Solved

Is there a way that a remote system admin can run SSECleanup in the background to not disturb the EU?

Posted on 2011-03-19
20
676 Views
Last Modified: 2013-11-22
Were moving a different vendor for our viral needs and WebRoot has been a pain  to remove using Admin console for the remote nodes.  Even after submitting the remote node for uninstall and removing the object from the admin console it still remains active on the remote node.  Ive about given up on the POS.

So were looking for the SSECleanup tool to remove the program from the nodes affected but it seems to be a necessity to run it from the local node if one believes the vendor.

Has anyone ran been able to run SSECleaup in the background from a remote location so to not disturb the EU at the node?  If so, how?

TIA!
0
Comment
Question by:Drakcon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 4
  • +2
20 Comments
 
LVL 6

Expert Comment

by:mrcannon
ID: 35171794
I would try PSExec which is a tool provided on MS Technet and originally written by Sysinternals and part of the PStools suite.  Below are the command line options.  I have used it in the past to bring up a command prompt on remote systems (like telnet but more useful)....

http://technet.microsoft.com/en-us/sysinternals/bb897553

Usage: psexec [\\computer[,computer2[,...] | @file][-u user [-p psswd]][-n s][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,... ] cmd [arguments]

computer      Direct PsExec to run the application on the computer or computers specified. If you omit the computer name PsExec runs the application on the local system and if you enter a computer name of "\\*" PsExec runs the applications on all computers in the current domain.
@file      Directs PsExec to run the command on each computer listed in the text file specified.
-a      Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. For example, to run the application on CPU 2 and CPU 4, enter: "-a 2,4"
-c      Copy the specified program to the remote system for execution. If you omit this option then the application must be in the system's path on the remote system.
-d      Don't wait for application to terminate. Only use this option for non-interactive applications.
-e      Does not load the specified account's profile.
-f      Copy the specified program to the remote system even if the file already exists on the remote system.
-i      Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.
-l      Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity.
-n      Specifies timeout in seconds connecting to remote computers.
-p      Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.
-s      Run remote process in the System account.
-u      Specifies optional user name for login to remote computer.
-v      Copy the specified file only if it has a higher version number or is newer on than the one on the remote system.
-w      Set the working directory of the process (relative to the remote computer).
-x      Display the UI on the Winlogon desktop (local system only).
-priority      Specifies -low, -belownormal, -abovenormal, -high or -realtime to run the process at a different priority. Use -background to run at low memory and I/O priority on Vista.
program      Name of the program to execute.
arguments      Arguments to pass (note that file paths must be absolute paths on the target system)
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 300 total points
ID: 35171855
Using psexc, the command would be


psexec \\* -c -f -s -d \\server\share\SSECleanup.exe -remove
0
 

Author Comment

by:Drakcon
ID: 35173038
pstools has never been my friend, now is no different, I pull the sysinternals zip and extracted to the the desktop, the whole package extracted EXCEPT psexec

when extracting to my workstation everything came across just fine, figure ok, will just copy psexec over to the administrative share on the server, looked like it was going to work then it dissappeared as soon as the copy was done.

Any thoughts?  pstools has never been used on this server, but for grins and giggles i went looking of the pdh.dll file in sys32 and sys (just in case) in case i was somehow wrong and there was a previous version once upon a time and did not find the .dll

Is there a setting on MS 2003 that keeps psexec from being installed or used that im unaware of, or maybe I just have a new thread to start?
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35174735
Have you done a search for psexec on the drive you copied it too? This is a really weird issue.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35175582
I find it much easier to extract pstools to your system32 folder. There is no need to have it on a share.

You can also download each individual tool from here

http://live.sysinternals.com/
0
 

Author Comment

by:Drakcon
ID: 35175583
yes ran a search on it and finds nothing, just going to try to run it from my workstation.  Been having issues with that also as I get hit with some along the lines of  access denied cause of the program path, being its the weekend Im trying avoid working at home  HA HA!, at any rate I kind of odd that I have these issues considering im the "domain admin", from my workstation, will see if adding the -u -p switch when i get into work tomorrow
0
 

Author Comment

by:Drakcon
ID: 35175593
dstewartjr thanks for the suggestion, I tried orginally to run from the desktop but the problem was just the PSexec would not extract, so I extracted to my workstation then was going to move it via my mapped share to the desktop, but in all tries it just does not want to copy onto the sever in any form or fashion.  I would not think that extracting to sys32 would make much difference but will try anything at this point
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35175601
Well since they are all command line tools, its alot easier having them in the system32 folder. Then you dont have to type the path to them in order to run them.
0
 

Author Comment

by:Drakcon
ID: 35175680
agreed!  just was not on my mind at the time
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35175851
What kind of server is this? 2008 maybe?
0
 

Author Comment

by:Drakcon
ID: 35175887
2003 std sp2
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 35184597
@Drakcon

Below is one more application remover for Webroot, this from Sun Belt Software who have created Viper and GFI.

http://go.sunbeltsoftware.com/?linkid=1281

Source:
http://www.sunbeltsoftware.com/Business/Agent-Uninstallers/

I hope that would help

Sudeep
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35186435
Where you at with using psexec ?
0
 

Author Comment

by:Drakcon
ID: 35188476
@SSharma  Hey thanks,  but this agent seems to need a restart which is one of the criteria im trying to avoid, the down side of IT, to many expect things to be invisible with no interuptions, at times it drives me nuts to have to expectations!

PSExec still is my nemisis, I tried to run with the command string you passed along from my workstation and was rejected, so tried something different on my test target and xcopied the SSECleanup over to the root of the target then dropped the "-c" switch from the command line and was able to run just fine.  Not the easy way I guess but it worked.

I hope to run through the whole list of targets today with a bat if I get the time to do so.

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35189673
Did you run the command prompt as a Domain Admin before while running the psexec command?

Was the error reported a 0<Zero ? which is success ?
0
 

Author Comment

by:Drakcon
ID: 35191270
yes ran from CMD in elevated mode,  as long as I copy the file over to the target,  before running the aforementioned psexec string I end with 0 (zero)
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 35191359
Do you have the  port 445 TCP (SMB) enabled?  Also the admin$ share should be enabled.

What error code gets returned if you dont copy file over manually?
0
 
LVL 15

Accepted Solution

by:
Russell_Venable earned 200 total points
ID: 35193012
Don't forget about the -h switch it's new for psexec on vista+ (UAC) enabled systems.
0
 

Author Closing Comment

by:Drakcon
ID: 35193440
Russell, excellent call,  that was the linchpin keeping me from moving forward quicker.  

Where did you find the information about the -h switch?  I looked high and low for differences between xp and vista/win7 when it came to psexec and never came across that switch

I split the points although not evenly, I have to say I appreciate both of your help!
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35193515
Your welcome. I do a lot of penetration tests and this tool helps me with this kind of job, so it in my tool inventory. That is why I knew about it.
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In our personal lives, we have well-designed consumer apps to delight us and make even the most complex transactions simple. Many enterprise applications, however, are a bit behind the times. For an enterprise app to be successful in today's tech wo…
All of the resources available today make learning a new digital media easier than ever-- if you know where to begin. This is a clear, simple guide to a few of the basic digital art mediums and how to begin learning them on your own.
Video by: Tony
This video teaches viewers how to export a project from Adobe Premiere Pro and the various file types involved.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question