SCCM Script - Force Remove Flash

Well, Flash is finally dead and you probably want to get it off all your systems. Here is a script that you can use to uninstall flash and remove all leftover folders. See my post here to learn how to create and run a script in SCCM. The script leverages the uninstall tool that adobe provides here and also removes the app data folders for each user. The only thing you need to modify in this script is the source path where you put the uninstaller. You may want to re-hash the when you download it as well just in case its different than what in the script.

EDIT 3-19-21: I have run into additional permission issues on some PCs where, for some reason, ‘Trusted Installer’ is the owner of the Flash folders. Below is the updated script that handles this issue by giving ‘System’ ownership of the folder.

#Create a temp dir if its not already there and copy the uninstall tool 
$dir = "C:\temp"
mkdir $dir
robocopy "\\Put\Source\Path\Here"  "C:\temp" uninstall_flash_player.exe

#Get hash value of the file we just copied... JUUUUST in case
$hash_value = Get-FileHash -Path "C:\temp\uninstall_flash_player.exe"

#Compare the hash value and only run the exe if they match
if ($hash_value -eq "3319A87F23773CEA36181069FA0832AC1264A7D49CEA9BF7C78DA6C650871D47") {

    $acl = Get-Acl C:\Windows\SysWOW64\Macromed\Flash
    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM","FullControl","Allow")
    $acl.SetAccessRule($AccessRule)
    $acl | Set-Acl C:\Windows\SysWOW64\Macromed\Flash

    $acl = Get-Acl C:\Windows\SysWOW64\Macromed\Flash
    $object = New-Object System.Security.Principal.Ntaccount("NT AUTHORITY\SYSTEM")
    $acl.SetOwner($object)
    $acl | Set-Acl C:\Windows\SysWOW64\Macromed\Flash

    foreach($_ in (Get-ChildItem "C:\Windows\SysWOW64\Macromed\Flash" -recurse)){
        $acl = Get-Acl $_.fullname
        $object = New-Object System.Security.Principal.Ntaccount("NT AUTHORITY\SYSTEM")
        $acl.SetOwner($object)
        $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM","FullControl","Allow")
        $acl.SetAccessRule($AccessRule)
        $acl.SetAccessRuleProtection($false,$true)
        $acl | Set-Acl $_.fullname
        Set-ItemProperty $acl -name IsReadOnly -value $false
        }
    

    $acl = Get-Acl C:\Windows\system32\Macromed\Flash
    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM","FullControl","Allow")
    $acl.SetAccessRule($AccessRule)
    $acl | Set-Acl C:\Windows\system32\Macromed\Flash

    $acl = Get-Acl C:\Windows\system32\Macromed\Flash
    $object = New-Object System.Security.Principal.Ntaccount("NT AUTHORITY\SYSTEM")
    $acl.SetOwner($object)
    $acl | Set-Acl C:\Windows\system32\Macromed\Flash

    foreach($_ in (Get-ChildItem "C:\Windows\system32\Macromed\Flash" -recurse)){
        $acl = Get-Acl $_.fullname
        $object = New-Object System.Security.Principal.Ntaccount("NT AUTHORITY\SYSTEM")
        $acl.SetOwner($object)
        $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM","FullControl","Allow")
        $acl.SetAccessRule($AccessRule)
        $acl.SetAccessRuleProtection($false,$true)
        $acl | Set-Acl $_.fullname
        Set-ItemProperty $acl -name IsReadOnly -value $false
        }

    #Run the uninstall too silently
    cmd /c "C:\temp\uninstall_flash_player.exe /uninstall"

    #Remove system folders that get left behind from the uninstall tool
    Remove-Item -Path "C:\Windows\system32\Macromed\Flash" -Recurse -Force -Confirm:$false
    Remove-Item -Path "C:\Windows\SysWOW64\Macromed\Flash" -Recurse -Force -Confirm:$false

    #Get all users
    $users = Get-ChildItem -Path "C:\users\" | Select-Object -ExpandProperty name

    #Loop through all use
    foreach ($user in $users) {        
        Remove-Item -Path "C:\users\$user\AppData\Roaming\Adobe\Flash Player" -Recurse -Force -Confirm:$false
        Remove-Item -Path "C:\users\$user\AppData\Roaming\Macromedia\Flash Player" -Recurse -Force -Confirm:$false           
    }
}

#Remove the uninstall tool since we are done with it
Remove-Item -Path "C:\temp\uninstall_flash_player.exe" -Force -Confirm:$false

3 thoughts on “SCCM Script – Force Remove Flash”

Albert says:

February 11, 2021 at 12:30 pm

This script is great. I have a question about permissions. The folders/files that it removes are protected by Windows ACL’s. Do you have a workaround for this?
1. Skylar Pearce says:
  
  March 19, 2021 at 7:59 am
  
  I do actually! I’m updating the post with some more ACL stuff. For some reason some of the machines I ran this on the C:\system32\macromed\flash folder had the owner set as ‘trusted installer’ so I had to update the script to take that ownership back. This newer version takes care of the permission issues I have run into so far
Dominic says:

May 25, 2021 at 12:54 pm

This is great. Thank you! I have some batch files with SCCM that I use cmd.exe %dp0 this specifies cmd to use the directory it was launched from, for example c:\windows\ccmcache\e\script.bat. I have seen that this is the equivalent in in PowerShell to be $PSScriptRoot . Have you ever tried this, it would save from specifying a network share. I am going to give it a shot with your sweet script. Thanks for posting this!!

Comments are closed.