Remove OneDrive via Batch Script

I’ve used this batch script to remove OneDrive from Windows 10 20H2 clients used by students. The script has been added to the end of our MDT student deployment.

@echo off
REM Prevents all commands from being displayed including ‘echo off’

set x86=”%SYSTEMROOT%\System32\OneDriveSetup.exe”
set x64=”%SYSTEMROOT%\SysWOW64\OneDriveSetup.exe”
REM Specifies environment-variables named x86 & x64.

taskkill /f /im OneDrive.exe > NUL 2>&1
REM Forcefully terminate the process using the image name ‘OneDrive.exe’.
REM ‘NUL 2>&1’ suppress outputs and pipe errors to null.

ping 127.0.0.1 -n 5 > NUL 2>&1
REM Misuse the ping command to delay commands, ‘-n 5’ specifies 5 pings. There is a 1s delay between each ping.

if exist %x64% (
%x64% /uninstall
) else (
%x86% /uninstall
)
REM Use the ‘if exist’ condition to uninstall both 32bit & 64bit versions of OneDrive.

ping 127.0.0.1 -n 10 > NUL 2>&1
REM Misuse the ping command to delay commands, ‘-n 10’ specifies 10 pings.

rd “%USERPROFILE%\OneDrive” /Q /S > NUL 2>&1
rd “C:\OneDriveTemp” /Q /S > NUL 2>&1
rd “%LOCALAPPDATA%\Microsoft\OneDrive” /Q /S > NUL 2>&1
rd “%PROGRAMDATA%\Microsoft OneDrive” /Q /S > NUL 2>&1
REM Remove OneDrive remnants. Delete directories and directory trees silently.

REG DELETE “HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}” /f > NUL 2>&1
REG DELETE “HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}” /f > NUL 2>&1
REM Remove OneDrive from File Explorer. Delete registry values without any confirmation prompt.

exit /b 0
REM Specifies to exit the current batch script. The numeric number specifies the process exit code.  Exit code is required for MDT deployment to finish without errors.

Reset RDS Grace Period – Terminal Service

Steps to reset Remote Desktop Services

Licensing notification

Open Regedit and go to the ‘GracePeriod’ key shown below.

GracePeriod key

Give the local Administrators group ‘Full Control’ of the ‘GracePeriod’ key. It’s assumed you are a member of the local Administrators group.

Permissions for the GracePeriod key

Delete the binary data highlighted in the second image.

Reset Grace Period

Reboot the server or restart the Terminal Service.

Using PowerShell to create local user accounts

I wanted to find a simple PowerShell script to create local user accounts on unmanaged laptops.

The script needed to use the laptop serial as part of the username.

Also, the accounts shouldn’t expiry or require the user to change their password on the first login attempt.

The first test command created the account but didn’t insert the laptop serial as part of the username.

New-LocalUser -Name "test-account" -NoPassword -AccountNeverExpires -UserMayNotChangePassword -Description "test account" | Set-LocalUser -PasswordNeverExpires $true

The second script did everything required successfully, including added the laptop serial.

$Error.clear() 
$startupVariables=””
$SN = gwmi win32_bios | Select-Object -Expandproperty SerialNumber
net user student$SN /add /passwordchg:no
wmic useraccount where "name='student$SN'" set passwordexpires=false

The third script includes the user password and adds the user to the local administrators group.

$Error.clear() 
$startupVariables=””
$SN = gwmi win32_bios | Select-Object -Expandproperty SerialNumber
net user admin$SN MyPa55W0rd /add /passwordchg:no
wmic useraccount where "name='admin$SN'" set passwordexpires=false
net localgroup administrators admin$SN /add

To process the commands in one line add semicolons after each command.

$Error.clear();
$startupVariables=””;
$SN = gwmi win32_bios | Select-Object -Expandproperty SerialNumber;
net user student$SN /add /passwordchg:no;
wmic useraccount where "name='student$SN'" set passwordexpires=false

Blocking Malware & Adult Content using 1.1.1.1 for Families

Cloudflare provides ‘1.1.1.1 for Families’ as an extra layer of protection against malware and adult content.  This is an alternative to the 1.1.1.1 DNS resolver which also filters content.

This service can be used on Android, Linux, Windows, iOS, macOS and Routers.

The below guide is taken from Cloudflare Developers Docs.

Windows limited users will be unable to change these settings when devices are configured by an administrator account.

Block malware and adult content
​IPv4
Click the Start menu > Settings.

Select Network and Internet > Change Adapter Settings.

Right-click on the WiFi network you are connected to and click Properties.

Select Internet Protocol Version 4

Click Properties.

Click Use The Following DNS Server Addresses and add:

1.1.1.3
1.0.0.3

Click OK.

​IPv6
Click the Start menu > Settings.

Click Network and Internet > Change Adapter Settings.

Right-click on the Wi-Fi network you are connected to and click Properties.

Select Internet Protocol Version 6.

