2
Say I have a file on my system that was put there by a Windows Installer, but I'm not sure which one (in this case it was one of the many sub installers of Microsoft SQL Server).
Is there anything I can query that will tie back that file to the installer so I can uninstall it?
Justin Dearing
Posted 2017-05-27T01:40:36.827
Reputation: 2 704
0
I don't think you can trace each and every individual file to the MSI installer. However, what you can do is trace an Install Location, if it's populated by the MSI in this registry key
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\]
Here is a script which can help you with that.
#Get MOF File Method
$mof = @'
#PRAGMA AUTORECOVER
[dynamic, provider("RegProv"),
ProviderClsid("{fe9af5c0-d3b6-11ce-a5b6-00aa00680c3f}"),ClassContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall")]
class InstalledProducts {
[key] string KeyName;
[read, propertycontext("DisplayName")] string DisplayName;
[read, propertycontext("DisplayVersion")] string DisplayVersion;
[read, propertycontext("InstallDate")] string InstallDate;
[read, propertycontext("InstallLocation")] string InstallLocation;
[read, propertycontext("InstallSource")] string InstallSource;
[read, propertycontext("Publisher")] string Publisher;
[read, propertycontext("EstimatedSize")] string EstimatedSize;
[read, propertycontext("UninstallString")] string UninstallString;
[read, propertycontext("WindowsInstaller")] string WindowsInstaller;
};
[dynamic, provider("RegProv"),
ProviderClsid("{fe9af5c0-d3b6-11ce-a5b6-00aa00680c3f}"),ClassContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432node\\Microsoft\\Windows\\CurrentVersion\\Uninstall")]
class InstalledProducts32 {
[key] string KeyName;
[read, propertycontext("DisplayName")] string DisplayName;
[read, propertycontext("DisplayVersion")] string DisplayVersion;
[read, propertycontext("InstallDate")] string InstallDate;
[read, propertycontext("InstallLocation")] string InstallLocation;
[read, propertycontext("InstallSource")] string InstallSource;
[read, propertycontext("Publisher")] string Publisher;
[read, propertycontext("EstimatedSize")] string EstimatedSize;
[read, propertycontext("UninstallString")] string UninstallString;
[read, propertycontext("WindowsInstaller")] string WindowsInstaller;
};
'@
$mof | Out-file -encoding ascii $env:TMP\InstalledProductsMof.txt -Force
mofcomp.exe $env:TMP\InstalledProductsMof.txt
Get-WmiObject -Namespace root\default -class InstalledProducts | Select DisplayName,DisplayVersion,InstallDate,InstallLocation, InstallSource,Publisher,EstimatedSize,UninstallString,WindowsInstaller
# CLEAN-UP: Remove the WMI Classes you just created
Remove-WmiObject -Namespace root\default -class InstalledProducts
Remove-WmiObject -Namespace root\default -class InstalledProducts32
Sunny Chakraborty
Posted 2017-05-27T01:40:36.827
Reputation: 101
No; There isn't. You can tell by which directory it's in though and run the uninstaller in that folder. – Ramhound – 2017-05-27T01:47:20.503
2It's definitely possible to query an MSI to find the files and folders it registers, but I'm not sure if you need special tools for that. – RJHunter – 2017-05-27T05:54:43.077
Compare the date of the file was created and installation of any app (appwiz.cpl). – Biswapriyo – 2017-05-27T16:25:01.817