Solved

Is there a way that a remote system admin can run SSECleanup in the background to not disturb the EU?

Posted on 2011-03-19
20
669 Views
Last Modified: 2013-11-22
Were moving a different vendor for our viral needs and WebRoot has been a pain  to remove using Admin console for the remote nodes.  Even after submitting the remote node for uninstall and removing the object from the admin console it still remains active on the remote node.  Ive about given up on the POS.

So were looking for the SSECleanup tool to remove the program from the nodes affected but it seems to be a necessity to run it from the local node if one believes the vendor.

Has anyone ran been able to run SSECleaup in the background from a remote location so to not disturb the EU at the node?  If so, how?

TIA!
0
Comment
Question by:Drakcon
  • 8
  • 6
  • 4
  • +2
20 Comments
 
LVL 6

Expert Comment

by:mrcannon
ID: 35171794
I would try PSExec which is a tool provided on MS Technet and originally written by Sysinternals and part of the PStools suite.  Below are the command line options.  I have used it in the past to bring up a command prompt on remote systems (like telnet but more useful)....

http://technet.microsoft.com/en-us/sysinternals/bb897553

Usage: psexec [\\computer[,computer2[,...] | @file][-u user [-p psswd]][-n s][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,... ] cmd [arguments]

computer      Direct PsExec to run the application on the computer or computers specified. If you omit the computer name PsExec runs the application on the local system and if you enter a computer name of "\\*" PsExec runs the applications on all computers in the current domain.
@file      Directs PsExec to run the command on each computer listed in the text file specified.
-a      Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. For example, to run the application on CPU 2 and CPU 4, enter: "-a 2,4"
-c      Copy the specified program to the remote system for execution. If you omit this option then the application must be in the system's path on the remote system.
-d      Don't wait for application to terminate. Only use this option for non-interactive applications.
-e      Does not load the specified account's profile.
-f      Copy the specified program to the remote system even if the file already exists on the remote system.
-i      Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.
-l      Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity.
-n      Specifies timeout in seconds connecting to remote computers.
-p      Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.
-s      Run remote process in the System account.
-u      Specifies optional user name for login to remote computer.
-v      Copy the specified file only if it has a higher version number or is newer on than the one on the remote system.
-w      Set the working directory of the process (relative to the remote computer).
-x      Display the UI on the Winlogon desktop (local system only).
-priority      Specifies -low, -belownormal, -abovenormal, -high or -realtime to run the process at a different priority. Use -background to run at low memory and I/O priority on Vista.
program      Name of the program to execute.
arguments      Arguments to pass (note that file paths must be absolute paths on the target system)
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 300 total points
ID: 35171855
Using psexc, the command would be


psexec \\* -c -f -s -d \\server\share\SSECleanup.exe -remove
0
 

Author Comment

by:Drakcon
ID: 35173038
pstools has never been my friend, now is no different, I pull the sysinternals zip and extracted to the the desktop, the whole package extracted EXCEPT psexec

when extracting to my workstation everything came across just fine, figure ok, will just copy psexec over to the administrative share on the server, looked like it was going to work then it dissappeared as soon as the copy was done.

Any thoughts?  pstools has never been used on this server, but for grins and giggles i went looking of the pdh.dll file in sys32 and sys (just in case) in case i was somehow wrong and there was a previous version once upon a time and did not find the .dll

Is there a setting on MS 2003 that keeps psexec from being installed or used that im unaware of, or maybe I just have a new thread to start?
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35174735
Have you done a search for psexec on the drive you copied it too? This is a really weird issue.
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 35175582
I find it much easier to extract pstools to your system32 folder. There is no need to have it on a share.

You can also download each individual tool from here

http://live.sysinternals.com/
0
 

Author Comment

by:Drakcon
ID: 35175583
yes ran a search on it and finds nothing, just going to try to run it from my workstation.  Been having issues with that also as I get hit with some along the lines of  access denied cause of the program path, being its the weekend Im trying avoid working at home  HA HA!, at any rate I kind of odd that I have these issues considering im the "domain admin", from my workstation, will see if adding the -u -p switch when i get into work tomorrow
0
 

Author Comment

by:Drakcon
ID: 35175593
dstewartjr thanks for the suggestion, I tried orginally to run from the desktop but the problem was just the PSexec would not extract, so I extracted to my workstation then was going to move it via my mapped share to the desktop, but in all tries it just does not want to copy onto the sever in any form or fashion.  I would not think that extracting to sys32 would make much difference but will try anything at this point
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 35175601
Well since they are all command line tools, its alot easier having them in the system32 folder. Then you dont have to type the path to them in order to run them.
0
 

Author Comment

by:Drakcon
ID: 35175680
agreed!  just was not on my mind at the time
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35175851
What kind of server is this? 2008 maybe?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Drakcon
ID: 35175887
2003 std sp2
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 35184597
@Drakcon

Below is one more application remover for Webroot, this from Sun Belt Software who have created Viper and GFI.

http://go.sunbeltsoftware.com/?linkid=1281

Source:
http://www.sunbeltsoftware.com/Business/Agent-Uninstallers/

I hope that would help

Sudeep
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 35186435
Where you at with using psexec ?
0
 

Author Comment

by:Drakcon
ID: 35188476
@SSharma  Hey thanks,  but this agent seems to need a restart which is one of the criteria im trying to avoid, the down side of IT, to many expect things to be invisible with no interuptions, at times it drives me nuts to have to expectations!

PSExec still is my nemisis, I tried to run with the command string you passed along from my workstation and was rejected, so tried something different on my test target and xcopied the SSECleanup over to the root of the target then dropped the "-c" switch from the command line and was able to run just fine.  Not the easy way I guess but it worked.

I hope to run through the whole list of targets today with a bat if I get the time to do so.

0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 35189673
Did you run the command prompt as a Domain Admin before while running the psexec command?

Was the error reported a 0<Zero ? which is success ?
0
 

Author Comment

by:Drakcon
ID: 35191270
yes ran from CMD in elevated mode,  as long as I copy the file over to the target,  before running the aforementioned psexec string I end with 0 (zero)
0
 
LVL 47

Expert Comment

by:dstewartjr
ID: 35191359
Do you have the  port 445 TCP (SMB) enabled?  Also the admin$ share should be enabled.

What error code gets returned if you dont copy file over manually?
0
 
LVL 15

Accepted Solution

by:
Russell_Venable earned 200 total points
ID: 35193012
Don't forget about the -h switch it's new for psexec on vista+ (UAC) enabled systems.
0
 

Author Closing Comment

by:Drakcon
ID: 35193440
Russell, excellent call,  that was the linchpin keeping me from moving forward quicker.  

Where did you find the information about the -h switch?  I looked high and low for differences between xp and vista/win7 when it came to psexec and never came across that switch

I split the points although not evenly, I have to say I appreciate both of your help!
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35193515
Your welcome. I do a lot of penetration tests and this tool helps me with this kind of job, so it in my tool inventory. That is why I knew about it.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
This video demonstrates basic masking and how to edit the mask to reveal the desired image.
The viewer will learn common shortcuts with easy ways to remember them. The viewer will then learn where to find all of the keyboard shortcuts, how to create/change them, and how to speed up their workflow.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now