App uninstall requiring admin rights but app is installed in user app data

The Toolkit General Discussion
1

Relatively new user to the tool but have used sucessfully to both install and uninstall apps via Intune.

We have an app that users have installed themselves without needing admin rights (in to user profile/app data) and we want to remove it. However when attempting via PSADT or just add/remove programs the same app required admin rights for removal.

So running the Uninstall-adtapplication as user finds the app but then complains it needs admin to uninstall
Running as admin would therefore fix this but then running as admin/system cannot find the application.

Is there an easy way to detect the app for the logged in user but then run the uninstallation part as system/admin?
Many thanks

2

I've seen this before on some of our apps. :exploding_head:
This is sadly down to vendors not acknowledging that security best practice means that normal users do not have admin rights on their device, this causes their customers being unable to properly manage the vendors badly written application. :face_with_symbols_on_mouth:
Which app is this?

3

Its an app called WPS office

I know the best method is to have applocker so people cannot install anything other than through approved channels but thats a different topic but would like to pull it off any that have installed it.

4

If you know the user that has it installed, you could run the uninst.exe from the users profile path (as Admin):

& "$env:USERPROFILE\AppData\Local\Kingsoft\WPS Office\[Version]\utility\uninst.exe" -s

* Obviously replacing $env:USERPROFILE with the affected users Profile path and [Version] with the product version

5

Unfortunately its approx 50 users so I'd need to make it user independent but can possibly do something to loop through the user profiles on the device possibly. I was going to try using the get logged on user function in PSADT but don't think it would pick up the user when run as system.

Hate apps like this!

6

Does the app have a uninstall string located in the HKCU hive?

1 Like
7 
$local_key = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*'
$envUserStartMenuPrograms = [Environment]::GetFolderPath('Programs')
$UninstallString = Get-ItemProperty -Path "$local_key" -ErrorAction 'SilentlyContinue' | ? { ($_.UrlUpdateInfo -eq "someurl") } | Select-Object UninstallString
cmd /c $UninstallString.UninstallString
$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -match "App Name" }
if ($app -ne $null) {
	$app.Uninstall()
Remove-Item -Path "$envUserStartMenuPrograms\app folder" -Force -Recurse -ErrorAction SilentlyContinue} 
else {
	Write-Output "Application not found."
}

The above was done by me before we had the get-adtapplication cmdlet to remove a troublesome clickonce installer that had a specific url to uninstall.

Might give you some pointers.

1 Like