Removing Bloatware from Windows 10 & 11 via script

One complaint I often hear about using straight OOBE autopilot is around the bloatware, either manufacturer installed (McAfee trials anyone?) or the Microsoft stuff, after all, who needs Xbox Gaming bar on an enterprise machine?

One option is to take the machine and drop on a fresh ISO, add the autopilot hash (or inject the JSON) and then remove the Microsoft apps via Store for Business and uninstall assignments. This of course works well, but it’s effort and also means you can’t ship straight from the manufacturer unless you also send a USB stick with something like the excellent OSD Cloud from David Segura (which I would strongly recommend for “it’s dead, Jim,” rebuilds.

I, personally, prefer to embrace the future and go all out Autopilot, ship straight to your users and let Intune sort the rest which obviously pushes me down the scripting route. There are plenty of scripts out there, but none quite ticked all of the boxes, I wanted something that would remove all MS apps without me having to mess with the store, manufacturer bloat and anything else which might have crept on.

I then saw this post from Ben Whitmore and decided I wanted it to be self-updating too.

So, here is my BloatWare removal script:

https://github.com/andrew-s-taylor/public/tree/main/De-Bloat

In this folder you will find the script to remove the bloat, the script to deploy it and also a script if you want to deploy as an application (as well as the IntuneWin file)

De-Bloat Script

Let’s start with the script itself, it will:

  • Remove AppX Packages (listed)
  • Remove associated reg keys
  • Disable Windows Feedback
  • Removes Cortana from Search
  • Removes Web Results from search
  • Disables Wi-Fi Sense
  • Disables Live Tiles
  • Removes unwanted scheduled tasks (Xbox Live etc.)
  • Removes Windows 11 specific apps (Teams Chat for example)
  • Clears start menu
  • Disables the hidden surfing game in Edge
  • Removes Dell, HP and Lenovo specific bloat (by detecting manufacturer and deploying appropriately)
  • Removes McAfee (if detected)
  • Removes any Win32 apps which aren’t Intune, Windows Update or MS Edge
  • Removes Chrome

I know some of you may be looking at the last two options and worrying about the current estate if you deploy site-wide, but I have you covered. The Win32 app removal part will only run if NO apps have been deployed via Intune. If it detects any installations, it will just skip that bit.

The full script will report back to a log file here:

C:\ProgramData\Debloat\Debloat.log

Intune Script Deployment

My suggestion is to deploy as a device script in Intune, that way it will run prior to any apps installing and you will have the full experience. This is where the secondary script comes in. This will grab the latest copy of the de-bloat script, copy it to the machine and run locally. It’s quicker and means you can always be sure devices are running the latest version without constantly replacing scripts:

NOTE: Run in the 64-bit context

$DebloatFolder = "C:\ProgramData\Debloat"
If (Test-Path $DebloatFolder) {
    Write-Output "$DebloatFolder exists. Skipping."
}
Else {
    Write-Output "The folder '$DebloatFolder' doesn't exist. This folder will be used for storing logs created after the script runs. Creating now."
    Start-Sleep 1
    New-Item -Path "$DebloatFolder" -ItemType Directory
    Write-Output "The folder $DebloatFolder was successfully created."
}

$templateFilePath = "C:\ProgramData\Debloat\removebloat.ps1"

Invoke-WebRequest `
-Uri "https://raw.githubusercontent.com/andrew-s-taylor/public/main/De-Bloat/RemoveBloat.ps1" `
-OutFile $templateFilePath `
-UseBasicParsing `
-Headers @{"Cache-Control"="no-cache"}

invoke-expression -Command $templateFilePath

Intune Application Deployment

If you would prefer to deploy as an application, you can either grab the Intunewin file and use the following commands:

Install:

powershell -executionpolicy bypass -file debloat-intune-script.ps1

Uninstall (obviously not an option, so a dead command)

cmd.exe /c

Detection:

C:\ProgramData\Debloat\Debloat.log

OR

If you want to be extra lazy, run this script:

Deploy-DeBloat-Application.ps1

Which will download the file and setup the application for you

Happy de-bloating!

Posted in Intune