Uninstall Specific App by Name

What the application uninstall Worklet does

This Automox Worklet™ removes Windows applications by scanning registry uninstall keys for matching display names and executing the associated uninstall commands. The Worklet searches three registry locations: the 64-bit hive (HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall), the 32-bit hive, and per-user installation keys (HKEY_USERS).

The Worklet automatically detects whether an application was installed via Windows Installer (MSI) or an EXE-based installer. For MSI installations, the Worklet uses standard msiexec.exe commands with silent switches (/qn /norestart). For EXE-based installations, the Worklet attempts to extract uninstall switches from the registry UninstallString value, or falls back to administrator-defined switches if none are found.

User-context installations are handled through a scheduled task that the Worklet creates, executes, and removes automatically. This approach bypasses permission limitations when uninstalling applications that individual users installed without administrative privileges.

Why remove applications through registry-based uninstall

IT operations teams frequently need to remove unauthorized software, outdated applications, or security risks without knowing the technical details of each installation. Manual uninstallation requires identifying whether an application is 32-bit or 64-bit, determining the installer type, and locating vendor-specific uninstall commands.

Organizations benefit from centralized application removal when enforcing software policies, addressing licensing compliance, or responding to security vulnerabilities. Applications that consume excessive system resources or create performance bottlenecks can be removed at scale without requiring helpdesk tickets or manual endpoint access.

Storage optimization and endpoint hygiene improve when you remove accumulations of trial software, abandoned applications, or multiple versions of the same program. Security posture strengthens when you eliminate applications with known vulnerabilities or malware risks before they can be exploited.

How registry-based application removal works

1. Evaluation phase: The Worklet searches HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall registry keys in both 64-bit and 32-bit hives for applications with DisplayName values matching the specified name. The Worklet also scans HKEY_USERS registry hives to detect user-context installations. If any matching applications are found, the Worklet exits with code 1 to flag the endpoint for remediation. The Worklet filters out system components by checking the SystemComponent registry value.

2. Remediation phase: The Worklet reads each application's UninstallString registry value to determine the uninstall method. For MSI-based installations, the Worklet executes msiexec.exe /x {GUID} /qn /norestart with logging to %windir%\temp\UninstallApp-[32|64|Usr].log. For EXE-based installations, the Worklet parses the UninstallString to extract the executable path and command switches. If switches cannot be determined from the registry, the Worklet uses the administrator-defined $uninstallSwitchEXE parameter. For user-context installations, the Worklet creates a scheduled task with the uninstall command, waits for completion, then removes the task automatically.

Application removal requirements

• Windows 7 or later (workstations and servers supported)

• PowerShell 2.0 or later

• Administrative privileges on target endpoints

• Configure $appName variable with the application display name (exact or partial match) as it appears in Add/Remove Programs, Programs and Features, or Apps and Features

• Optional: Configure $uninstallSwitchEXE with silent uninstall switches for EXE-based installers when registry UninstallString does not contain switches (e.g., '/uninstall /quiet' for Python, '/S' for NSIS installers)

• Application display name must be unique enough to prevent unintentional removal of similarly named software

• Test on non-production endpoints before deploying to verify uninstall behavior

• Note: Software suites with shared registry entries (such as Microsoft 365 Apps) are not supported by this Worklet - consult vendor documentation for suite-specific uninstall procedures

Expected application removal outcome

After remediation completes successfully, the specified application no longer appears in Add/Remove Programs, Programs and Features, or Apps and Features on the endpoint. The Worklet removes all instances of the matching application, including multiple versions and user-specific installations.

The Automox Activity Log displays the number of installations removed and reports exit code 0 for success. Uninstall logs are written to %windir%\temp\ with filenames UninstallApp-64.log, UninstallApp-32.log, or UninstallApp-Usr.log depending on the installation context. You can verify successful removal by checking that registry uninstall keys no longer exist for the target application, and that program files and application data folders have been removed according to the application's uninstaller behavior.

How to validate uninstall specific app by name changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for uninstall specific app by name.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Get-ChildItem, Get-ItemProperty, Where-Object.

4. Validate remediation effects from script operations such as Start-Process, Get-ChildItem, Get-ItemProperty, then rerun evaluation for compliance.