?
Solved

looking for Tivoli remnants at bootup

Posted on 2003-03-09
16
Medium Priority
?
1,287 Views
Last Modified: 2013-12-21
I have a Win NT 4.0 machine that used to have Tivoli installed.  Tivoli was removed but on bootup it still looks for the files.

How can I permanently fix this?
0
Comment
Question by:AWP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 2
  • +1
16 Comments
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8101544
Hi!

Serch for tivoli in the registry and remove any registry keys that are left.

Also check autostart folder in the startmenu.

Regards
/Hans - Erik Skyttberg
0
 
LVL 2

Expert Comment

by:RooiValk
ID: 8102495
Have you double checked the the Tivoli services have been removed or are set to dissabled.  If you did the uninstall while Tivoli was running, you will find that services might not have been removed.  You should notice the Tivoli Endpoint service which starts the Tivoli utility monitoring utillity.  

The entries in the registry to look out for usually reference lfcd or lcfep and should be found under hkey_local_Machine\software\microsoft\windows\currentversion\run these are the apps that are started as the PC is logged on.
0
 
LVL 2

Expert Comment

by:RooiValk
ID: 8102547
PS...  The actual exe is lcfep.exe...
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Accepted Solution

by:
YarnoSG earned 750 total points
ID: 8103557
I wrote a script for this -   It is written to be run against the machine remotely, but can run against "localhost":

The following is a snippet of the writeup I did for it:
______________________________________________________
Tool: KILLTIVOLI
The script used by Steve to put an end to the Evil Empire of TIVOLI.  Will destroy everything TIVOLI related on an NT-based PC, leaving its breath fresh and minty.
Usage:

C:\>KillTivoli NodeName


The end user sees nothing, except possibly a faster, healthier PC.
Technical Gobbledy-Gook: (skip this section if you dont care how it works).  
This script utilizes the following utilities:  PSKILL to end Tivoli-Related Processes by name on the target node, SC to stop and then delete Tivoli-Related Services and Devices on the target, RD (System Command) to remove Tivoli-Related Directories, DEL (System Command) to remove isolated Individual Tivoli Files, ADDUSERS to take away the Tivoli created users, and REG to remove Tivoli related registry keys.  It flows in the following order:  Kill Tivoli Executables, Stop and Remove Tivoli Services/Devices, Remove Tivoli Files and Directories, Remove Tivoli Users, and Finally Remove Tivoli Registry Settings.   I very nearly named it DieTivoliDie, but that did not convey its function quite as well as KillTivoli.

I originally ran this script against a domain list gleaned from DOMAIN1 and DOMAIN2 (accidentally forgetting to remove the servers), as a subscript to the GRAB script (to get administrative rights, described in a later section).  After recovering from the political damage I caused myself, I improved my scripting processes a small eek to prevent that accident from ever happening again.

The script is kept around for in case you run into one of the machines that we missed during the initial mass execution of Tivoli I did in November of 2000
Where did it come from?
Steve is very proud to have written this script.  The removal of TIVOLI in the DOMAIN1/DOMAIN2 environment was completed (to about 98%) in approximately 6 hours, by a simple 200Mhz machine running a script; A lot better than the 3 weeks of manual, in person uninstalls that the SMS deployment plan called for, and a lot more cost effective.

____________________________________

the Script follows;  you will have to be sure to collect the files it depends on:

_____________________________
:: KillTivoli.CMD by Steven Yarnot
:: Last updated 05/09/2001
:: USES PSKILL.EXE FROM SYSINTERNALS.COM, ADDUSERS.EXE AND SC.EXE FROM THE NT RESOURCE KIT
:: THE FILE "KILLTIV.GRP" CONTAINS THE USER INFORMATION OF TIVOLI USER TO KILL IT.
::
:: Assume Admin connection, assume NT, this is a spinoff script
pskill \\%1 lcfd.exe
pskill \\%1 TRIP.exe
pskill \\%1 lcfep.exe
pskill \\%1 TIVNTSVC.exe

sc \\%1 stop TGRAB
sc \\%1 delete TGRAB
sc \\%1 stop LCFD
sc \\%1 delete LCFD
sc \\%1 stop "TME Agent"
sc \\%1 delete "TME Agent"
sc \\%1 stop TME10RC
sc \\%1 delete TME10RC
sc \\%1 stop TRIP
sc \\%1 delete TRIP
sc \\%1 stop KEYEX2
sc \\%1 delete KEYEX2
sc \\%1 stop MOUEX2
sc \\%1 delete MOUEX2
sc \\%1 CONFIG KBDCLASS start= system
sc \\%1 CONFIG KEYEX start= disabled
sc \\%1 CONFIG MOUCLASS start= system
sc \\%1 CONFIG MOUEX start= disabled


RD /s /q \\%1\C$\Tivoli
RD /s /q \\%1\C$\ETC\Tivoli
DEL \\%1\C$\etc\AGTMSG.CAT
DEL \\%1\C$\etc\LstAgt.bat
DEL \\%1\C$\etc\PCREMOTE.CFG
DEL \\%1\C$\etc\Tmeagent.cfg
RD \\%1\C$\ETC
DEL \\%1\C$\!tiv!.log
DEL \\%1\C$\!tivstart!.txt
RD /s /q \\%1\ADMIN$\Tivoli

