I deployed recently an update for IE6 to IE7 and learned the hard way that some webtools that we're using aren't compatible. Is there a server-side way to do a mass uninstall of IE7 and its updates?
I am using Windows 2008 on the DC.
Thanks
Asked
Active
Viewed 227 times
2 Answers
3
The "easiest" way would be to use the same mechanism used to roll out the update. Most central software deployment utilities and patch management servers allow you to roll back updates (this, of course, depends on how much you trust the IE7 uninstaller, but for argument's sake, let's assume that it always works flawlessly).
So, for example, if you updated your systems using WSUS, then you could simply roll back all of the updates from the WSUS server. If, however, you updated IE7 directly on each machine (e.g. through Windows Update), then you could write a short script (VBScript, AutoIt, Powershell, CMD... pick your poison...) to run the IE7 uninstaller and deploy that script via a Group Policy.
Whichever way that you do it, though, you will need to make sure that your scripts do a few things before attempting the uninstall. I would highly recommend performing the uninstall in safe mode, since the uninstaller for IE does not play well with many antivirus utilities and numerous other pieces of software.
Script 1 (pre-uninstallation, deployed by AD/GP):
- Set the value of "
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InstalledByUser" to 0 (this will prevent the "...must be uninstalled by the user that installed..." error) - Use
BootCfgto add an entry toboot.inito force the machine to boot into Safe Mode with Networking by default - Configure the machine to automatically log in on boot with the local administrator account
- Add an entry to the RunOnce key for the aforementioned administrator to run a second script (below) that will perform the uninstallation.
- Schedule a forced shutdown and restart for 2 minutes from the current time (which will override the next step if it hasn't already happened) using something like
shutdown -r -f -t 0 - Issue a "nice" shutdown and restart.
Script 2 (uninstallation):
- Run the uninstallers (using the silent / quiet option) for each of the patches (and wait for each to complete before running the next one)... the commands for each will be in the uninstall key in the registry.
- Run the uninstaller (again, silent mode) for IE7 (and wait for completion):
%windir%\ie7\spuninst\spuninst.exe /quiet - Remove the automatic login configuration.
- Use BootCfg to change the boot.ini back to the original configuration ("normal" boot).
- Issue a forced shutdown and restart.
Due to the intrusive nature of this uninstallation, you'll need to schedule this carefully with your users.
And finally, be sure to test the whole procedure a few times, throwing as many "real-world" scenarios as you can think of in your environment that could get in the way of the deployment running as expected.
Jessica McKinnon
- 1,505
- 8
- 9
-
2Oh, and some other suggestions: make peace with your deity / force of choice, and make sure that your résumé is up-to-date... – Jessica McKinnon Sep 10 '09 at 15:36
1
Well according to MS running this on the machines affected should uninstall IE 7 and put IE 6 back:
%windir%\ie7\spuninst\spuninst.exe /quiet
If you did this from WSUS or SUS you could also create a new empty advertisement that just runs the above command. I do suggest trying this out on one of the impacted machines before rolling it out company wide though :-)
Josh Budde
- 2,378
- 14
- 7