Microsoft Security Updates include an upgrade to Internet Explorer 9 - kb982861.
That sounds reasonable and perfectly cool.Unless you're doing patch management.
Just think about that awkward moment when you realise that your client's web applications can only work with Internet Explorer 8!
Supposedly you went ahead and mass-deployed Windows Security Updates to all Windows 7 x64 computers and received about 100 phone calls from digruntled users.Aaand it's only noon.
Not saying that happened to me today but I just happened to think about such a predicament and how to handle it like a sir.Let's presume we have SCCM security privileges, ConfigMgr 2007 handy and a working internet connection.It's all we'll need.
First thing we need to do is google "uninstall ie9 microsoft fix it" and the first link should take us to the right spot.
 |
The Microsoft Fix it wizard is actually an MSI we can use to remove IE9 and bring back Internet Explorer 8 to life on all affected user machines.
Just download the MSI called MicrosoftFixit50778.msi from the link and create the package using ConfigMgr 2007.
Name the package something relevant like "IE9-Uninstall" and select an accessible share directory for the data source, where we will place our .MSI file.You might want to leave Data Access, Distribution Settings, Reporting and Security as defaults or you can set a high sending priority in your Distribution Settings just to play it safe.Next we will place the .msi file we previously downloaded inside the data source folder.
Once the package is created we need to add the distribution points and program.Right click, add new program and put this in the command line box: msiexec.exe /i MicrosoftFixit50778.msi /qn /norestart.
If we click browse we should get to the data source folder.For program requirements we will select Windows 7 x64 and leave the maximum allowed run time to 120 minutes.
Environment settings are very important.We should take into account that UAC is enabled on the Windows 7 machines and we need this program to run with administrative priviledges.Let's leave anything else as default at this stage as our work is nearly complete.
Other thing we need to consider is what happens if the users have Internet Explorer open while our uninstall package is advertised to them.We can test and see what happens but instead of wasting valuable time why don't we make sure that the iexplore.exe process is killed before the uninstaller kicks in?
You might have noticed that the program contained within our package has an advanced tab with an option called "Run another program first".
We will use a .vbs script that will kill iexplore.exe and set it to run prior to the uninstaller.The script looks like this:
Let's now go back to the first program and set the second one we created to run first.
Name the package something relevant like "IE9-Uninstall" and select an accessible share directory for the data source, where we will place our .MSI file.You might want to leave Data Access, Distribution Settings, Reporting and Security as defaults or you can set a high sending priority in your Distribution Settings just to play it safe.Next we will place the .msi file we previously downloaded inside the data source folder.
Once the package is created we need to add the distribution points and program.Right click, add new program and put this in the command line box: msiexec.exe /i MicrosoftFixit50778.msi /qn /norestart.
If we click browse we should get to the data source folder.For program requirements we will select Windows 7 x64 and leave the maximum allowed run time to 120 minutes.
Other thing we need to consider is what happens if the users have Internet Explorer open while our uninstall package is advertised to them.We can test and see what happens but instead of wasting valuable time why don't we make sure that the iexplore.exe process is killed before the uninstaller kicks in?
You might have noticed that the program contained within our package has an advanced tab with an option called "Run another program first".
We will use a .vbs script that will kill iexplore.exe and set it to run prior to the uninstaller.The script looks like this:
strComputer = "." Set objWMIService = GetObject _ ("winmgmts:\\" & strComputer & "\root\cimv2") Set colProcessList = objWMIService.ExecQuery _ ("Select * from Win32_Process Where Name = 'iexplore.exe'") For Each objProcess in colProcessList objProcess.Terminate() MsgBox "Internet Explorer 9 will be uninstalled.Please reboot at your_ earliest convenience, no sooner than 5 minutes!" Next
Our packages are setup, so we can add all affected computers into a collection and advertise this package to it.It should take no more than 5 minutes to remove Internet Explorer 9 and IE8 should be found on the workstations after rebooting.
Just remember to set at least a mandatory assignment to the advertisement schedule to make sure the packages are pushed out.
Alternately, if we have one or two users affected we can uninstall IE9 by pasting the following in an elevated command prompt: FORFILES /P %WINDIR%\servicing\Packages /M Microsoft-Windows-InternetExplorer-8*.mum /c "cmd /c echo Uninstalling package @fname && start /w pkgmgr /up:@fname /norestart
When it's done just restart and voila!
Just remember to set at least a mandatory assignment to the advertisement schedule to make sure the packages are pushed out.
Alternately, if we have one or two users affected we can uninstall IE9 by pasting the following in an elevated command prompt: FORFILES /P %WINDIR%\servicing\Packages /M Microsoft-Windows-InternetExplorer-8*.mum /c "cmd /c echo Uninstalling package @fname && start /w pkgmgr /up:@fname /norestart
When it's done just restart and voila!
