Offboarding script to remove MS office and adobe

Before I go searching for these somewhere else, anyone wanna post their offboarding script for removing office and adobe products?

Not something we do, Office belongs to the client, and if they are not compliant with licensing, then it will just not function anymore. Same with Adobe. We only remove our software when we offboard.

Provide your own setup.exe file url…

# Remove MICROSOFT 365 using VLM ODT Office Deployment Tool
New-Item -ItemType directory -Path "C:\OfficeSetup" -Force | Out-Null
Set-Location -Path "C:\OfficeSetup" | Out-Null
Invoke-WebRequest -Uri https://example.com/setup.exe -OutFile C:\OfficeSetup\setup.exe
New-Item -ItemType file -Path .\uninstall.xml -Force | Out-Null
Add-Content -Path .\uninstall.xml -Value '<Configuration>'
Add-Content -Path .\uninstall.xml -Value '    <!--Uninstall complete Office 365-->'
Add-Content -Path .\uninstall.xml -Value '    <Display Level="None" AcceptEULA="TRUE" />'
Add-Content -Path .\uninstall.xml -Value '    <Logging Level="Standard" Path="%temp%" />'
Add-Content -Path .\uninstall.xml -Value '    <Remove All="TRUE" />'
Add-Content -Path .\uninstall.xml -Value '</Configuration>'
#$signerhash = Get-AuthenticodeSignature .\setup.exe
#if ($signerhash.SignerCertificate -eq "9DC17888B5CFAD98B3CB35C1994E96227F061675")
#{
echo "Uninstalling Microsoft 365."
.\setup.exe /configure C:\OfficeSetup\uninstall.xml
#}
2 Likes

Did you comment out the conditional hash check because it didn’t work, or just as an option?

I do use the hash check. Just make sure you check your own hash value on setup.exe. I was thinking there may be more versions of the file when I was testing this. You have to extract the setup.exe from the deployment tool which is a manual step. If I could just pull that setup.exe directly from Microsoft I would have.

Added - here is a corrected check that verifies the signature as well as an expected hash.

$hash = Get-FileHash .\setup.exe
$signerhash = Get-AuthenticodeSignature .\setup.exe
if ($hash.Hash -ne "3850805503FC0CC248DF38C7E438CE7605591FB756E58CF43D3A0821EC918A1C" -or $signerhash.Status -ne "Valid")
{
    Write-Host "ERROR - File failed hash verification."; exit 1
}