Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Prevent installing the new Edge on a System and User level.
# For the annoyed consumer. Prevent Windows from installing the "new" Edge.
# This is for the SYSTEM installed Edge (Program Files).
# Edge can still be installed per-user (AppData). See the USER script.
# DOWNLOADING THESE SCRIPTS:
# While this script is clearly safe, Windows may block this file. You will need to unblock it if that's the case.
# Additionally, PowerShell blocks scripts for safety. Run the command: set-executionpolicy unrestricted
# You can revert this change with the command: set-executionpolicy restricted
# COPYING AND PASTING THESE SCRIPTS:
# Copy and paste into an empty notepad window. Save it as "what_ever_you_want_to_name_it.ps1".
# This will bypass the need to change execution policy and unblock files.
# ===========================================================================================
# IT / SYSTEM ADMINS, READ THIS!
# This is not and ideal solution.
# You should instead use a Policy to prohibit installs.
# Policies work for Pro and higher domain joined PCs.
# You have plenty of routes to choose from. Here are a few:
# https://serverfault.com/a/477955/613652
# https://serverfault.com/a/792097/613652
# https://serverfault.com/a/926424/613652
# Since profiles on Domain joined computers roam, you will be playing a cat and mouse game.
# Policies can be set Domain wide. Problem solved.
# This script is targeted at Home users who won't have access to enterprise solutions.
# ===========================================================================================
# Right click this file and select "Run with PowerShell"
# BEGIN SCRIPT ============================================================================================================================
# This checks if PowerShell is admin role. If not an admin, consent is prompted before the rest of the script is ran.
# YOU NEED ADMIN RIGHTS!
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }
# Via registry, change "NoRemove" to "0" at these locations
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" -Name "NoRemove" -Value 0
Set-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" -Name "NoRemove" -Value 0
# Goodbye Edge.
& "C:\Program Files (x86)\Microsoft\Edge\Application\*\Installer\setup.exe" --uninstall --msedge --system-level --verbose-logging
# Let's pause here for 7 seconds so the uninstall completes.
start-sleep 7
# Nuke that shit.
remove-item -path "C:\Program Files (x86)\Microsoft\Edge" -recurse -force
remove-item -path "C:\Program Files (x86)\Microsoft\EdgeUpdate" -recurse -force
# Create the folders needed.
new-item -type "directory" -path "C:\Program Files (x86)\Microsoft\Edge"
new-item -type "directory" -path "C:\Program Files (x86)\Microsoft\EdgeUpdate"
# Once folders are created, lock them down.
takeown /f "C:\Program Files (x86)\Microsoft\Edge" /a /r
icacls "C:\Program Files (x86)\Microsoft\Edge" /inheritance:r /q
icacls "C:\Program Files (x86)\Microsoft\Edge" /t /deny Users:F SYSTEM:F Everyone:F "NT SERVICE\TrustedInstaller:F" /q
takeown /f "C:\Program Files (x86)\Microsoft\EdgeUpdate" /a /r
icacls "C:\Program Files (x86)\Microsoft\EdgeUpdate" /inheritance:r /q
icacls "C:\Program Files (x86)\Microsoft\EdgeUpdate" /t /deny Users:F SYSTEM:F Everyone:F "NT SERVICE\TrustedInstaller:F" /q
