Is there a way that a remote system admin can run SSECleanup in the background to not disturb the EU?

Were moving a different vendor for our viral needs and WebRoot has been a pain  to remove using Admin console for the remote nodes.  Even after submitting the remote node for uninstall and removing the object from the admin console it still remains active on the remote node.  Ive about given up on the POS.

So were looking for the SSECleanup tool to remove the program from the nodes affected but it seems to be a necessity to run it from the local node if one believes the vendor.

Has anyone ran been able to run SSECleaup in the background from a remote location so to not disturb the EU at the node?  If so, how?

TIA!
DrakconAsked:
Who is Participating?
 
Russell_VenableConnect With a Mentor Commented:
Don't forget about the -h switch it's new for psexec on vista+ (UAC) enabled systems.
0
 
mrcannonCommented:
I would try PSExec which is a tool provided on MS Technet and originally written by Sysinternals and part of the PStools suite.  Below are the command line options.  I have used it in the past to bring up a command prompt on remote systems (like telnet but more useful)....

http://technet.microsoft.com/en-us/sysinternals/bb897553

Usage: psexec [\\computer[,computer2[,...] | @file][-u user [-p psswd]][-n s][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,... ] cmd [arguments]

computer      Direct PsExec to run the application on the computer or computers specified. If you omit the computer name PsExec runs the application on the local system and if you enter a computer name of "\\*" PsExec runs the applications on all computers in the current domain.
@file      Directs PsExec to run the command on each computer listed in the text file specified.
-a      Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. For example, to run the application on CPU 2 and CPU 4, enter: "-a 2,4"
-c      Copy the specified program to the remote system for execution. If you omit this option then the application must be in the system's path on the remote system.
-d      Don't wait for application to terminate. Only use this option for non-interactive applications.
-e      Does not load the specified account's profile.
-f      Copy the specified program to the remote system even if the file already exists on the remote system.
-i      Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.
-l      Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity.
-n      Specifies timeout in seconds connecting to remote computers.
-p      Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.
-s      Run remote process in the System account.
-u      Specifies optional user name for login to remote computer.
-v      Copy the specified file only if it has a higher version number or is newer on than the one on the remote system.
-w      Set the working directory of the process (relative to the remote computer).
-x      Display the UI on the Winlogon desktop (local system only).
-priority      Specifies -low, -belownormal, -abovenormal, -high or -realtime to run the process at a different priority. Use -background to run at low memory and I/O priority on Vista.
program      Name of the program to execute.
arguments      Arguments to pass (note that file paths must be absolute paths on the target system)
0
 
DonConnect With a Mentor Network AdministratorCommented:
Using psexc, the command would be


psexec \\* -c -f -s -d \\server\share\SSECleanup.exe -remove
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
DrakconAuthor Commented:
pstools has never been my friend, now is no different, I pull the sysinternals zip and extracted to the the desktop, the whole package extracted EXCEPT psexec

when extracting to my workstation everything came across just fine, figure ok, will just copy psexec over to the administrative share on the server, looked like it was going to work then it dissappeared as soon as the copy was done.

Any thoughts?  pstools has never been used on this server, but for grins and giggles i went looking of the pdh.dll file in sys32 and sys (just in case) in case i was somehow wrong and there was a previous version once upon a time and did not find the .dll

Is there a setting on MS 2003 that keeps psexec from being installed or used that im unaware of, or maybe I just have a new thread to start?
0
 
Russell_VenableCommented:
Have you done a search for psexec on the drive you copied it too? This is a really weird issue.
0
 
DonNetwork AdministratorCommented:
I find it much easier to extract pstools to your system32 folder. There is no need to have it on a share.

You can also download each individual tool from here

http://live.sysinternals.com/
0
 
DrakconAuthor Commented:
yes ran a search on it and finds nothing, just going to try to run it from my workstation.  Been having issues with that also as I get hit with some along the lines of  access denied cause of the program path, being its the weekend Im trying avoid working at home  HA HA!, at any rate I kind of odd that I have these issues considering im the "domain admin", from my workstation, will see if adding the -u -p switch when i get into work tomorrow
0
 
DrakconAuthor Commented:
dstewartjr thanks for the suggestion, I tried orginally to run from the desktop but the problem was just the PSexec would not extract, so I extracted to my workstation then was going to move it via my mapped share to the desktop, but in all tries it just does not want to copy onto the sever in any form or fashion.  I would not think that extracting to sys32 would make much difference but will try anything at this point
0
 
DonNetwork AdministratorCommented:
Well since they are all command line tools, its alot easier having them in the system32 folder. Then you dont have to type the path to them in order to run them.
0
 
DrakconAuthor Commented:
agreed!  just was not on my mind at the time
0
 
Russell_VenableCommented:
What kind of server is this? 2008 maybe?
0
 
DrakconAuthor Commented:
2003 std sp2
0
 
Sudeep SharmaTechnical DesignerCommented:
@Drakcon

Below is one more application remover for Webroot, this from Sun Belt Software who have created Viper and GFI.

http://go.sunbeltsoftware.com/?linkid=1281

Source:
http://www.sunbeltsoftware.com/Business/Agent-Uninstallers/

I hope that would help

Sudeep
0
 
DonNetwork AdministratorCommented:
Where you at with using psexec ?
0
 
DrakconAuthor Commented:
@SSharma  Hey thanks,  but this agent seems to need a restart which is one of the criteria im trying to avoid, the down side of IT, to many expect things to be invisible with no interuptions, at times it drives me nuts to have to expectations!

PSExec still is my nemisis, I tried to run with the command string you passed along from my workstation and was rejected, so tried something different on my test target and xcopied the SSECleanup over to the root of the target then dropped the "-c" switch from the command line and was able to run just fine.  Not the easy way I guess but it worked.

I hope to run through the whole list of targets today with a bat if I get the time to do so.

0
 
DonNetwork AdministratorCommented:
Did you run the command prompt as a Domain Admin before while running the psexec command?

Was the error reported a 0<Zero ? which is success ?
0
 
DrakconAuthor Commented:
yes ran from CMD in elevated mode,  as long as I copy the file over to the target,  before running the aforementioned psexec string I end with 0 (zero)
0
 
DonNetwork AdministratorCommented:
Do you have the  port 445 TCP (SMB) enabled?  Also the admin$ share should be enabled.

What error code gets returned if you dont copy file over manually?
0
 
DrakconAuthor Commented:
Russell, excellent call,  that was the linchpin keeping me from moving forward quicker.  

Where did you find the information about the -h switch?  I looked high and low for differences between xp and vista/win7 when it came to psexec and never came across that switch

I split the points although not evenly, I have to say I appreciate both of your help!
0
 
Russell_VenableCommented:
Your welcome. I do a lot of penetration tests and this tool helps me with this kind of job, so it in my tool inventory. That is why I knew about it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.