Finally time to blog during these busy times, removing Personal Teams in Windows 11 by setting the ConfigureChatAutoInstall registry value to prevent from installing.
The challenge is that the permissions on that registry key, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications is set to TrustedInstaller so it is hard to create the necessary value. There are solutions out there that uses Remediations to uninstall it or use SetACL.exe to set the permissions. That is why we wrote it in PowerShell natively instead, my co-worker Sassan made it look better than mine 😉, it can be downloaded from here:
CodeDump/Set-ConfigureChatAutoInstall.ps1 at main · suazione/CodeDump · GitHub
The script does the following:
- Takes ownership of then registry key
- Creates and sets the registry value
- Sets the ownership back to TrustedInstaller
- Uninstalls Personal Teams if it is already installed
I deploy this as a Win32App in Intune and add it as a blocking app in the Enrollment Status Page so the value is set the first time the user logs on. Works great! Now that Windows 11 23H2 will be delivered as an eKB (Enablement Package) and hopefully not put it back as Windows 11 21H2 – Windows 11 22H2 did. If that is the case, we can easily use success.cmd as I wrote about here to keep it away. https://ccmexec.com/2023/03/windows-servicing-personal-teams-and-success-cmd/
Deploy it as a Win32App
To be able to use it as a blocking app I wrap it and use the following:
Install Command: %WINDIR%\sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File RemoveConsumerTeams.ps1
Uninstall Command: %WINDIR%\sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File RemoveConsumerTeams.ps1
Detection Rule: Registry
Key Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications
Value Name: ConfigureChatAutoInstall
As shown in the picture below.
I hope this will be of value so we can remove personal Teams and move on!
Denne har jeg letet etter, takk for den.
Hi
I tried to test the Script with PS (admin) but it was giving me this error….
VERBOSE: Setting ACL permission [FullControl] for user [NT AUTHORITY\System] @ [HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications]
Exception calling “OpenSubKey” with “3” argument(s): “Requested registry access is not allowed.”
At C:\temp\RemoveConsumerTeams.ps1:65 char:9
+ $Item = $rootKey.OpenSubKey($Key,[Microsoft.Win32.RegistryKey …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SecurityException
Exception calling “SetAccessControl” with “1” argument(s): “Cannot write to the registry key.”
At C:\temp\RemoveConsumerTeams.ps1:69 char:9
+ $Item.SetAccessControl($acl)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : UnauthorizedAccessException
New-ItemProperty : Requested registry access is not allowed.
Yes, you need to run it in System context
Manually testing the script i get the following error
Exception calling “OpenSubKey” with “3” argument(s): “Requested registry access is not allowed.”
At C:\source-code\teams.ps1:70 char:9
+ $Item = $rootKey.OpenSubKey($Key,[Microsoft.Win32.RegistryKey …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SecurityException
Exception calling “SetAccessControl” with “1” argument(s): “Cannot write to the registry key.”
At C:\source-code\teams.ps1:74 char:9
+ $Item.SetAccessControl($acl)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : UnauthorizedAccessException
Hi, You need to run the script as System otherwise it will not work.
Regards,
Jörgen
As i will be adding this in OSD TS in SCCM so i will check if it works