# Anytime an attempt to install edge is made, the installer will fail.
# For the annoyed consumer. Prevent Windows from installing the "new" Edge.
# This is for the USER installed Edge (AppData).
# Edge can still be installed to the SYSTEM (Program Files). See the SYSTEM script.
# You shouldn't need to run this script as Edge comes pre-installed on a system level.
# If by chance you or someone else has installed Edge on a user level, you must remove it first.
# Login to that user and uninstall Edge. You may then run this script.
# DOWNLOADING THESE SCRIPTS:
# While this script is clearly safe, Windows may block this file. You will need to unblock it if that's the case.
# Additionally, PowerShell blocks scripts for safety. Run the command: set-executionpolicy unrestricted
# You can revert this change with the command: set-executionpolicy restricted
# COPYING AND PASTING THESE SCRIPTS:
# Copy and paste into an empty notepad window. Save it as "what_ever_you_want_to_name_it.ps1".
#
# ===========================================================================================
# IT / SYSTEM ADMINS, READ THIS!
# This is not and ideal solution.
# You should instead use a Policy to prohibit installs.
# Policies work for Pro and higher domain joined PCs.
# You have plenty of routes to choose from. Here are a few:
# https://serverfault.com/a/477955/613652
# https://serverfault.com/a/792097/613652
# https://serverfault.com/a/926424/613652
# Since profiles on Domain joined computers roam, you will be playing a cat and mouse game.
# Policies can be set Domain wide. Problem solved.
# This script is targeted at Home users who won't have access to enterprise solutions.
# ===========================================================================================
# Right click this file and select "Run with PowerShell"
# BEGIN SCRIPT ============================================================================================================================
# This checks if PowerShell is admin role. If not an admin, consent is prompted before the rest of the script is ran.
# YOU NEED ADMIN RIGHTS!
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }
# Nuke that shit.
Get-ChildItem C:\Users | ForEach-Object {
remove-item -path "$($_.FullName)\AppData\Local\Microsoft\Edge" -recurse -force
remove-item -path "$($_.FullName)\AppData\Local\Microsoft\EdgeUpdate" -recurse -force
}
# Create the folders needed.
Get-ChildItem C:\Users | ForEach-Object {
new-item -type "directory" -path "$($_.FullName)\AppData\Local\Microsoft\Edge"
new-item -type "directory" -path "$($_.FullName)\AppData\Local\Microsoft\EdgeUpdate"
}
# Once folders are created, lock them down.
Get-ChildItem C:\Users | ForEach-Object {
takeown /f "$($_.FullName)\AppData\Local\Microsoft\Edge" /a /r
icacls "$($_.FullName)\AppData\Local\Microsoft\Edge" /inheritance:r /q
icacls "$($_.FullName)\AppData\Local\Microsoft\Edge" /t /deny Users:F SYSTEM:F Everyone:F "NT SERVICE\TrustedInstaller:F" /q
takeown /f "$($_.FullName)\AppData\Local\Microsoft\EdgeUpdate" /a /r
icacls "$($_.FullName)\AppData\Local\Microsoft\EdgeUpdate" /inheritance:r /q
icacls "$($_.FullName)\AppData\Local\Microsoft\EdgeUpdate" /t /deny Users:F SYSTEM:F Everyone:F "NT SERVICE\TrustedInstaller:F" /q
}
# Anytime an attempt to install edge is made, the installer will fail.
# Unfortunately, Windows may throw an error upgrading versions if you used either of these scripts.
# To get around this, we need to unlock and remove these folders before upgrading.
# System
takeown /f "C:\Program Files (x86)\Microsoft\Edge" /a /r
icacls "C:\Program Files (x86)\Microsoft\Edge" /inheritance:r /q
icacls "C:\Program Files (x86)\Microsoft\Edge" /t /grant Users:F SYSTEM:F Everyone:F "NT SERVICE\TrustedInstaller:F" Administrators:F /q
takeown /f "C:\Program Files (x86)\Microsoft\EdgeUpdate" /a /r
icacls "C:\Program Files (x86)\Microsoft\EdgeUpdate" /inheritance:r /q
icacls "C:\Program Files (x86)\Microsoft\EdgeUpdate" /t /grant Users:F SYSTEM:F Everyone:F "NT SERVICE\TrustedInstaller:F" Administrators:F /q
remove-item -path "C:\Program Files (x86)\Microsoft\Edge" -recurse -force
remove-item -path "C:\Program Files (x86)\Microsoft\EdgeUpdate" -recurse -force
# Users
Get-ChildItem C:\Users | ForEach-Object {
takeown /f "$($_.FullName)\AppData\Local\Microsoft\Edge" /a /r
icacls "$($_.FullName)\AppData\Local\Microsoft\Edge" /inheritance:r /q
icacls "$($_.FullName)\AppData\Local\Microsoft\Edge" /t /grant Users:F SYSTEM:F Everyone:F "NT SERVICE\TrustedInstaller:F" Administrators:F /q
takeown /f "$($_.FullName)\AppData\Local\Microsoft\EdgeUpdate" /a /r
icacls "$($_.FullName)\AppData\Local\Microsoft\EdgeUpdate" /inheritance:r /q
icacls "$($_.FullName)\AppData\Local\Microsoft\EdgeUpdate" /t /grant Users:F SYSTEM:F Everyone:F "NT SERVICE\TrustedInstaller:F" Administrators:F /q
}
Get-ChildItem C:\Users | ForEach-Object {
remove-item -path "$($_.FullName)\AppData\Local\Microsoft\Edge" -recurse -force
remove-item -path "$($_.FullName)\AppData\Local\Microsoft\EdgeUpdate" -recurse -force
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment