asked on

How to parse Windows command line output to find information

I am using "reg query HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL /s" to display registry keys and subkeys.

From that output, I need to find a key with a subkey of DisplayName as "Symantec Endpoint Protection" or any value I choose. The output should be the parent key and/or associated UninstallPath subkey

Background:

I am trying to create a universal uninstall tool for antivirus programs (or atleast symmantec endpoint protection)

SEPprep does not seem to work with v11 even with "RemoveSymantec=Y"

Therefore I had to do it a different way using MSI command line interface (http://www.symantec.com/business/support/index?page=content&id=TECH102470)

It says to navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ and find a value with a subkey DisplayName = Symantec Endpoint Protection, to copy the key into the "msiexec.exe /x [insert key] /passive" command

Mohammed Khawaja

I would suggest you use WMIC product to uninstall the product via a script and also note that you could even implement the uninstall as a Group Policy. Below is a sample script

if exist c:\symantec-uninstalled.txt goto end
wmic product where "name like 'Symantec Endpoint %%" call uninstall /nointeractive > c:\symantec-uninstalled.txt
:end

With the script above, once the software is uninstalled, file c:\symantec-uninstalled.txt is created. Next time the script is run, it checks for the file exits and if so, the script ends.

it_saige

Rob van der Woude wrote an elegant batch script to get the uninstall information:

:: Check command line arguments
IF     "%~1"=="" GOTO Syntax
IF NOT "%~2"=="" GOTO Syntax
ECHO "%~1" | FINDSTR /R /C:"[/?]" >NUL && GOTO Syntax

SETLOCAL ENABLEDELAYEDEXPANSION
SET Count=0
FOR /F "tokens=*" %%A IN ('REG Query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /F "%~1" /D /S 2^>NUL ^| FINDSTR /R /B /C:"HKEY_"') DO (
	REG Query "%%~A" /F DisplayName /V /E | FINDSTR /R /I /C:" DisplayName .* .*%~1" >NUL 2>&1
	IF NOT ERRORLEVEL 1 (
		SET /A Count += 1
		FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F DisplayName    /V /E 2^>NUL ^| FIND /I " DisplayName "')     DO ECHO Program Name      = %%C
		FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F DisplayVersion /V /E 2^>NUL ^| FIND /I " DisplayVersion "')  DO ECHO Program Version   = %%C
		FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F InstallDate    /V /E 2^>NUL ^| FIND /I " InstallDate "')     DO (
			SET InstallDate=%%C
			ECHO Install Date      = !InstallDate:~0,4!-!InstallDate:~4,2!-!InstallDate:~6!
		)
		FOR /F "tokens=7 delims=\" %%B IN ("%%~A") DO ECHO Unique Identifier = %%B
		FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F UninstallString /V /E ^| FIND /I " UninstallString "') DO ECHO Uninstall String  = %%C
		ECHO.
	)
)

WMIC.EXE Path Win32_Processor Get DataWidth 2>NUL | FIND "64" >NUL
IF ERRORLEVEL 1 (
	ECHO.
	ECHO %Count% programs found
) ELSE (
	SET Count32bit=0
	FOR /F "tokens=*" %%A IN ('REG Query HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /F "%~1" /D /S 2^>NUL ^| FINDSTR /R /B /C:"HKEY_"') DO (
		REG Query "%%~A" /F DisplayName /V /E | FINDSTR /R /I /C:" DisplayName .* .*%~1" >NUL 2>&1
		IF NOT ERRORLEVEL 1 (
			SET /A Count32bit += 1
			FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F DisplayName    /V /E 2^>NUL ^| FIND /I " DisplayName "')     DO ECHO Program Name      = %%C
			FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F DisplayVersion /V /E 2^>NUL ^| FIND /I " DisplayVersion "')  DO ECHO Program Version   = %%C
			FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F InstallDate    /V /E 2^>NUL ^| FIND /I " InstallDate "')     DO (
				SET InstallDate=%%C
				ECHO Install Date      = !InstallDate:~0,4!-!InstallDate:~4,2!-!InstallDate:~6!
			)
			FOR /F "tokens=7 delims=\" %%B IN ("%%~A") DO ECHO Unique Identifier = %%B
			FOR /F "tokens=2*" %%B IN ('REG Query "%%~A" /F UninstallString /V /E ^| FIND /I " UninstallString "') DO ECHO Uninstall String  = %%C
			ECHO.
		)
	)
	ECHO.
	ECHO     %Count% 64-bit programs and !Count32bit! 32-bit programs found
)

ENDLOCAL
GOTO:EOF


:Syntax
ECHO.
ECHO GetUninstall.bat,  Version 2.00 for Windows Vista and later
ECHO List or search uninstall command lines
ECHO.
ECHO Usage:    GETUNINSTALL.BAT  "filter"
ECHO.
ECHO Where:    "filter"    narrows down the search result to programs whose
ECHO                       uninstall data contains the string "filter"
ECHO.
ECHO Example:  GETUNINSTALL.BAT "Adobe Reader"
ECHO.
ECHO Written by Rob van der Woude
ECHO http://www.robvanderwoude.com

:: Set return code for Windows NT 4 or later
IF "%OS%"=="Windows_NT" COLOR 00

Open in new window

From http://www.robvanderwoude.com/files/getuninstall_w7.txt.

-saige-

scsyeg

ASKER

@Mohammed Khawaja thank you for your response - currently have a little WMIC script of my own, however, I cannot find how to stop it from rebooting the system and scheduling it to reboot after hours. I have clients that have laptops or sporadic schedules to account for that I need to do this remotely from

@Saige thank you for your response - I will test this out and see if I can integrate it with an uninstall command (I'm a linux guy, so if you have suggestions on how to do this in cmd, I'd appreciate it)

ASKER CERTIFIED SOLUTION

scsyeg

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Mohammed Khawaja

There is a better way. Run the following PowerShell command:

$product = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like "xxx"}
$AppGuid = $product.properties["IdentifyingNumber"].value.toString()
MsiExec.exe /norestart /q/x $AppGuid REMOVE=ALL

scsyeg

ASKER

After further investigation, this turned out to be the cleanest solution to the situation (within scope).