With Internet Explorer finally retiring after a lengthy 27 year career, it came time for removal within the servers I maintain for demos. I actually thought a security update would've removed the browser, but after applying updates for June, July, and August, I realized it would be up to me to remove the browser.
Yeeeehaw...time for some "quick and dirty" automation. As I often reference in my blogs, I'm more of a perpetual green belt with PowerShell. I can do a lot of advanced things, but I don't always write a lot of verbose logging, I often times don't do as much as you could with error handling, nor do I lean on a GUI for PowerShell, or anything like that. I also think my code is often cobbled together from reading various Microsoft documentation articles, reading through blogs, checking Stack Overflow, and tinkering on my own (I know, I'm starting to sound like a developer). I want to stress that this code is really not production ready, nor should you just take it and run these scripts without first vetting the process works, tweaking or editing, and getting it closer to production ready. Think of my code as the quick way to get something done, which isn't necessarily the best way to get something done in an enterprise. I post about these types of scripts to help you understand PowerShell better and to hopefully give you a great starting point. Also, if you have some sort of third party tool that manages and handles state for your servers, skip this blog post entirely! There's probably a better way to accomplish this task using your third party tool!
What are we going to lean on today? Welp...you guessed it...PowerShell!
I've covered this before: I automate as much as possible because I don't have time to manually log into servers and make configuration changes. I've been using DSC a bit more with my home lab and I might have some interesting blog posts to share in the future. But for now, I'm still testing/learning with DSC, so I'll use regularf PowerShell, import the Active Directory module, run through a ForEach loop, and get this functional.
The lone problem? I wasn't sure what Internet Explorer was officially called. I started by using an exploratory PowerShell cmdlet: Get-WindowsOptionalFeature (note, this cmdlet requires elevation).
Brilliant. The FeatureName is Internet-Explorer-Optional-amd64. Let's import the Active Directory module, search through Windows servers in my environment, go through each Windows server, and invoke the command to remove Internet Explorer.
The full working script for my environment lives on GitHub and is accessible here. If you'd rather copy/paste, here's the script:
Get-WindowsOptionalFeature -Online -FeatureName *explorer*
Import-Module ActiveDirectory
$servers = Get-ADComputer -Filter {OperatingSystem -like "*Windows*"}
ForEach ($server in $servers){
Invoke-Command -ComputerName $server.DNSHostName -ScriptBlock {
Disable-WindowsOptionalFeature -Online -FeatureName Internet-Explorer-Optional-amd64 `
-ErrorAction SilentlyContinue
}
Write-Host -ForegroundColor Green Removed Internet Explorer on $server.DNSHostName
}
When you run this in the terminal, you will see output that's helpful related to if a restart is needed on the computer, a status if Internet Explorer is removed successfully, any error messages, etc. You also have capacity to reboot computers from the IDE you're using to execute the script. Note, I had already ran this in my environment, so I don't need to reboot any of my Windows machines.
Again, this is the super quick and dirty script that you could take as a starter point and add more error handling and/or verbose logging into the mix. You will definitely want to experiment with what I'm doing, as I'm targeting all Windows servers I maintain vs. a subset. Stay tuned for how I automated the Microsoft Edge installation! Happy PowerShelling!
Comments