Peter Hinchley

Learning in Public

✪ Remove Contact Support and Windows Feedback Packages from Windows 10

There are a few "modern-UI" applications in Windows 10 that have no place in the enterprise. For example, Contact Support and Windows Feedback. Unfortunately, these pesky apps are considered to be "part of the operating system", and cannot be removed using tools like Remove-AppxProvisionedPackage. Fear not; there is another way.

The following PowerShell script wraps some .NET code to take ownership of the Contact Support and Windows Feedback package keys in the registry. It then uses the now deprecated, but still functional pkgmgr.exe to permanently remove the applications.

The script can be easily modified to purge other packages - just swap out the identifiers at the end of the script with the relevant package names from the component based servicing section of the registry.

function Enable-Privilege {
  param($Privilege)
  $Definition = @'
using System;
using System.Runtime.InteropServices;
public class AdjPriv {
  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
  internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
    ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele);
  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
  internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
  [DllImport("advapi32.dll", SetLastError = true)]
  internal static extern bool LookupPrivilegeValue(string host, string name,
    ref long pluid);
  [StructLayout(LayoutKind.Sequential, Pack = 1)]
  internal struct TokPriv1Luid {
    public int Count;
    public long Luid;
    public int Attr;
  }
  internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
  internal const int TOKEN_QUERY = 0x00000008;
  internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
  public static bool EnablePrivilege(long processHandle, string privilege) {
    bool retVal;
    TokPriv1Luid tp;
    IntPtr hproc = new IntPtr(processHandle);
    IntPtr htok = IntPtr.Zero;
    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
      ref htok);
    tp.Count = 1;
    tp.Luid = 0;
    tp.Attr = SE_PRIVILEGE_ENABLED;
    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero,
      IntPtr.Zero);
    return retVal;
  }
}
'@
  $ProcessHandle = (Get-Process -id $pid).Handle
  $type = Add-Type $definition -PassThru
  $type[0]::EnablePrivilege($processHandle, $Privilege)
}

function Take-Over($path) {
  $owner = [Security.Principal.NTAccount]'Administrators'

  $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($path, 'ReadWriteSubTree', 'TakeOwnership')
  $acl = $key.GetAccessControl()
  $acl.SetOwner($owner)
  $key.SetAccessControl($acl)

  $acl = $key.getaccesscontrol()
  $rule = New-Object System.Security.AccessControl.RegistryAccessRule "Administrators", "FullControl", "ContainerInherit", "None", "Allow"
  $acl.SetAccessRule($rule)
  $key.SetAccessControl($acl)
}

do {} until (Enable-Privilege SeTakeOwnershipPrivilege)

function Remove-Package($name) {
  $key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\$name"
  Take-Over $key
  Remove-Item -Path HKLM:"$key\Owners" -Force -Recurse
  & C:\Windows\System32\PkgMgr.exe /up:$name /norestart /quiet
}

# Remove Contact Support.
Remove-Package "Microsoft-Windows-ContactSupport-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384"
Remove-Package "Microsoft-Windows-ContactSupport-Package~31bf3856ad364e35~amd64~~10.0.10240.16384"

# Remove Windows Feedback.
Remove-Package "Microsoft-WindowsFeedback-Package~31bf3856ad364e35~amd64~en-US~10.0.10240.16384"
Remove-Package "Microsoft-WindowsFeedback-Package~31bf3856ad364e35~amd64~~10.0.10240.16384"