Ever wondered why Windows Server Update Services (WSUS) offers Flash updates for Windows Server? Adobe Flash Player is installed on Windows Server 2016 / 2019 if you have the Remote Desktop Session Host (RDSH) role installed. Yikes! I can imagine you want to delete Adobe Flash Player without deleting the RDSH role, and here is how.
You can easily uninstall and remove Adobe Flash Player from Windows Server using Deployment Image Servicing and Management (DISM):
DISM /Online /Remove-Package /PackagePath:"C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.14393.0.mum"
Code language: PowerShell (powershell)
If you want to, or have to, install Adobe Flash Player on Windows Server 2016 again, use:
DISM /Online /Add-Package /PackagePath:"C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.14393.0.mum"
Code language: PowerShell (powershell)
If you happen to still be on Windows Server 2012R2, you can use the following command to remove Flash Player:
DISM /Online /Remove-Package /PackagePath:"C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.mum"
Code language: PowerShell (powershell)
And for Windows Server 2019:
DISM /Online /Remove-Package /PackagePath:"C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.17763.1.mum"
Code language: PowerShell (powershell)
Basically the only difference is the build and version number.
If you then want to completely remove Internet Explorer (IE) from Windows Server, use the next command:
DISM /Online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64
# use `DISM /Online /Get-Features` to list all enabled features
Code language: PowerShell (powershell)
Or you can use Disable-WindowsOptionalFeature
to uninstall Internet Explorer using PowerShell:
Disable-WindowsOptionalFeature -FeatureName Internet-Explorer-Optional-amd64 –Online
Code language: PowerShell (powershell)
As John Storbeck posted in the comments, there is a KB to remove Adobe Flash now: KB4577586.
This failed on 2019 for me. Also the Attrib also failed.
Maybe your Windows Server build number is different, Michael? Check
[System.Environment]::OSVersion.Version
.Also have a look at KB4577586: https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player. If you are not on Server Core, try to use the Uninstall a Program option in your Control Panel. Beyond this, you are on your own, I’m afraid I can’t assist any further than this.
There is a KB to remove flash now https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player
Thank you John!
The only issue I had was that the DISM command (at least on 2016) still left the four ActiveX files under c:\windows\system32\macromed\flash intact, three of which were still triggering our Nessus scanner as critical vulnerabilities. Those files were quite persistent; even changing permissions and ownership to Everyone did not allow them to be deleted, but did result in the fun message, “You require permission from Everyone to make changes to this file.”
Turns out that all four files had the system attribute set, so in an elevated command prompt, navigated to the folder and ran “attrib *.* -s -h -r” which removed the system attribute. With the system attribute gone, I was then able to delete the files and clear the vulnerability from Nessus.
I didn’t think about this until I’d already cleared the files, but in the “olden days” you had to specify all three “special” attributes in the command (system, hidden, and read-only) in order to add/remove any of them, so that’s why I did it that way. I do not know if that is still the case so ymmv.
Hi Yancey,
Thank you for your comment.
I haven’t encountered this, yet, when removing Adobe Flash Player. I’ll keep this in mind. It’s true you can’t delete system files even with Everyone having full control, unless you remove the System file attribute using
attrib
. That’s not just in the old days, sometimes it is still the case these days :) Nice find.