SCCM Run Script Deployment Step by Step Guide – Uninstall 7Zip without Package

Learn how to create and deploy SCCM PowerShell Script to uninstall applications without creating packages. How to uninstall 7Zip from all your managed devices from SCCM without using packages. In this post, I’ll explain how to deploy a PowerShell script via SCCM to remove the 7Zip application (using the SCCM run script option) from Windows devices.

You can refer to SCCM CB Run PowerShell Script Directly from the Collection post to get more details about the run PowerShell script option. There are also posts about PowerShell script deployment feature architecture and troubleshooting guide.

NOTE! – I know Win32_Product is EVIL and I used that WMI class to remove already installed application. This post is just an example how to use SCCM Script Deployment options.

Introduction

System Center Configuration Manager (SCCM) has an integrated ability to run PowerShell scripts. This feature was first introduced in version 1706 as a pre-release. Beginning with version SCCM 1802 (more details about SCCM version), this feature is no longer a pre-release feature. Create and deploy SCCM PowerShell Script using the script method. SCCM PowerShell Script Deployment without Creating Package is explained in this post.

There is an ability to run PowerShell scripts (SCCM run script) on Client devices using SCCM administrator console. The script can run either to a specific device or to the specific collection. The script deployment option from collection makes it easier to automate the task. The example: uninstall the application or restart the service to all client devices.

• Related Post – SCCM Run PowerShell Script Directly from Collections
• Related Post – Real-Time Graphical Representation SCCM Run Script Results

Prerequisites

Currently, SCCM support only PowerShell Scripts using SCCM run script. The following prerequisites should be in place to SCCM run the script options:

1. The client device must be running PowerShell version 3.0 or later
2. The client device must be running with SCCM 1706 client version or later

SCCM Run Script Authors and Approvers

SCCM Run Script uses the concept of script authors and script approvers as separate roles for implementation and execution of a script. Having the author and approver roles separated allows for a vital process check for the powerful tool that Run Scripts is.

There is an additional script runners role that allows execution of scripts, but not the creation or approval of scripts. You can create and deploy SCCM PowerShell Script using SCCM run script options in the software library. Uninstall 7Zip application with PowerShell Command line from SCCM.

Enable the Script authors to require additional script approver in Hierarchy settings for site server. The further approval and RBAC are to make sure the security part of running the script from the SCCM console. This process is essential for SCCM PowerShell Script Deployment without creating Package.

Security Permissions to Create and Deploy SCCM Run Script

In General, there are three (3) SCCM security roles are needed,

1. Script Runners
2. Script Authors
3. Script Approvers

These three security roles used for running scripts are not created by default in SCCM. Please refer the below Roles to be configured. Additional notify permissions are added in SCCM 1810 version on wards.

Role Name: Script Runners

• Description: These permissions enable this role to only run scripts that were previously created and approved by other roles.
• Permissions: Ensure the following are set to Yes.

Description: These permissions enable this role is only to run scripts that were previously created and approved by other SCCM admins.
Permissions: Ensure the following settings set to Yes.

Role Name: Script Authors

• Description: These permissions enable this role to author scripts, but they can’t approve or run them.
• Permissions: Ensure the following permissions are set.

Role Name: Script Approver

• Description: These permissions enable this script approver role to approve scripts, but they can’t create or run them.
• Permissions: Ensure the following permission values are set to YES or NO respectively.

How to Create SCCM PowerShell Script (SCCM Script)?

In this scenario, need to uninstall 7-Zip application (using PowerShell commandlets) in entire SCCM environment.

PowerShell Script (EVIL?)

$app = Get-WmiObject -Class Win32_Product -Filter “Name = ‘7-Zip 18.05 (x64 edition)'”

$app.Uninstall()

• In the SCCM console, click Software Library.
• In the Software Library workspace, click Scripts.
• On the Home tab, in the Create group, click Create Script.
• On the Script page of the Create Script wizard, configure the following settings:
  • Enter the Script Name and PS Script
  • Click Next

• Review the information and Click Next

• Script is created successfully, Click Close

How to Approve or Deny Script – SCCM PowerShell Script

Once the script is created and needs to approve the approver, it’s essential to have an SCCM script approval process in place so that you can make sure that there are no issues with the script.

To Approve the Script:

• Launch the SCCM Console
• In the SCCM console, click Software Library
• In the Software Library workspace, click Scripts
• Select the Script and Click Approve/Deny in the top ribbon menu

• Review the Script details, Click Next

• Select Approve and then Click Next

• Select Approve and then Click Next

• The Script is approved by the Approver, Click Close

• View the approval status in the console

How to Run a Script from SCCM Console

• After approving the script, Select the Collection or a Client Device

• Right click – Select Run Script options

• Select the Script and then Click Next

• Review the details, click Next

• Task is created and script is executed in the client device.

How to Perform Script Monitoring from SCCM Console

To Monitor the Script execution status in the Configuration Manager (SCCM) console. SCCM PowerShell Script monitoring is also important, and it’s easy to monitor the script results in the latest versions of SCCM.

Client Side Logs

To view the status of Script execution in client side, refer the below client logs

CCMNotificationAgent.log

Script.log

Resources

• Related Post – Run SCCM PowerShell Script Directly from Collections
• Related Post – Real-Time Graphical Representation SCCM Run Script Results
• What’s New With SCCM’s Client Notification Feature – Here