If you are reading this, chances are you have just received a shipment from the DFE of Lenovo 100e 81M8 laptops, yet without an ethernet port, a quick re-image over PXE is out of the question.
Fortunately the base image is pretty lightweight, but still contains unwanted bloatware from Lenovo, especially MacAfee Live Safe.
To combat this I’ve put together a small Powershell script which will firstly uninstall and remove Microsoft AppxPackages, including ‘Lenovo Utility‘, ‘Lenovo Companion‘, ‘Skype‘, ‘Xbox’ and ‘LinkedIn’ from the device.
The Script will then utilise MacAfee’s Consumer Product Removal Tool, fully automating the process outlined by Christian Lehrer here. My script will automatically;
Download the tool from MacAfee’s website and place it in c:/temp/RemoveMcAfee folder
Run the tool
Copy removal files from McAfee temp folder
Close the tool
Run the embedded cleanup tool, kill McAfee services and fully uninstall MacAfee Live Safe
The whole process will take about 15 mins on average, this is the time it takes to uninstall MacAfee, 99% of the process is silent, with exception to the part where the Consumer product removal tool launches in order to extract the content from the %Temp% folder, this could probably be tweaked by manually uploading the zipped contents of the MCPR folder to a public web server, download the zip file using the invoke-webrequest cmdlet and extracting the files to c:\Temp\RemoveMcAfee\MCPR\, thus removing the need to download and launch the tool from McAfee, making it a fully silent install, but legally that would probably be a no go.
The Script
#############################################
#############################################
######### Liam-robinson.co.uk ###############
#############################################
#############################################
# Remove Lenovo Companion and Skype
$appname = @(
"E046963F.LenovoCompanion"
"*E0469640.LenovoUtility"
"*SkypeApp*"
"*LinkedIn*"
"*Xbox*"
)
ForEach($app in $appname){
Get-AppxPackage -Name $app | Remove-AppxPackage -ErrorAction SilentlyContinue
Get-AppXProvisionedPackage -Online | where DisplayName -like $app | Remove-AppxProvisionedPackage -Online
}
### Download McAfee Consumer Product Removal Tool ###
## Create Temp Directory ##
New-Item -ItemType Directory -Force -Path C:\Temp\RemoveMcafee
# Download Source
$URL = 'http://download.mcafee.com/molbin/iss-loc/SupportTools/MCPR/MCPR.exe'
# Set Save Directory
$destination = 'C:\Temp\RemoveMcafee\MCPR.EXE'
#Download the file
Invoke-WebRequest -Uri $URL -OutFile $destination
## Navigate to directory
cd C:\Temp\RemoveMcafee
# Run Tool
Start-Process -WindowStyle minimized -FilePath "MCPR.exe"
## Sleep for 20 seconds file fike extracts
Start-sleep -Seconds 20
# Navigate to temp folder
cd $Env:LocalAppdata\Temp
# Copy Temp Files
copy-item -Path .\MCPR\ -Destination c:\Temp\RemoveMcAfee -Recurse -Force
# Kill Mcafee Consumer Product Removal Tool
Taskkill /IM "McClnUI.exe" /F
# Automate Removal and kill services
cd c:\Temp\RemoveMcAfee\MCPR\
.\Mccleanup.exe -p StopServices,MFSY,PEF,MXD,CSP,Sustainability,MOCP,MFP,APPSTATS,Auth,EMproxy,FWdiver,HW,MAS,MAT,MBK,MCPR,McProxy,McSvcHost,VUL,MHN,MNA,MOBK,MPFP,MPFPCU,MPS,SHRED,MPSCU,MQC,MQCCU,MSAD,MSHR,MSK,MSKCU,MWL,NMC,RedirSvc,VS,REMEDIATION,MSC,YAP,TRUEKEY,LAM,PCB,Symlink,SafeConnect,MGS,WMIRemover,RESIDUE -v -s
#EdTech Network Manager, experienced in Microsoft 365, Server 2019, Intune, SCCM and anything inbetween.
Is there a way to force this script without having to put in any admin credentials?
You could add a snippet to the beginning to check if its being run as admin, if not, close and open as admin. You could also run powershell as administrator and then run the script using .\scriptname.ps1
Function Check-RunAsAdministrator()
{
#Get current user context
$CurrentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
#Check user is running the script is member of Administrator Group
if($CurrentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator))
{
Write-Output “Script is running with Administrator privileges!”
}
else
{
Write-Output “Script is running without Administrator privileges, this is needed to launch DISM.”
Write-Output “We will now restart and launch as Admin..”
Start-Sleep -Seconds 5
#Create a new Elevated process to Start PowerShell
$ElevatedProcess = New-Object System.Diagnostics.ProcessStartInfo “PowerShell”;
# Specify the current script path and name as a parameter
$ElevatedProcess.Arguments = “& ‘” + $script:MyInvocation.MyCommand.Path + “‘”
#Set the Process to elevated
$ElevatedProcess.Verb = “runas”
#Start the new elevated process
[System.Diagnostics.Process]::Start($ElevatedProcess)
#Exit from the current, unelevated, process
Exit
}
}