Removing the SCCM Client with a GPO!

December 2, 2009

Like most of you, I find it necessary to remove programs enterprise wide. At my company we are a subsidiary of a much larger corporation. That Corporations uses SCCM, it is part of their image but after several failed Windows Updates and some long hours of fixing broken applications I had to make an executive decision. I decided that we needed to handle all our Windows updates locally as we need a process by which we can test updates prior to deployment. Long story short, we deployed WSUS and I needed to get the SCCM client removed.  This can be achieved several different ways but here were my stipulations:

  • We don’t manage the SCCM environment locally
  • I want to record which systems have the SCCM client (Just in case I need to revert)
  • I want the uninstall to be silent (no user intervention or actions)
  • I want to remove the directory completely (The uninstall does leave behind a library and Logs folder by default)
  • I don’t know VB scripting so I need to perform this in  a batch file
  • I want to deploy it via GPO to specific OU’s

Here is the method I used.

  1. Create a Batch file called “SCCM.BAT”
  2. Include the following in the batch file: (Don’t forget to enter your DC name accordingly)

@ECHO OFF

@CLS

if NOT EXIST %WINDIR%\SYSTEM32\CCM GOTO NO

if EXIST %WINDIR%\SYSTEM32\CCM (echo found SCCM – user %USERNAME% on %COMPUTERNAME%

>>\\YOUR DC NAME HERE\NETLOGON\SCCM.txt)

if EXIST %WINDIR%\SYSTEM32\CCM \\your DC name here\NETLOGON\CCMSETUP.EXE /uninstall
GOTO END

:NO

(echo SCCM NOT FOUND – user %USERNAME% on %COMPUTERNAME% >>\\your DC name here\NETLOGON\SCCM.txt)

:END

  1. Copy it to your domain controllers NETLOGON folder.
  2. Create a Group Policy Object in AD (I called mine GPO_SCCM Removal)
  3. Within the GPO navigate to USER CONFIGURATION, WINDOWS SETTINGS,  SCRIPTS and right click on LOGON. Choose Properties.
  4. Add a new script and navigate to your SCCM.bat file you created in step 1 above.
  5. Link the GPO to any OU where your USER objects and you are done. The next logon your users will get the client uninstalled. When complete you can view the text file in your domain controllers NETLOGON folder.

As an alternative you could very easily deploy this GPO by adding group membership, this way you can pick and choose who gets the client uninstalled at the user level.

For those of you who would prefer to do this through a KIX logon script you can add the following  subroutine deploys the batch via group membership at logon:

; Software install subroutine (Sample)
:SCCM
If InGroup(“SCCM”) = 1 

Use L: /DELETE /PERSISTENT
Use L: “\\your DC name here\NETLOGON” 
Run “L:\SCCM.bat”
EndIf

Return

Sorry for those of you looking for a VB script equivalency, If someone send me one, I will post it.

Posted in Uncategorized | Leave a Comment »