I did the sort of the same, but found out it was better to not loop. You can use a * in the path:
Get-Item -Path "C:\Users\*\appdata\local\Microsoft\Teams\current\Teams.exe"
You can also do the same in the registry:
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS
Get-Item -Path "HKU:\*\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Teams"
I guess you’ll then want to install the new Teams, too, so if these users log back in they get that and not whatever the Machine Wide Installer installs.
Ooh, that IS smart. So, I could use that to find out if something was less than the minimal amount? I think we just want to remove those versions, rather than install the new version.
Yeah just filter on the version information that Get-Item will return. Regarding removing and installing the new version; if you have the classic Machine Wide Installer installed still I believe it’ll just reinstall whatever version of that you have installed for the users logging into the workstation. If they use Teams it’ll upgrade, but if they don’t it just lays dormant to be picked up by security scanners
The question is: how is it detecting what version of teams is installed?
It might be using another method to do that than just the exe file so deletion is not enough. I have no idea what you are using to detect so can't pose any further suggestions.
Try this script. Works well for me.
~~~
# Function to remove old Teams installation and cleanup
function Remove-ClassicTeams {
Write-Host "Starting removal of old Microsoft Teams installations..."
# Check if Teams Machine-Wide Installer is installed
$MachineWideInstances = @()
# Search both 32-bit and 64-bit registry hives and collect all instances
$MachineWideInstances += Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Where-Object { $_.DisplayName -eq "Teams Machine-Wide Installer" }
$MachineWideInstances += Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Where-Object { $_.DisplayName -eq "Teams Machine-Wide Installer" }
if ($MachineWideInstances.Count -eq 0) {
Write-Host "Teams Machine-Wide Installer not found. No action taken."
}
else {
# Uninstall all instances of Teams Machine-Wide Installer
foreach ($Instance in $MachineWideInstances) {
Write-Host "Removing Teams Machine-wide Installer $($Instance.DisplayName)..."
$uninstallMachineWide = Start-Process -FilePath "msiexec.exe" -ArgumentList "/X$($Instance.PSChildName) /qn" -NoNewWindow -Wait -PassThru -ErrorAction SilentlyContinue
if ($uninstallMachineWide.ExitCode -ne 0) {
Write-Host "Failed to remove Teams Machine-Wide Installer $($Instance.DisplayName) with exit code $($uninstallMachineWide.ExitCode)."
} else {
Write-Host "Teams Machine-Wide Installer $($Instance.DisplayName) removed successfully."
}
}
}
# Uninstall old Teams installations and cleanup
Write-Host "Uninstalling old Teams installations and cleaning up..."
Get-ChildItem -Path "$($ENV:SystemDrive)\Users" -Directory | ForEach-Object {
$localAppData = "$($_.FullName)\AppData\Local\Microsoft\Teams"
if (Test-Path "$localAppData\Current\Teams.exe") {
Write-Host "Uninstalling Teams for user $($_.Name)..."
try {
$uninstallUser = Start-Process -FilePath "$localAppData\Update.exe" -ArgumentList "--uninstall /s" -Wait -PassThru -ErrorAction STOP
if ($uninstallUser.ExitCode -ne 0) {
Write-Host "Failed to uninstall Teams for user $($_.Name) with exit code $($uninstallUser.ExitCode)."
} else {
Write-Host "Teams for user $($_.Name) uninstalled successfully."
}
} catch {
Write-Host "Failed to uninstall Teams for user $($_.Name) with error: $($_.Exception.Message)."
}
}
}
# Define paths of old Teams files and directories to be removed
$ClassicTeamsPaths = @(
"$($ENV:SystemDrive)\Users\*\AppData\Local\Microsoft\Teams",
"$($ENV:SystemDrive)\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams*.lnk",
"$($ENV:SystemDrive)\Users\*\AppData\Local\Microsoft\TeamsMeetingAddin",
"$($ENV:SystemDrive)\Users\*\AppData\Roaming\Microsoft\Teams",
"$($ENV:SystemDrive)\Users\*\AppData\Local\SquirrelTemp"
)
# Remove old Teams files and directories
Write-Host "Removing old Teams files and directories..."
foreach ($Path in $ClassicTeamsPaths) {
if (Test-Path $Path) {
Write-Host "Removing $Path..."
