Removing Components

Removing Components

Whereas the previous section showed you how to prevent Windows from configuring components when it creates a user profile, this section shows you how to prevent Windows from installing certain components altogether. Be careful when you prevent the operating system from installing components, though, because doing so could cripple some features and applications. For example, Office 2003 Editions requires Internet Explorer, Outlook Express, and NetMeeting for a lot of its features, particularly its collaboration features. The moral is to test your configurations in a lab before deploying them to unsuspecting users.

The Windows setup program doesn't provide a user interface for removing components during installation. You can use an answer file to remove components, however; Chapter 14, “Deploying with Answer Files,” shows you what the [Components] section looks like in an answer file, and I summarize that information in this chapter. The operating system does allow users to add or remove components using the Windows Components Wizard, though: in Control Panel launch Add Or Remove Programs, Add/Remove Windows Components. Still, the wizard and answer files do not allow you to remove and disable some of the features that enterprises would rather not install. There's no option to remove Windows Movie Maker, for example, nor is there an option to remove Windows Messenger.

This section shows you some alternative ways to get rid of components, if possible, or to hide them. The most common requests that I get are to remove the Tour Windows, Movie Maker, Outlook Express, and Files And Settings Transfer Wizard components. Interestingly, I'm not often asked about removing the games, but you can do that easily enough through your Windows answer file.

Answer File [Components] Section

Chapter 14, “Deploying with Answer Files,” describes how to build an answer file. If you're an IT professional deploying Windows, you're probably already familiar with answer files. The [Components] section of answer files enables you to prevent the operating system from installing certain components. Table 18-2 describes all the components that Windows answer files support. The names of each component are self-explanatory. To install a component, set it to On. To prevent its installation, set it to Off. In the listing, I've set each component to its default installation value.

Microsoft doesn't document a way to prevent the setup program from installing Windows Messenger–a common request. I've added the component msmsgs to Table 18-2, however, which prevents the setup program from installing it. The file Sysoc.inf, which you learn about in the next section, hides this component in the Windows Components Wizard. You can edit that file to show Windows Messenger in the wizard, but doing so relies on users to remove Windows Messenger. Instead, you can add the component to the [Components] section of your answer file to prevent the setup program from installing it.

This is a great technique for preventing the operating system from installing things such as the games, but it doesn't prevent the installation of components such as Movie Maker, because the [Components] section doesn't include settings for those components. You can use it to prevent the installation of Windows Media Player and Windows Messenger, though, which strikes two components off of my checklist.

Extending Windows Components Wizard

Just because you don't see a component in the Windows Components Wizard doesn't mean that Windows isn't prepared to remove it. The file Sysoc.inf controls which components appear in the wizard. This file is in %SystemRoot%\Inf, and Listing 18-2 shows its default contents. You must display super-hidden files to see the Inf folder: in Windows Explorer, click Tools, Folder Options. On the View tab, select the Show Hidden Files And Folders check box.

In Listing 18-2, the important section in this file is [Components]. Each line in this section is either a specific component or a category of components. If you see the word hide, Windows doesn't display the component or category in the Windows Components Wizard. To allow users to remove the component, or the components in the category, remove the word hide. For example, to allow users to remove Windows Messenger, change the line msmsgs=msgrocm.dll,OcEntry,msmsgs.inf, hide,7 to msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,,7.

Listing 18-2 Sysoc.inf

 [Version]  Signature = "$Windows NT$"  DriverVer=07/01/2001,5.1.2600.2180    [Components]  NtComponents=ntoc.dll,NtOcSetupProc,,4  WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7  Display=desk.cpl,DisplayOcSetupProc,,7  Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7  NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7  iis=iis.dll,OcEntry,iis.inf,,7  com=comsetup.dll,OcEntry,comnt5.inf,hide,7  dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7  IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7  TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2  msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6  ims=imsinsnt.dll,OcEntry,ims.inf,,7  fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7      msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7  WMAccess=ocgen.dll,OcEntry,wmaccess.inf,,7  RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7  IEAccess=ocgen.dll,OcEntry,ieaccess.inf,,7  OEAccess=ocgen.dll,OcEntry,oeaccess.inf,,7  WMPOCM=ocgen.dll,OcEntry,wmpocm.inf,,7  Games=ocgen.dll,OcEntry,games.inf,,7  AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7  CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7  MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7  AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7  Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7  MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7  ZoneGames=zoneoc.dll,ZoneSetupProc,igames.inf,,7  TabletPC=tabletoc.dll,TabletSetupProc,Tabletpc.inf,HIDE,7  Freestyle=medctroc.dll,MedCtrOCISetupProc,medctroc.inf,HIDE,7  netfx=netfxocm.dll,UrtOcmProc,netfxocm.inf,hide,7    [Global]  WindowTitle=%WindowTitle%  WindowTitle.StandAlone="*"    [Components]  msnexplr=ocmsn.dll,OcEntry,msnmsn.inf,,7    [Strings]  WindowTitle="Windows Professional Setup"  WindowTitle_Standalone="Windows Components Wizard"Removing Components After Installation

The first option that I gave you enables you to prevent the Windows setup program from installing components during installation. The second option enables you to expose additional components in the Windows Components Wizard. This last option is for scenarios in which you want to remove a component without exposing it in the Windows Components Wizard. This option is also useful when you want to script the removal so that you don't have to visit the desktop.

