How to uninstall and remove Adobe Flash Player in Windows Server

Ever wondered why Windows Server Update Services (WSUS) offers Flash updates for Windows Server? Adobe Flash Player is installed on Windows Server 2016 / 2019 if you have the Remote Desktop Session Host (RDSH) role installed. Yikes! I can imagine you want to delete Adobe Flash Player without deleting the RDSH role, and here is how.

You can easily uninstall and remove Adobe Flash Player from Windows Server using Deployment Image Servicing and Management (DISM):

DISM /Online /Remove-Package /PackagePath:"C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.14393.0.mum"Code language: PowerShell (powershell)

If you want to, or have to, install Adobe Flash Player on Windows Server 2016 again, use:

DISM /Online /Add-Package /PackagePath:"C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.14393.0.mum"Code language: PowerShell (powershell)

If you happen to still be on Windows Server 2012R2, you can use the following command to remove Flash Player:

DISM /Online /Remove-Package /PackagePath:"C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.mum"Code language: PowerShell (powershell)

And for Windows Server 2019:

DISM /Online /Remove-Package /PackagePath:"C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.17763.1.mum"Code language: PowerShell (powershell)

Basically the only difference is the build and version number.

If you then want to completely remove Internet Explorer (IE) from Windows Server, use the next command:

DISM /Online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64
# use `DISM /Online /Get-Features` to list all enabled featuresCode language: PowerShell (powershell)

Or you can use Disable-WindowsOptionalFeature to uninstall Internet Explorer using PowerShell:

Disable-WindowsOptionalFeature -FeatureName Internet-Explorer-Optional-amd64 –OnlineCode language: PowerShell (powershell)

As John Storbeck posted in the comments, there is a KB to remove Adobe Flash now: KB4577586.

Jan Reilink

Hi, my name is Jan. I am not a hacker, coder, developer or guru. I am merely an application manager / systems administrator, doing my daily thing at Embrace - The Human Cloud. In the past I worked for clidn and Vevida. With over 20 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization. I blog at

Oldest Most Voted
Inline Feedbacks
View all comments
14/01/2021 18:40

This failed on 2019 for me. Also the Attrib also failed.

John Storbeck
31/12/2020 17:58
Yancey Landrum
04/04/2020 00:37

The only issue I had was that the DISM command (at least on 2016) still left the four ActiveX files under c:\windows\system32\macromed\flash intact, three of which were still triggering our Nessus scanner as critical vulnerabilities. Those files were quite persistent; even changing permissions and ownership to Everyone did not allow them to be deleted, but did result in the fun message, “You require permission from Everyone to make changes to this file.”

Turns out that all four files had the system attribute set, so in an elevated command prompt, navigated to the folder and ran “attrib *.* -s -h -r” which removed the system attribute. With the system attribute gone, I was then able to delete the files and clear the vulnerability from Nessus.

I didn’t think about this until I’d already cleared the files, but in the “olden days” you had to specify all three “special” attributes in the command (system, hidden, and read-only) in order to add/remove any of them, so that’s why I did it that way. I do not know if that is still the case so ymmv.