Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 112
  • Last Modified:

Uninstalling software using a startup script

Hi

I am attempting to remove an application during computer startup using a script and group policy. The client is Windows 7 and the server is 2012.

I have created a very basic batch file:

msiexec /x {product GUID} /quiet

If I manually run this as a normal user, it fails since we have UAC enabled and don't let our standard users have local admin group membership. Which is fine and to be expected.

If I manually run it as an admin, it works.

So now I want to automate the process, so I have created a Group Policy Object, linked it to the OU where my test computer exists, and edited the policy. I have browsed to Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown) -> Startup, and added the batch file.

The file is located in \\domain.com\SYSVOL\domain.com\Policies\{product GUID}\Machine\Scripts\Startup, as per Microsoft recommendation.

I have confirmed the policy is applied to the computer using gpresult.

The script does not appear to run no matter how many times I restart the computer. I cannot see any sign of it being processed in the event logs.

I have tried enabling the setting 'Always wait for the network at computer startup and logon' but this has not helped.

Since startup scripts run under the Local System account, I have used psexec to run an explorer session as the system account, then browsed to the batch file and tried to run it, but I get the following error:

Product: FortiClient SSLVPN v4.0.2277 -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Any help is much appreciated.

Cheers
0
failed
Asked:
failed
  • 4
  • 4
1 Solution
 
McKnifeCommented:
> I have used psexec to run an explorer session as the system account
You cannot run explorer as system. Retry with cmd
psexec -s -I cmd
then, inside cmd, call that script.
0
 
Walter PadrónCommented:
Don't know if this is the case but the GPO must be linked to the Computers OU not the Users OU and also the GPO computer section must be enabled.

Best regards
0
 
failedAuthor Commented:
Hi McKnife - thanks for that - I have run it from within the CMD as System account and it ran successfully, so it evidently isn't a permissions issue.

Hi wpadron - I have checked that the policy is linked to the Computers OU, which it is. What do you mean by 'the GPO computer section must be enabled'? I have used settings within the Computer Configuration (rather than User) if that's what you're referring to?

Many thanks for your help
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
McKnifeCommented:
Please verify if startup scripts run at all.
Take a script

md c:\test

and see.
0
 
failedAuthor Commented:
This issue was never fixed - the startup script just seemed to randomly work on some computers and not others.
0
 
McKnifeCommented:
For your info: there are systems that boot so quickly, that there network interface is not ready to digest startup scripts yet. Therefore, there are policies that will make the machine wait for the network to initialize.
0
 
failedAuthor Commented:
Yes I'm aware of that, and I had already tried enabling that setting (Always wait for the network at computer startup and logon). Didn't seem to fix it.
0
 
McKnifeCommented:
0
 
failedAuthor Commented:
Never got to the bottom of the issue. Solution not required any more.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now