My Profile Photo

An IT Engineer with a love for all things IT including (but not limited to), Microsoft Azure, Automation and Service Management!

Using PowerShell and Configuration Manager to remove unused App-V packages automatically

I had an issue with unused/old App-V packages getting left in the App-V package store, the Help Desk would RDP onto a workstation, causing their Applications to download. This was causing issues with Reporting and overall cleanliness of the environment.

Using Configuration Manager and PowerShell I was able to create a Configuration Baseline for cleaning up the App-V client cache of unused packages from workstations.

The script/baseline follows the logic diagrammed below:

How to create and deploy the Configuration Baseline?

To create a Configuration Baseline which is deployed to a Collection, we first need to create a Configuration Item – to do this follow the guide below:

Open Configuration Manager

Navigate to the Assets and Compliance work-space

Click on Compliance Settings

Right click on Configuration Items and select Create Configuration Item

Select a name for your Configuration Item such as: App-V Clean-up and fill out the rest of the details and click Next

App-V Cleanup

Select the Operating Systems that will support this Configuration Item, depending on your environment it may be cleaner to make sure that it only works on certain Windows Desktop operating systems – in my case I will be controlling everything through the deployment Collection and may extend to Windows Servers in a VDI environment in the future so I will be leaving the defaults and click Next

“Specify Settings for this Operating System” is where you set the grunt work for the Configuration Item. Select New..

Give the Item a name such as: Remove App-V Packages, for the Setting Type change it to Script and then change the Data type to: String.

For the Discovery Script – select Add Script..

Change the Script Language to Windows PowerShell and copy in the Discovery Script from below.

Once, completed click Ok

Now we need to do the same for Remediation Script which will be the script that will be doing the clean-up, click on Add Script… And change the Script Language to Windows PowerShell, then copy the Remediation Script from below into it.

Once, completed click Ok and then select the Compliance Rules tab

This is where we set the Configuration Item compliance rule so the item knows when something is marked as Non-Compliant and how Configuration Manager will deal with it. Click on New…

Because we specified String earlier, and the PowerShell discovery script is outputting Compliant, Non-Compliant we will be using the following logic:

If the value returned by the specified script: Equals, Compliant then run the remediation script if Compliant is not found. Fill in the details like the screen capture below and click Ok

Configuration Baseline

Note: Just because these are set, does not mean when you deploy it – it will remediate, as part of the deployment you can set it to Monitor or Remediate (in other words, mark as Compliant or Non-Compliant without doing anything or actually remediate it), we are just setting the base up so the Configuration Item knows how to handle both.

Verify the information is correct and click Ok then Next and Next again to finish creating your Configuration Item.

Once the Configuration Baseline is completed navigate to Configuration Baselines

Right click Configuration Baseline and select Create Configuration Baseline

Give your Configuration Baseline a name, for example: Remove App-V Client Package

Under Configuration Data, select Add and click on Configuration Item and add the App-V package clean-up Configuration Item you created earlier and select Ok to create your Configuration Baseline.

Now that your Configuration Item and Configuration Baseline has been created, you can now Deploy it to a collection by right clicking the Configuration Baseline and select Deploy

This is where you can specify to just monitor or remediate. I recommend selecting a small group of computers first for Testing and monitoring to verify that Configuration Manager isn’t getting any errors back and it appears to be working. Once you are ready you can go back into the Deployments tab at the bottom of the Configuration Baseline and change the properties to Remediate NonCompliant Rules when Supported and click Ok

Configuration Baseline

You have now successfully created a Configuration Item with a Discovery and Remediation script for cleaning up App-V packages, it may need to be tweaked for your environment and just change the number from 30 to something like 60 or 90 if that better matches your environment in both the Discovery and Remediation script.

If you get errors about PowerShell signing, you will have to create a Custom Client under Administration, Client Settings, Computer Agent setting which sets the PowerShell execution policy to Bypass for your computers

PowerShell execution policy

Note: This setting does not set the global scope for PowerShell to Unrestricted/Bypass it is only controlling the execution policy of PowerShell scripts delivered through Configuration Manager, whether it is a PowerShell package or Baseline.

comments powered by Disqus