Solved

Uninstalling software using a startup script

Posted on 2014-11-24
9
103 Views
Last Modified: 2014-12-20
Hi

I am attempting to remove an application during computer startup using a script and group policy. The client is Windows 7 and the server is 2012.

I have created a very basic batch file:

msiexec /x {product GUID} /quiet

If I manually run this as a normal user, it fails since we have UAC enabled and don't let our standard users have local admin group membership. Which is fine and to be expected.

If I manually run it as an admin, it works.

So now I want to automate the process, so I have created a Group Policy Object, linked it to the OU where my test computer exists, and edited the policy. I have browsed to Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown) -> Startup, and added the batch file.

The file is located in \\domain.com\SYSVOL\domain.com\Policies\{product GUID}\Machine\Scripts\Startup, as per Microsoft recommendation.

I have confirmed the policy is applied to the computer using gpresult.

The script does not appear to run no matter how many times I restart the computer. I cannot see any sign of it being processed in the event logs.

I have tried enabling the setting 'Always wait for the network at computer startup and logon' but this has not helped.

Since startup scripts run under the Local System account, I have used psexec to run an explorer session as the system account, then browsed to the batch file and tried to run it, but I get the following error:

Product: FortiClient SSLVPN v4.0.2277 -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Any help is much appreciated.

Cheers
0
Comment
Question by:failed
  • 4
  • 4
9 Comments
 
LVL 53

Expert Comment

by:McKnife
ID: 40462773
> I have used psexec to run an explorer session as the system account
You cannot run explorer as system. Retry with cmd
psexec -s -I cmd
then, inside cmd, call that script.
0
 
LVL 10

Expert Comment

by:Walter Padrón
ID: 40463129
Don't know if this is the case but the GPO must be linked to the Computers OU not the Users OU and also the GPO computer section must be enabled.

Best regards
0
 

Author Comment

by:failed
ID: 40464052
Hi McKnife - thanks for that - I have run it from within the CMD as System account and it ran successfully, so it evidently isn't a permissions issue.

Hi wpadron - I have checked that the policy is linked to the Computers OU, which it is. What do you mean by 'the GPO computer section must be enabled'? I have used settings within the Computer Configuration (rather than User) if that's what you're referring to?

Many thanks for your help
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40464188
Please verify if startup scripts run at all.
Take a script

md c:\test

and see.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Accepted Solution

by:
failed earned 0 total points
ID: 40500750
This issue was never fixed - the startup script just seemed to randomly work on some computers and not others.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40501544
For your info: there are systems that boot so quickly, that there network interface is not ready to digest startup scripts yet. Therefore, there are policies that will make the machine wait for the network to initialize.
0
 

Author Comment

by:failed
ID: 40502937
Yes I'm aware of that, and I had already tried enabling that setting (Always wait for the network at computer startup and logon). Didn't seem to fix it.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40503045
0
 

Author Closing Comment

by:failed
ID: 40510562
Never got to the bottom of the issue. Solution not required any more.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now