By Chris Blunt
Published: August 8, 2023
“
How do I easily get rid of our old versions of .Net Core?
“
I’ve been working with a few clients lately who’ve all had a challenge with older .Net frameworks hanging about and causing them a non-compliance on their Cyber Essentials Plus Audits
They’ve been looking at various tools or ways to remove the older .Net Frameworks, I decided there must be an easy way with Intune connected devices, so here’s what I’ve done…
WARNING!
This is still in Testing at the moment… Use at your own risk!
This is designed for Competent IT People to use as a reference and NOT for an IT novice to blindly follow!
Please Test before you use it in anger!
So after a quick Google search I came across the .Net Uninstall Tool from Microsoft
PART 1: Install .Net Uninstall tool via Intune
First step is to get the .Net Uninstall tool installed via Intune!
- Download the .Net Uninstall tool MSI (https://github.com/dotnet/cli-lab/releases)
- Navigate to Microsoft Endpoint Manager > Apps > Windows Apps (https://endpoint.microsoft.com/?ref=AdminCenter#view/Microsoft_Intune_DeviceSettings/AppsWindowsMenu/~/windowsApps)
- Click Add
- Select App Type of “Line-of-business app” > Click Next
- Select the MSI you’ve downloaded in Step > Click Next
- Enter the Publisher as “Microsoft” (Or what ever else you want) > Click Next
- Assign it to a Test Group (or All Devices if you’ve already tested it!) > Click Next
- Click ‘Create’ on Review & Create
Now wait a little while for it to start to push out (it can take some time, I rebooted, went for my Lunch, came back and it was done!)
Once Done you can check on one of your test machines it’s working by running PowerShell as Administrator and typing:
dotnet-core-uninstall dry-run --all-below 6.0 --runtime
.Net Uninstall – Add App
.Net Uninstall – Select App Type
.Net Uninstall – Add App Package File
.Net Uninstall – Dry Run Example
PART 2: Deploy the Remove Script via Intune
So for this bit to work, you will need to have the .Net Uninstall tool installed on the machine you run. the script on (See Part 1 above!)
- Grab a copy of the PowerShell Script I’ve created below (note, I’m not a PowerShell expert, but this one is fairly basic!)
- Navigate to Microsoft Endpoint Manager > Devices > Scripts (https://endpoint.microsoft.com/?ref=AdminCenter#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/powershell)
- Click Add > Windows 10 OS
- Give the Script a Name “Remove Pre 6.0 .Net” > Click Next
- Select the Location of the PowerShell script you’ve downloaded or Created > Click Next
- Assign it to a Test Group (or All Devices if you’ve already tested it!) > Click Next
- Click ‘Create’ on Review & Create
Now wait a little while for it to start to push out (it can take some time, I wrote this article whilst waiting for it! Still wasnt done, so I rebooted and made. afew tweaks… now it’s done!)
Once Done you can check on one of your test machines it’s worked by running PowerShell as Administrator and typing: (and Check you don’t see any older .Net Installs!)
dotnet-core-uninstall list
.Net Remove Script – Basics
.Net Remove Script – Add PowerShell Script
.Net Remove Script – Assignments
.Net Remove Script – Review and Create
.Net Remove Script – Test
PART 2b: The PowerShell Script
I figured it wsa safer for you to copy and past in to a new PowerShell file, rather than download a file from my website. So here’ s the file in full, please read and understand it 🙂
## PowerShell Script to Remove .Net Runtimes Prior to v6.0
# Written by Chris Blunt - Blunt Security August 2023
# Use at your own risk!
##
## Please See the following Blog Post for further info about how to use this in Intune
## <Link to Blunt Security>
#
## The following MS Article has been used as reference material
## https://learn.microsoft.com/en-us/dotnet/core/additional-tools/uninstall-tool?tabs=windows
#
## You will first need to install donet-core-uninstall from the following GitLabs
## https://github.com/dotnet/cli-lab/releases
#
dotnet-core-uninstall remove --all-below 6.0 --runtime --yes
##
# NOTE: This will NOT uninstall versions that might be used by Visual Studio, you must use the --force tag if you want that...
# dotnet-core-uninstall remove --all-below 6.0 --runtime --yes --force
##
# If you want to do SDK as well
# dotnet-core-uninstall remove --all-below 6.0 --sdk --yes
##
# If you want to check what the command will do manually first
# donet-core-uninstall dry-run --all-below 6.0 --runtime
##
Need help with Cyber Essentials?
If you want some straight talking help with Cyber Essentials or a wider Cyber Security matter Book a discovery call with me today.
Related Articles
What is Cyber Essentials?
Cyber Essentials is the minimum standard the UK Government recommends all organisations meet, how do you measure up against is?
Recent Comments