ADDUSERS \\%1 /e .\copytotarget\killtiv.grp
reg delete "\\%1\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v lcfep /f
reg delete "\\%1\HKLM\SOFTWARE\Tivoli" /va /f



echo %1 >> killtivoli3.log
____________________________________________

killtiv.grp is for deleting the "user" accounts Tivoli leaves behind, and it contains:

____________________

[User]

tmersrvd,tmersrvd,,Tivoli Unprivileged Operations Account (required),,,,

[Global]

tmersrvd,

[Local]

Tivoli_Admin_Privileges,Tivoli Super Users should have these privileges,
__________________________

Hope this helps

-Steven Yarnot
http://yarnosg.home.insightbb.com

the Irony of this script is that I was the Tivoli administrator;  I could not wait to see the Tivoli environment die at my place of work--Vive la SMS!
0
 

Author Comment

by:AWP
ID: 8106895
It's looking for the icfep.exe file.  That's the error I'm getting.  I found the tivoli folder in the registry and deleted it.  I'm still getting the same message.
0
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8107161
Hi!

Then search for icefp.exe in registry and delete any referances to it.

Also check for it in any autostart folders.

Regards
/Hans - Erik Skyttberg
0
 

Author Comment

by:AWP
ID: 8107655
This unit used to be on a network.  When looking in the registry , control panel, there's a listing for "environment".  The valuename says "LOGONSERVER" and the data value is "\\SPR120500".  Is this safe to delete or does it need to be there for NT?
0
 

Author Comment

by:AWP
ID: 8107668
I've done a search in the registry and don't see any reference to the "icefp.exe" file.
0
 

Author Comment

by:AWP
ID: 8107718
In WINNT Diagnostics:

Tivoli Remote Control Service - RCSERV.EXE (in WINNT:) is STOPPED
Tivoli Endpoint (C:Program) is STOPPED

Tivoli Remote Control Keyboard Filter is RUNNING
Tivoli Remote Control Pointer Filer is RUNNING
Tivoli Remote Control Text Grabber is RUNNING

0
 

Author Comment

by:AWP
ID: 8107742
YarnoSG, How am I supposed to use this script?  I don't see it included, only portions of the code.
0
 
LVL 7

Expert Comment

by:YarnoSG
ID: 8110881
It is just a batch file:  copy between the lines into notepad and save it as KillTivoli.CMD in your path

You can then run it using:
Prompt:>KillTivoli Localhost

You will need to be sure you have SC.EXE and Addusers.exe from the NT/2000 resource kit, and PSKill from SYSINTERNALS (Free).


the whole script is up there;  if your computer is looking for LCFEP, it is a service (Tivoli Endpoint/TME Agent:  not sure, it has been a few years)  the SC commands in the batch file will wipe that out/ alternatively, you can go to the services & devices control panel and turn off & disable those services/devices marked with Tivoli, though my script takes it a step further and deletes them and all their freinds too.

HTH

-Steve
0
 

Author Comment

by:AWP
ID: 8113408
I don't have sc.exe or addusers.exe.  I do not have the resource kit for NT/2000.  Maybe I can find them and download them.  Will I need to run them after killing Tivoli?  Or will I need them in case someone goes wrong?

Will I have to kill it every time I boot up or will it kill it permanently?
0
 
LVL 7

Expert Comment

by:YarnoSG
ID: 8114313
it is a permanent kill, and much of the resource kits can be downloaded for free.  (http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit/default.asp and http://www.microsoft.com/windows2000/techinfo/reskit/default.asp)

However, in the absence of those files, you can use them as a guide for what needs to be done to completely remove Tivoli.

SC is a service controller, and controls both services and devices.  You will notice I stop then delete services.  Without SC you can Stop and then Disable these services/devices.  

The RDs and Dels are removing files and directories, and

ADDUSERS is used to DELETE the Tivoli User out of the local SAM.  All of these actions can be done manually.

HTH

-Steven Yarnot
http://yarnosg.home.insightbb.com
0
 

Author Comment

by:AWP
ID: 8114797
I ran the script.  I received several errors.

"The filename, directory name, or volume lable syntax is incorrect."

or

"The name specified is not recognized as an internal or external command, inoperable program or batch file."

What did I do wrong?
0
 
LVL 7

Expert Comment

by:YarnoSG
ID: 8118898
In order to run the script you NEED SC, REG, ADDUSERS in your path.  But without them you can manually do what the batch file does by hand:  

Use the control panel Devices and Services tools to stop and disable the "TIVOLI" things, the Tivoli Remote Control Service (service) , the Tivoli Endpoint(service)
Tivoli Remote Control Keyboard Filter (Device),Tivoli Remote Control Pointer Filter (Device), and Tivoli Remote Control Text Grabber (Device).  Stop them.  Disable them.  

Delete the Tivoli Directories and files identified by the script.

Go to the user control panel and delete the Tivoli User and the Tivoli Admin Group.  

Go to the registry and delete the HKLM\Software\Tivoli Key, and the LCEFP value from the(HKLM\SOTWARE\Microsoft\Windows\CurrentVersion\Run)key.

HTH
-Steven Yarnot

0
 

Author Comment

by:AWP
ID: 8166876
Where do I install SC, REG, ADDUSERS ? when I get the Resource CD?
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question