looking for Tivoli remnants at bootup
I have a Win NT 4.0 machine that used to have Tivoli installed. Tivoli was removed but on bootup it still looks for the files.
How can I permanently fix this?
How can I permanently fix this?
Have you double checked the the Tivoli services have been removed or are set to dissabled. If you did the uninstall while Tivoli was running, you will find that services might not have been removed. You should notice the Tivoli Endpoint service which starts the Tivoli utility monitoring utillity.
The entries in the registry to look out for usually reference lfcd or lcfep and should be found under hkey_local_Machine\softwar
The entries in the registry to look out for usually reference lfcd or lcfep and should be found under hkey_local_Machine\softwar
PS... The actual exe is lcfep.exe...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It's looking for the icfep.exe file. That's the error I'm getting. I found the tivoli folder in the registry and deleted it. I'm still getting the same message.
Hi!
Then search for icefp.exe in registry and delete any referances to it.
Also check for it in any autostart folders.
Regards
/Hans - Erik Skyttberg
Then search for icefp.exe in registry and delete any referances to it.
Also check for it in any autostart folders.
Regards
/Hans - Erik Skyttberg
ASKER
This unit used to be on a network. When looking in the registry , control panel, there's a listing for "environment". The valuename says "LOGONSERVER" and the data value is "\\SPR120500". Is this safe to delete or does it need to be there for NT?
ASKER
I've done a search in the registry and don't see any reference to the "icefp.exe" file.
ASKER
In WINNT Diagnostics:
Tivoli Remote Control Service - RCSERV.EXE (in WINNT:) is STOPPED
Tivoli Endpoint (C:Program) is STOPPED
Tivoli Remote Control Keyboard Filter is RUNNING
Tivoli Remote Control Pointer Filer is RUNNING
Tivoli Remote Control Text Grabber is RUNNING
Tivoli Remote Control Service - RCSERV.EXE (in WINNT:) is STOPPED
Tivoli Endpoint (C:Program) is STOPPED
Tivoli Remote Control Keyboard Filter is RUNNING
Tivoli Remote Control Pointer Filer is RUNNING
Tivoli Remote Control Text Grabber is RUNNING
ASKER
YarnoSG, How am I supposed to use this script? I don't see it included, only portions of the code.
It is just a batch file: copy between the lines into notepad and save it as KillTivoli.CMD in your path
You can then run it using:
Prompt:>KillTivoli Localhost
You will need to be sure you have SC.EXE and Addusers.exe from the NT/2000 resource kit, and PSKill from SYSINTERNALS (Free).
the whole script is up there; if your computer is looking for LCFEP, it is a service (Tivoli Endpoint/TME Agent: not sure, it has been a few years) the SC commands in the batch file will wipe that out/ alternatively, you can go to the services & devices control panel and turn off & disable those services/devices marked with Tivoli, though my script takes it a step further and deletes them and all their freinds too.
HTH
-Steve
You can then run it using:
Prompt:>KillTivoli Localhost
You will need to be sure you have SC.EXE and Addusers.exe from the NT/2000 resource kit, and PSKill from SYSINTERNALS (Free).
the whole script is up there; if your computer is looking for LCFEP, it is a service (Tivoli Endpoint/TME Agent: not sure, it has been a few years) the SC commands in the batch file will wipe that out/ alternatively, you can go to the services & devices control panel and turn off & disable those services/devices marked with Tivoli, though my script takes it a step further and deletes them and all their freinds too.
HTH
-Steve
ASKER
I don't have sc.exe or addusers.exe. I do not have the resource kit for NT/2000. Maybe I can find them and download them. Will I need to run them after killing Tivoli? Or will I need them in case someone goes wrong?
Will I have to kill it every time I boot up or will it kill it permanently?
Will I have to kill it every time I boot up or will it kill it permanently?
it is a permanent kill, and much of the resource kits can be downloaded for free. (http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit/default.asp and http://www.microsoft.com/windows2000/techinfo/reskit/default.asp)
However, in the absence of those files, you can use them as a guide for what needs to be done to completely remove Tivoli.
SC is a service controller, and controls both services and devices. You will notice I stop then delete services. Without SC you can Stop and then Disable these services/devices.
The RDs and Dels are removing files and directories, and
ADDUSERS is used to DELETE the Tivoli User out of the local SAM. All of these actions can be done manually.
HTH
-Steven Yarnot
http://yarnosg.home.insightbb.com
However, in the absence of those files, you can use them as a guide for what needs to be done to completely remove Tivoli.
SC is a service controller, and controls both services and devices. You will notice I stop then delete services. Without SC you can Stop and then Disable these services/devices.
The RDs and Dels are removing files and directories, and
ADDUSERS is used to DELETE the Tivoli User out of the local SAM. All of these actions can be done manually.
HTH
-Steven Yarnot
http://yarnosg.home.insightbb.com
ASKER
I ran the script. I received several errors.
"The filename, directory name, or volume lable syntax is incorrect."
or
"The name specified is not recognized as an internal or external command, inoperable program or batch file."
What did I do wrong?
"The filename, directory name, or volume lable syntax is incorrect."
or
"The name specified is not recognized as an internal or external command, inoperable program or batch file."
What did I do wrong?
In order to run the script you NEED SC, REG, ADDUSERS in your path. But without them you can manually do what the batch file does by hand:
Use the control panel Devices and Services tools to stop and disable the "TIVOLI" things, the Tivoli Remote Control Service (service) , the Tivoli Endpoint(service)
Tivoli Remote Control Keyboard Filter (Device),Tivoli Remote Control Pointer Filter (Device), and Tivoli Remote Control Text Grabber (Device). Stop them. Disable them.
Delete the Tivoli Directories and files identified by the script.
Go to the user control panel and delete the Tivoli User and the Tivoli Admin Group.
Go to the registry and delete the HKLM\Software\Tivoli Key, and the LCEFP value from the(HKLM\SOTWARE\Microsoft
HTH
-Steven Yarnot
Use the control panel Devices and Services tools to stop and disable the "TIVOLI" things, the Tivoli Remote Control Service (service) , the Tivoli Endpoint(service)
Tivoli Remote Control Keyboard Filter (Device),Tivoli Remote Control Pointer Filter (Device), and Tivoli Remote Control Text Grabber (Device). Stop them. Disable them.
Delete the Tivoli Directories and files identified by the script.
Go to the user control panel and delete the Tivoli User and the Tivoli Admin Group.
Go to the registry and delete the HKLM\Software\Tivoli Key, and the LCEFP value from the(HKLM\SOTWARE\Microsoft
HTH
-Steven Yarnot
ASKER
Where do I install SC, REG, ADDUSERS ? when I get the Resource CD?
Serch for tivoli in the registry and remove any registry keys that are left.
Also check autostart folder in the startmenu.
Regards
/Hans - Erik Skyttberg