The actionscript is below. IExpress is a built in Microsoft product that allows you to semi package files together to make an .exe. In this exe there is an elevation command that calls on command prompt to change the PowerShell execution policy (set by our group policy) from restricted to bypass, then open and execute the PowerShell script.
ActionScript:
//action parameter query “startDir” with description “Specify the root folder path you want to scan recursively through:” and with default value “c:\users”
//============================================================================
//PowerShell Script…
//
//1. Save old ExecutionPolicy value
parameter “PolicyExisted”="{exists value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of (if exists x64 registry then x64 registry else registry)}“
parameter “oldExecutionPolicy”=”{if (parameter “PolicyExisted” as boolean) then (value “ExecutionPolicy” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of (if exists x64 registry then x64 registry else registry) as string) else “”}"
//2. set to ExecutionPolicy=Unrestricted and Pull PowerShell exe from registry… if 64bit then pull PowerShell x64
if {x64 of operating system}
regset64 “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” “ExecutionPolicy”=“Bypass"
parameter “PowerShellexe”=”{value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of x64 registry}"
else
//we need to determine what the current execution policy is so we can put it back when we’re done.
regset “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” “ExecutionPolicy”=“Bypass"
parameter “PowerShellexe”=”{value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of registry}"
endif
//3. Create PowerShell script and save to a ps1 file
//4. Execute PowerShell with ps1 script file
action uses wow64 redirection false
prefetch 990c9b9d11dc914d3896d113b67d32f60e9eaff8 sha1:990c9b9d11dc914d3896d113b67d32f60e9eaff8 size:1534 http://SPRDTEM01.vectren.com:52311/Uploads/990c9b9d11dc914d3896d113b67d32f60e9eaff8/Remove_old_java_versions.ps1.tmp sha256:4d877e8471f273ed7b535f4eb38775be8bdebab4d10543f947ff58ab5a68f281
extract 990c9b9d11dc914d3896d113b67d32f60e9eaff8
waithidden “{parameter “PowerShellexe”}” -file “{pathname of client folder of current site}\Remove_old_java_versions.ps1"
action uses wow64 redirection {x64 of operating system}
//5. Restore ExecutionPolicy back
if {x64 of operating system}
if {parameter “PolicyExisted” as boolean}
regset64 “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” “ExecutionPolicy”=”{parameter “oldExecutionPolicy”}"
else
regdelete64 “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” “ExecutionPolicy"
endif
else
if {parameter “PolicyExisted” as boolean}
regset “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” “ExecutionPolicy”=”{parameter “oldExecutionPolicy”}"
else
regdelete “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]” "ExecutionPolicy"
endif
endif
//============================================================================
This script is changing the execution policy to bypass, downloading the script, and executing it with PowerShell.
The script that is being ran works fine when executed on its own. It runs silently as well. That script is:
#This script is used to remove any old Java versions, and leave only the newest.
IMPORTANT NOTE: If you would like Java versions 6 and below to remain, please edit the next line and replace $true with $false
$UninstallJava6andBelow = $true
#Declare version arrays
$32bitJava = @()
$64bitJava = @()
$32bitVersions = @()
$64bitVersions = @()
#Perform WMI query to find installed Java Updates
if ($UninstallJava6andBelow) {
$32bitJava += Get-WmiObject -Class Win32_Product | Where-Object {
$_.Name -match "(?i)Java(\(TM\))*\s\d+(\sUpdate\s\d+)*$"
}
#Also find Java version 5, but handled slightly different as CPU bit is only distinguishable by the GUID
$32bitJava += Get-WmiObject -Class Win32_Product | Where-Object {
($_.Name -match "(?i)J2SE\sRuntime\sEnvironment\s\d[.]\d(\sUpdate\s\d+)*$") -and ($_.IdentifyingNumber -match "^\{32")
}
} else {
$32bitJava += Get-WmiObject -Class Win32_Product | Where-Object {
$_.Name -match "(?i)Java((\(TM\) 7)|(\s\d+))(\sUpdate\s\d+)*$"
}
}
#Perform WMI query to find installed Java Updates (64-bit)
if ($UninstallJava6andBelow) {
$64bitJava += Get-WmiObject -Class Win32_Product | Where-Object {
$_.Name -match "(?i)Java(\(TM\))*\s\d+(\sUpdate\s\d+)*\s[(]64-bit[)]$"
}
#Also find Java version 5, but handled slightly different as CPU bit is only distinguishable by the GUID
$64bitJava += Get-WmiObject -Class Win32_Product | Where-Object {
($_.Name -match "(?i)J2SE\sRuntime\sEnvironment\s\d[.]\d(\sUpdate\s\d+)*$") -and ($_.IdentifyingNumber -match "^\{64")
}
} else {
$64bitJava += Get-WmiObject -Class Win32_Product | Where-Object {
$_.Name -match "(?i)Java((\(TM\) 7)|(\s\d+))(\sUpdate\s\d+)*\s[(]64-bit[)]$"
}
}
#Enumerate and populate array of versions
Foreach ($app in $32bitJava) {
if ($app -ne $null) { $32bitVersions += $app.Version }
}
#Enumerate and populate array of versions
Foreach ($app in $64bitJava) {
if ($app -ne $null) { $64bitVersions += $app.Version }
}
#Create an array that is sorted correctly by the actual Version (as a System.Version object) rather than by value.
$sorted32bitVersions = $32bitVersions | %{ New-Object System.Version ($_) } | sort
$sorted64bitVersions = $64bitVersions | %{ New-Object System.Version ($_) } | sort
#If a single result is returned, convert the result into a single value array so we don’t run in to trouble calling .GetUpperBound later
if($sorted32bitVersions -isnot [system.array]) { $sorted32bitVersions = @($sorted32bitVersions)}
if($sorted64bitVersions -isnot [system.array]) { $sorted64bitVersions = @($sorted64bitVersions)}
#Grab the value of the newest version from the array, first converting
$newest32bitVersion = $sorted32bitVersions[$sorted32bitVersions.GetUpperBound(0)]
$newest64bitVersion = $sorted64bitVersions[$sorted64bitVersions.GetUpperBound(0)]
Foreach ($app in $32bitJava) {
if ($app -ne $null)
{
# Remove all versions of Java, where the version does not match the newest version.
if (($app.Version -ne $newest32bitVersion) -and ($newest32bitVersion -ne $null)) {
$appGUID = $app.Properties["IdentifyingNumber"].Value.ToString()
Start-Process -FilePath "msiexec.exe" -ArgumentList "/qn /norestart /x $($appGUID)" -Wait -Passthru -WindowStyle Hidden
#write-host "Uninstalling 32-bit version: " $app
}
}
}
Foreach ($app in $64bitJava) {
if ($app -ne $null)
{
# Remove all versions of 64bit Java
$appGUID = $app.Properties["IdentifyingNumber"].Value.ToString()
Start-Process -FilePath "msiexec.exe" -ArgumentList "/qn /norestart /x $($appGUID)" -Wait -Passthru -WindowStyle Hidden
#write-host "Uninstalling 64-bit version: " $app
}
}