PowerShell script to keep Personal Teams away in Windows 11

Posted on by Jörgen Nilsson

Finally time to blog during these busy times, removing Personal Teams in Windows 11 by setting the ConfigureChatAutoInstall registry value to prevent from installing.

The challenge is that the permissions on that registry key, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications is set to TrustedInstaller so it is hard to create the necessary value. There are solutions out there that uses Remediations to uninstall it or use SetACL.exe to set the permissions. That is why we wrote it in PowerShell natively instead, my co-worker Sassan made it look better than mine ?, it can be downloaded from here:

CodeDump/Set-ConfigureChatAutoInstall.ps1 at main · suazione/CodeDump · GitHub

The script does the following:

  • Takes ownership of then registry key
  • Creates and sets the registry value
  • Sets the ownership back to TrustedInstaller
  • Uninstalls Personal Teams if it is already installed

I deploy this as a Win32App in Intune and add it as a blocking app in the Enrollment Status Page so the value is set the first time the user logs on. Works great! Now that Windows 11 23H2 will be delivered as an eKB (Enablement Package) and hopefully not put it back as Windows 11 21H2 – Windows 11 22H2 did. If that is the case, we can easily use success.cmd as I wrote about here to keep it away. https://ccmexec.com/2023/03/windows-servicing-personal-teams-and-success-cmd/

Deploy it as a Win32App

To be able to use it as a blocking app I wrap it and use the following:

Install Command: %WINDIR%\sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File RemoveConsumerTeams.ps1

Uninstall Command: %WINDIR%\sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File RemoveConsumerTeams.ps1

Detection Rule: Registry

Key Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications

Value Name: ConfigureChatAutoInstall

As shown in the picture below.

I hope this will be of value so we can remove personal Teams and move on!

    • 4 thoughts on “PowerShell script to keep Personal Teams away in Windows 11

    2. Pingback: Intune Newsletter - 15th September 2023 - Andrew Taylor

    3. Manually testing the script i get the following error

      Exception calling “OpenSubKey” with “3” argument(s): “Requested registry access is not allowed.”
      At C:\source-code\teams.ps1:70 char:9
      + $Item = $rootKey.OpenSubKey($Key,[Microsoft.Win32.RegistryKey …
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId : SecurityException

      Exception calling “SetAccessControl” with “1” argument(s): “Cannot write to the registry key.”
      At C:\source-code\teams.ps1:74 char:9
      + $Item.SetAccessControl($acl)
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId : UnauthorizedAccessException

      Reply

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.