Uninstalling software using a startup script

Hi

I am attempting to remove an application during computer startup using a script and group policy. The client is Windows 7 and the server is 2012.

I have created a very basic batch file:

msiexec /x {product GUID} /quiet

If I manually run this as a normal user, it fails since we have UAC enabled and don't let our standard users have local admin group membership. Which is fine and to be expected.

If I manually run it as an admin, it works.

So now I want to automate the process, so I have created a Group Policy Object, linked it to the OU where my test computer exists, and edited the policy. I have browsed to Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown) -> Startup, and added the batch file.

The file is located in \\domain.com\SYSVOL\domain.com\Policies\{product GUID}\Machine\Scripts\Startup, as per Microsoft recommendation.

I have confirmed the policy is applied to the computer using gpresult.

The script does not appear to run no matter how many times I restart the computer. I cannot see any sign of it being processed in the event logs.

I have tried enabling the setting 'Always wait for the network at computer startup and logon' but this has not helped.

Since startup scripts run under the Local System account, I have used psexec to run an explorer session as the system account, then browsed to the batch file and tried to run it, but I get the following error:

Product: FortiClient SSLVPN v4.0.2277 -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Any help is much appreciated.

Cheers
failedAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
> I have used psexec to run an explorer session as the system account
You cannot run explorer as system. Retry with cmd
psexec -s -I cmd
then, inside cmd, call that script.
0
Walter PadrónCommented:
Don't know if this is the case but the GPO must be linked to the Computers OU not the Users OU and also the GPO computer section must be enabled.

Best regards
0
failedAuthor Commented:
Hi McKnife - thanks for that - I have run it from within the CMD as System account and it ran successfully, so it evidently isn't a permissions issue.

Hi wpadron - I have checked that the policy is linked to the Computers OU, which it is. What do you mean by 'the GPO computer section must be enabled'? I have used settings within the Computer Configuration (rather than User) if that's what you're referring to?

Many thanks for your help
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

McKnifeCommented:
Please verify if startup scripts run at all.
Take a script

md c:\test

and see.
0
failedAuthor Commented:
This issue was never fixed - the startup script just seemed to randomly work on some computers and not others.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
For your info: there are systems that boot so quickly, that there network interface is not ready to digest startup scripts yet. Therefore, there are policies that will make the machine wait for the network to initialize.
0
failedAuthor Commented:
Yes I'm aware of that, and I had already tried enabling that setting (Always wait for the network at computer startup and logon). Didn't seem to fix it.
0
McKnifeCommented:
0
failedAuthor Commented:
Never got to the bottom of the issue. Solution not required any more.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.