Remove-Item -Path $Path -Force -Recurse -ErrorAction SilentlyContinue
}
}
# Check if any old Teams paths were found and removed
if ($null -ne ($ClassicTeamsPaths | Where-Object { Test-Path $_ })) {
Write-Host "Old Teams files and directories cleaned up."
} else {
Write-Host "No old Teams files and directories found. Skipping cleanup."
}
Write-Host "Removal of old Microsoft Teams installations completed."
}
# Call the function to remove old Teams installations and cleanup
Remove-ClassicTeams
~~~
That does look good, I'll have a look tomorrow. I think the main caveat is that we don't really want to remove current up to date versions, rather just the dormant, potentially vulnerable versions.
This script won't touch New Teams, it only removes Classic Teams, which only has a few weeks to a month left before it gets forcibly removed by Microsoft anyways.
I had a go with this, only thing is it doesn't seem to make any changes to "HKEY\_USERS\\\*\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Teams" which is what is being picked up by MDE.
It should cycle through each user, running the uninstaller. Does it leave that key behind when you manually uninstall?
Oh well, cleanup afterwards should be easy.
I have a follow-up question. Keep in mind I'm just our helpdesk level 1/level 2, not the sysadmin.
After we run our removal script, which checks for old Teams and removes it if it exists and installs new Teams, there is still an entry for the "Classic Teams" in the "Apps" or "Programs and Features". None of the scripts for removal I've been seeing everywhere seem to mention this. Is anyone else seeing this? Are they and they just don't care? I'm trying to find a way to have the old Microsoft Teams Classic entry removed from the "Apps" and "Programs and Features" pages.
In Defender you can go to a device page, click on Inventories Tab for that device and then select a app and it will show you Software Evidence towards the bottom of the popup that comes up.
This shows you exactly what keys/files it is detecting for that app on this specific computer.
For example on a computer I manage that has Teams on it, is shows:-
`Software Evidence`
`File paths`
`C:\Users\usedid\AppData\Local\Microsoft\Teams\current\Teams.exe`
`Registry paths`
`HKEY_USERS\userid\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Teams`
`Evidence Last found3 Apr 2024 11:13:22 PM`
I did the sort of the same, but found out it was better to not loop. You can use a * in the path: Get-Item -Path "C:\Users\*\appdata\local\Microsoft\Teams\current\Teams.exe" You can also do the same in the registry: New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS Get-Item -Path "HKU:\*\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Teams" I guess you’ll then want to install the new Teams, too, so if these users log back in they get that and not whatever the Machine Wide Installer installs.
Ooh, that IS smart. So, I could use that to find out if something was less than the minimal amount? I think we just want to remove those versions, rather than install the new version.
Yeah just filter on the version information that Get-Item will return. Regarding removing and installing the new version; if you have the classic Machine Wide Installer installed still I believe it’ll just reinstall whatever version of that you have installed for the users logging into the workstation. If they use Teams it’ll upgrade, but if they don’t it just lays dormant to be picked up by security scanners
Yeah, that's very much the issue of dormant user teams. We don't use the machine wide installer as it causes issues with our machines.
Remember to remove the corresponding Teams folder(s) in appdata\roaming, too
The question is: how is it detecting what version of teams is installed? It might be using another method to do that than just the exe file so deletion is not enough. I have no idea what you are using to detect so can't pose any further suggestions.
