Today I was working on reducing our vulnerability attack surface, and needed to remove Adobe Reader from our servers. It appears that it was installed as part of a VM image, but never maintained afterwards.

Long story short, rather than mess around with ConfigMgr baselines or Applications, I decided to go the direct route. To top it off, PowerShell remoting’s currently playing up. I ended up using WMI via the method that I outlined in my previous post.

Given an array of server names in $servers:

$servers | %{Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList 'MsiExec.exe /x "{AC76BA86-7AD7-1033-7B44-AA1000000001}" /norestart /qn' -ComputerName $_}