUsr
Start-Sleep 90
Unregister-ScheduledTask -TaskName "Uninstall $appName" -Confirm:$false
$uninstalled = Test-Path "C:\Users\$currentUsr\AppData\Local\Microsoft\Teams\.dead"
# Cleanup if Teams is uninstalled
If ($uninstalled) {
Write-Output "Cleanup process started..."
# Delete the Team directory recursively
Remove-Item C:\Users\$currentUsr\AppData\Local\Microsoft\Teams* -Force -Recurse
# Script block to remove "Teams" registry entry required for the uninstall
# Define desired registry setting
$regPath = "software\Microsoft\Office\Teams"
# Get User details including SID from Get-LocalUser
$users = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount = 'True'"
# Add HKEY_USERS to a PSDrive for easy access later
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS
foreach ($user in $users) {
# Retrieve SIDs for each user
$sid = $user.SID
$name = $user.Name
# Load Registries for users, if ntuser.dat exists
# this prevents us from attempting to load Administrator and similar accounts
if (Test-Path "C:\Users\$name\ntuser.dat") {
# Load user's ntuser.dat into the registry
& reg load "HKU\$sid" "C:\Users\$name\ntuser.dat"
# Create Value
Remove-Item -Path "HKU:\$sid\$regPath"
}
}
Remove-PSDrive -Name HKU
}
else
{ Write-Output "Teams is still installed... No Cleanup" }