Click Properties > Use The Following DNS Server Addresses and add:

2606:4700:4700::1113
2606:4700:4700::1003

Click OK.

Using Command Prompt to apply DNS setting

For Windows Vista and higher (requires Admin rights).

To join multiple commands in Command Prompt use two ‘&’ signs – &&

netsh int ipv4 set dns name="Wi-Fi" static 1.1.1.3 primary validate=no
netsh int ipv4 add dns name="Wi-Fi" 1.0.0.3 index=2 validate=no

netsh int ipv6 set dns name="Wi-Fi" static 2606:4700:4700::1113 primary validate=no
netsh int ipv6 add dns name="Wi-Fi" 2606:4700:4700::1003 index=2 validate=no

Using PowerShell to apply DNS setting – both IPv4 & IPv6

Set-DNSClientServerAddress "Wi-Fi" –ServerAddresses ("1.1.1.3","1.0.0.3","2606:4700:4700::1113","2606:4700:4700::1003")

Microsoft Office LTSC Pro Plus 2021 sample student installation xml

The configuration file is suitable for organisations with an internal KMS server. Importation of the Office LTSC Professional Plus 2021 KMS key would be required.

This configuration excludes OneNote, Skype for Business & Onedrive for Business.

The Generic Volume License Key (GVLK) used is only for Office LTSC Professional Plus 2021.

Some configuration settings included don’t apply to Office LTSC 2021, such as SharedComputerLicensing and SCLCacheOverride.

The only issue I experienced with this configuration was the language ID. The installation failed when trying to use en-gb, this was the same issue as Office 2019.

<Configuration>
<Add OfficeClientEdition="64" Channel="PerpetualVL2021">
<Product ID="ProPlus2021Volume" PIDKEY="FXYTK-NJJ8C-GB6DW-3DYQT-6F7TH">
<Language ID="MatchOS" Fallback="en-us" />
<ExcludeApp ID="Groove"/>
<ExcludeApp ID="Lync"/>
<ExcludeApp ID="OneDrive"/>
<ExcludeApp ID="OneNote"/>
<ExcludeApp ID="Teams"/>
</Product>
</Add>
<Property Name="SharedComputerLicensing" Value="0" />
<Property Name="FORCEAPPSHUTDOWN" Value="FALSE" />
<Property Name="DeviceBasedLicensing" Value="0" />
<Property Name="SCLCacheOverride" Value="0" />
<Property Name="AUTOACTIVATE" Value="1" />
<Updates Enabled="TRUE" />
<RemoveMSI />
<Remove All="TRUE" />
<AppSettings>
<Setup Name="Company" Value="My School or Business Name" />
</AppSettings>
<Display Level="None" AcceptEULA="TRUE" />
</Configuration>

Schedule automatic client shutdown with Group Policy

To schedule automatic client shutdown create a new group policy or edit an existing group policy

Start editing the policy and navigate to: Computer Configuration > Preferences > Control Panel Settings >Scheduled Task

Right click on ‘Scheduled Tasks’ and select ‘New’ > ‘Scheduled Task (At least Windows 7)’

New Scheduled Task

On the General tab give the task a name. Use the account ‘NT AUTHORITY\System’ to run the task, and run the task whether the user is logged on or not.

Edit General tab

On the Triggers tab create a new trigger setting required frequency and times.

Edit new trigger

On the Actions tab create a new action. Browse to the shutdown.exe and add the arguments /f /s /t 60

Action to be carried out by scheduled task

Add conditions if you want to avoid shutting down a computer while it’s still in use by a user.

Disable Airplane Mode / WiFi Keyboard Button on Laptops using Group Policy

To disable Airplane Mode first create a new group policy or edit an existing group policy.

Start editing the policy and navigate to: Computer Configuration > Policies > Windows Settings > Security Settings > System Services

Open the ‘Radio Management Service’ properties, tick ‘Define this policy’ and select ‘Disabled’ from the select service startup mode.

Disable Radio Management Service

Office 2019 sample student installation xml

Contents for a xml file suitable for a student Office 2019 installation using KMS key.

Excludes OneNote, Skype for Business & Onedrive for Business from installation.

As a note en-gb isn’t an option for the installation. The only English version allowed is en-us.

<Configuration>
<Info Description="Office Professional Plus 2019 (64-bit)" />
<Add OfficeClientEdition="64" Channel="PerpetualVL2019">
<Product ID="ProPlus2019Volume" PIDKEY="NMMKJ-6RK4F-KMJVX-8D9MJ-6MWKP">
<Language ID="en-us" />
<ExcludeApp ID="Groove"/>
<ExcludeApp ID="Lync"/>
<ExcludeApp ID="OneDrive"/>
<ExcludeApp ID="OneNote"/>
</Product>
</Add>
<RemoveMSI />
<Display Level="None" AcceptEULA="TRUE" />
<Property Name="AUTOACTIVATE" Value="1" />
</Configuration>