asked on
Uninstalling software using a startup script
Hi
I am attempting to remove an application during computer startup using a script and group policy. The client is Windows 7 and the server is 2012.
I have created a very basic batch file:
msiexec /x {product GUID} /quiet
If I manually run this as a normal user, it fails since we have UAC enabled and don't let our standard users have local admin group membership. Which is fine and to be expected.
If I manually run it as an admin, it works.
So now I want to automate the process, so I have created a Group Policy Object, linked it to the OU where my test computer exists, and edited the policy. I have browsed to Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown) -> Startup, and added the batch file.
The file is located in \\domain.com\SYSVOL\domain
I have confirmed the policy is applied to the computer using gpresult.
The script does not appear to run no matter how many times I restart the computer. I cannot see any sign of it being processed in the event logs.
I have tried enabling the setting 'Always wait for the network at computer startup and logon' but this has not helped.
Since startup scripts run under the Local System account, I have used psexec to run an explorer session as the system account, then browsed to the batch file and tried to run it, but I get the following error:
Product: FortiClient SSLVPN v4.0.2277 -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.
Any help is much appreciated.
Cheers
I am attempting to remove an application during computer startup using a script and group policy. The client is Windows 7 and the server is 2012.
I have created a very basic batch file:
msiexec /x {product GUID} /quiet
If I manually run this as a normal user, it fails since we have UAC enabled and don't let our standard users have local admin group membership. Which is fine and to be expected.
If I manually run it as an admin, it works.
So now I want to automate the process, so I have created a Group Policy Object, linked it to the OU where my test computer exists, and edited the policy. I have browsed to Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown) -> Startup, and added the batch file.
The file is located in \\domain.com\SYSVOL\domain
I have confirmed the policy is applied to the computer using gpresult.
The script does not appear to run no matter how many times I restart the computer. I cannot see any sign of it being processed in the event logs.
I have tried enabling the setting 'Always wait for the network at computer startup and logon' but this has not helped.
Since startup scripts run under the Local System account, I have used psexec to run an explorer session as the system account, then browsed to the batch file and tried to run it, but I get the following error:
Product: FortiClient SSLVPN v4.0.2277 -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.
Any help is much appreciated.
Cheers
Windows Server 2012Windows 7Scripting Languages
Last Comment
failed
Don't know if this is the case but the GPO must be linked to the Computers OU not the Users OU and also the GPO computer section must be enabled.
Best regards
Best regards
ASKER
Hi McKnife - thanks for that - I have run it from within the CMD as System account and it ran successfully, so it evidently isn't a permissions issue.
Hi wpadron - I have checked that the policy is linked to the Computers OU, which it is. What do you mean by 'the GPO computer section must be enabled'? I have used settings within the Computer Configuration (rather than User) if that's what you're referring to?
Many thanks for your help
Hi wpadron - I have checked that the policy is linked to the Computers OU, which it is. What do you mean by 'the GPO computer section must be enabled'? I have used settings within the Computer Configuration (rather than User) if that's what you're referring to?
Many thanks for your help
Please verify if startup scripts run at all.
Take a script
md c:\test
and see.
Take a script
md c:\test
and see.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
For your info: there are systems that boot so quickly, that there network interface is not ready to digest startup scripts yet. Therefore, there are policies that will make the machine wait for the network to initialize.
ASKER
Yes I'm aware of that, and I had already tried enabling that setting (Always wait for the network at computer startup and logon). Didn't seem to fix it.
That's not the only policy.
http://technet.microsoft.com/en-us/library/jj573586.aspx
http://technet.microsoft.com/en-us/library/cc940027.aspx
Look at those and try them, too.
http://technet.microsoft.com/en-us/library/jj573586.aspx
http://technet.microsoft.com/en-us/library/cc940027.aspx
Look at those and try them, too.
ASKER
Never got to the bottom of the issue. Solution not required any more.
You cannot run explorer as system. Retry with cmd
psexec -s -I cmd
then, inside cmd, call that script.