The first step is to find the component's INF file in %SystemRoot%\Inf. Remember that this is a super-hidden folder, and I gave you instructions for showing it earlier in this chapter. The easiest way to find the component's INF file is to use Search Assistant. Look for all files with the .inf extension that contain the name of the component. For example, to find the INF file for Windows Messenger, search for all files with the .inf extension in %SystemRoot%\Inf that contain Windows Messenger. You should come up with the file Msmsgs.inf as shown in Figure 18-3. Then look in the file for a section with the words remove or uninstall in it. In this case, the section is named [BLC.Remove]. Then execute the following command, whether in a script or in the Run dialog box, where Filename.inf is the name of the INF file and Section is the name of the uninstall section:

rundll32 advpack.dll,LaunchINFSection %systemroot%\Inf\Filename.inf,Section

Thus, to remove Windows Messenger, run the command:

rundll32 advpack.dll,LaunchINFSection %systemroot%\Inf\Msmsgs.inf,BLC.Remove.

Alas, many components don't have uninstall sections in their INF files, and that leaves you looking for other ways to remove them. You can use this method for many device drivers, programs, and components that do provide INF files, however.

Figure 18-3 Search the %SystemRoot%\Inf folder for all files with the .inf extension that contain the name of the component you want to remove.

Hiding Non-Removable Components

None of the methods I've shown will help you get rid of certain components, including Tour Windows XP, Movie Maker, Outlook Express, and the Files And Settings Transfer Wizard, which is what started me on this rampage in the first place. To prevent users from accessing these applications, you're going to have to get creative. Tour Windows XP is easy to hide, if not get rid of altogether. Create a new subkey in HKLM\Software\Microsoft\Windows\CurrentVersion\Applets\Tour named Tour. Then create the REG_DWORD value RunCount and set it to 0x00. Do this on your disk images so that users aren't accosted by Tour Windows XP the first time they log on to the operating system; they can run the tour from the Start menu.

The remaining bits aren't as easy. You can't just remove the program files because Windows File Protection (WFP) immediately restores them. You could disable Windows File Protection, but I don't recommend doing so because it protects users' configurations from accidents and misbehaved applications that like to replace files that they have no business replacing. Instead, on your disk images, hide the shortcuts, and use Software Restriction Policies to prevent users from running the programs by opening the program files:

1. Prevent Windows from creating new shortcuts by removing the appropriate StubPath values from HKLM\SOFTWARE\Microsoft\ActiveSetup\Installed Components. See the section “Controlling Just-in-Time Setup,” earlier in this chapter, for more information.

2. Hide existing shortcuts to the program (do this on your disk images):

   • Search %SystemDrive%\Documents and Settings\All Users for shortcuts to the program, and remove them.

   • Search %SystemDrive%\Documents and Settings\Default User for shortcuts to the program, and remove them.

   • Search the Default User folder in \\Server\NETLOGON\Default User share for the program's shortcuts, and remove them.

3. Create a new Group Policy object (GPO) in Active Directory or locally on your disk images that prevents users from running the program.

That last step requires more explanation. Chapter 7, “Using Registry-Based Policy,” contains more information about Group Policy, but I'll get you started. The following instructions assume that you're defining Software Restriction Policies in the local GPO, but the steps transfer to network-based Group Policy:

1. In Group Policy Editor's left pane, click Software Restriction Policies.

   To start Group Policy Editor, type gpedit.msc in the Run dialog box. Software Restriction Policies is under Computer Configuration\Windows Settings\Security Settings.

2. Right-click Software Restriction Policies, and then click Create New Policies.

3. Under Software Restrictions Policies, right-click Additional Rules, and then click New Hash Rule.

4. Click Browse, and select the file that you want to prevent users from executing. For example to prevent users from running the Files And Settings Migration Wizard, select %SystemRoot%\system32\usmt\migwiz.exe.

After you select the file that you want to prevent users from running, Group Policy Editor creates a hash for the file. Figure 18-4 shows an example that prevents users from running Files And Settings Transfer Wizard. Users won't be able to run any program that matches that hash value. That way, users can't trick the system by copying the file to a different location (because some users can be clever). After you save the policy, you must log off of Windows for the change to take effect. When users try to run the program, they see an error message that reads, Windows cannot open this program because it has been prevented by a software restriction policy. So between hiding the advertisements and preventing the program file from executing, you can prevent programs such as Movie Maker and the Files And Settings Transfer Wizard from being run.

Figure 18-4 Without a Files And Settings Transfer Wizard shortcut on the Start menu, users will not usually try to run the wizard. Those who do will see an error message.