Hi everyone,

I have a unique case where I need some help to. I have a group of  on site engineers (domain users but have local administrators rights) who are using laptops. They are required to install software occasionally when they travel, therefore I need a way using group policy to remove all these software not installed by group policy. I understand that one way to do it is to remove the registry of all software not installed by group policy so that it cannot be used. I only want the software(s) to be removed when they connect to the company network.

1) run group policy when connected to company network everytime

2) the above group policy will delete software not installed by group policy (by deleting the registry key of the software)

3)basic hardware drivers installed on the laptop should not be affected

4)software installed by group policy should not be affected

5)Is it possible to use WMIC as well?

> I need a way using group policy to remove all these software not > installed by group policy   You cannot. Or do you have a comprehensive list of all registry and file system changes your GPO software imposes? How would you identify a given directory eg in %Program Files%\Common Files as belonging to GPO soft or manual install?  

Hi John,

I agree with Martin. Group Policy can't help us do this.

Best regards,

Frank Shen

If thats the case

Can anyone show me a basic logon script that I can edit with just MS word or notepad ? I will be taking a risk by modifying the registry in this case. For instance, HKEY_CURRENT_USER\Software, I want to preserve 7zip, adobe reader, java and dell registry keys and delete the rest of the keys.

I know its not the full list of what I want to preserve, but I just need a starting point

I am using a test environment so it should be ok

• Edited by johnlee87 4 minutes ago edit

> this case. For instance, HKEY_CURRENT_USER\Software, I want to preserve > 7zip, adobe reader, java and dell registry keys and delete the rest of   If you start deleting registry values, you only will render the software partially unusable - you will neither remove it nor make it inaccessible.   I still fail to fully understand your requirement - you give admin rights to your users to install software, so you are out of control of your computers anyway :)  

If thats the case

Can anyone show me a basic logon script that I can edit with just MS word or notepad ? I will be taking a risk by modifying the registry in this case. For instance, HKEY_CURRENT_USER\Software, I want to preserve 7zip, adobe reader, java and dell registry keys and delete the rest of the keys.

I know its not the full list of what I want to preserve, but I just need a starting point

I am using a test environment so it should be ok

• Edited by johnlee87 Thursday, July 23, 2015 6:55 AM edit

For one, every company works differently in terms of rules and policies because different humans make them based on individual company needs. I can't control that or things I am asked to do, so I am doing my best to try to solve this.

Now based on what I this registry area, HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall. I would be able to run some sort of msiexec.exe /x {utorrent.msi guid number} or C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe as a base to start out

The script I am looking for will search the registry at the location above, compare it to a whitelist of programs that will be safe from being uninstalled (7zip, java,intel wireless, etc) and uninstall the rest . Thats a start I guess

• Edited by johnlee87 3 hours 53 minutes ago