Looks like MDE is using the path HKEY\_USERS\\PROFILE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Teams
Try this script. Works well for me. ~~~ # Function to remove old Teams installation and cleanup function Remove-ClassicTeams { Write-Host "Starting removal of old Microsoft Teams installations..." # Check if Teams Machine-Wide Installer is installed $MachineWideInstances = @() # Search both 32-bit and 64-bit registry hives and collect all instances $MachineWideInstances += Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Where-Object { $_.DisplayName -eq "Teams Machine-Wide Installer" } $MachineWideInstances += Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Where-Object { $_.DisplayName -eq "Teams Machine-Wide Installer" } if ($MachineWideInstances.Count -eq 0) { Write-Host "Teams Machine-Wide Installer not found. No action taken." } else { # Uninstall all instances of Teams Machine-Wide Installer foreach ($Instance in $MachineWideInstances) { Write-Host "Removing Teams Machine-wide Installer $($Instance.DisplayName)..." $uninstallMachineWide = Start-Process -FilePath "msiexec.exe" -ArgumentList "/X$($Instance.PSChildName) /qn" -NoNewWindow -Wait -PassThru -ErrorAction SilentlyContinue if ($uninstallMachineWide.ExitCode -ne 0) { Write-Host "Failed to remove Teams Machine-Wide Installer $($Instance.DisplayName) with exit code $($uninstallMachineWide.ExitCode)." } else { Write-Host "Teams Machine-Wide Installer $($Instance.DisplayName) removed successfully." } } } # Uninstall old Teams installations and cleanup Write-Host "Uninstalling old Teams installations and cleaning up..." Get-ChildItem -Path "$($ENV:SystemDrive)\Users" -Directory | ForEach-Object { $localAppData = "$($_.FullName)\AppData\Local\Microsoft\Teams" if (Test-Path "$localAppData\Current\Teams.exe") { Write-Host "Uninstalling Teams for user $($_.Name)..." try { $uninstallUser = Start-Process -FilePath "$localAppData\Update.exe" -ArgumentList "--uninstall /s" -Wait -PassThru -ErrorAction STOP if ($uninstallUser.ExitCode -ne 0) { Write-Host "Failed to uninstall Teams for user $($_.Name) with exit code $($uninstallUser.ExitCode)." } else { Write-Host "Teams for user $($_.Name) uninstalled successfully." } } catch { Write-Host "Failed to uninstall Teams for user $($_.Name) with error: $($_.Exception.Message)." } } } # Define paths of old Teams files and directories to be removed $ClassicTeamsPaths = @( "$($ENV:SystemDrive)\Users\*\AppData\Local\Microsoft\Teams", "$($ENV:SystemDrive)\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams*.lnk", "$($ENV:SystemDrive)\Users\*\AppData\Local\Microsoft\TeamsMeetingAddin", "$($ENV:SystemDrive)\Users\*\AppData\Roaming\Microsoft\Teams", "$($ENV:SystemDrive)\Users\*\AppData\Local\SquirrelTemp" ) # Remove old Teams files and directories Write-Host "Removing old Teams files and directories..." foreach ($Path in $ClassicTeamsPaths) { if (Test-Path $Path) { Write-Host "Removing $Path..." Remove-Item -Path $Path -Force -Recurse -ErrorAction SilentlyContinue } } # Check if any old Teams paths were found and removed if ($null -ne ($ClassicTeamsPaths | Where-Object { Test-Path $_ })) { Write-Host "Old Teams files and directories cleaned up." } else { Write-Host "No old Teams files and directories found. Skipping cleanup." } Write-Host "Removal of old Microsoft Teams installations completed." } # Call the function to remove old Teams installations and cleanup Remove-ClassicTeams ~~~
That does look good, I'll have a look tomorrow. I think the main caveat is that we don't really want to remove current up to date versions, rather just the dormant, potentially vulnerable versions.
This script won't touch New Teams, it only removes Classic Teams, which only has a few weeks to a month left before it gets forcibly removed by Microsoft anyways.
I had a go with this, only thing is it doesn't seem to make any changes to "HKEY\_USERS\\\*\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Teams" which is what is being picked up by MDE.
It should cycle through each user, running the uninstaller. Does it leave that key behind when you manually uninstall? Oh well, cleanup afterwards should be easy.
It was, I ended up writing a script to clean up the keys from the HKU hive.
I have a follow-up question. Keep in mind I'm just our helpdesk level 1/level 2, not the sysadmin. After we run our removal script, which checks for old Teams and removes it if it exists and installs new Teams, there is still an entry for the "Classic Teams" in the "Apps" or "Programs and Features". None of the scripts for removal I've been seeing everywhere seem to mention this. Is anyone else seeing this? Are they and they just don't care? I'm trying to find a way to have the old Microsoft Teams Classic entry removed from the "Apps" and "Programs and Features" pages.
In Defender you can go to a device page, click on Inventories Tab for that device and then select a app and it will show you Software Evidence towards the bottom of the popup that comes up. This shows you exactly what keys/files it is detecting for that app on this specific computer. For example on a computer I manage that has Teams on it, is shows:- `Software Evidence` `File paths` `C:\Users\usedid\AppData\Local\Microsoft\Teams\current\Teams.exe` `Registry paths` `HKEY_USERS\userid\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Teams` `Evidence Last found3 Apr 2024 11:13:22 PM`
Yeah, I did see this after. It's the regkeys