Endpoint Protection

 View Only

Uninstall SEP client Through GPO 

Apr 02, 2013 03:12 AM

Hello,

I have found one of the Best way to uninstall SEP clients in a large numbers with the help of GPO.I have tested this in my test environment. By the help of this Article you will be able to uninstall the SEP client through Group Policy Object.

What you have to do is create a startup or shut down script.

Note:-In SEPM side you need to remove uninstall password.

  1. To Remove Uninstall Password settings in SEPM go to

SEPM console->Clients tab ->Policies ->General Settings-> Security Settings.

 

To Get Uninstall String in SEP client

Uninstall String is different for Every version of Sep client

SEP Client  12.1.671.4971.105

MsiExec.exe /I{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}

SEP 12.1.2

MsiExec.exe /I {C2103AF2-E66C-446B-9791-9207840EC821}

Follow these steps to get Uninstall Strings.

  1. Start->RUN->Regedit
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}.

 

 Uninstal_1.JPG

Create Batch File

@Echo off

MsiExec.exe /x {C2103AF2-E66C-446B-9791-9207840EC821}  /qn

Exit

Create Batch file as uninstall.bat and save it into AD net logon folder (Shared Location).

How to run Batch file Through Group Policy

1. Start Run ->GPMC.MSC. 

2. Right click on Domain name and select create a GPO in the domain

Uninstall1_0.jpg

3. Give the GPO name (SEP uninstall)

Uninstal2.jpg

4. Edit Newly Created GPO SEP uninstall.

Uninstal3.jpg

5. Go to Computer Configuration ->Policies ->Windows Settings ->Select Script (Startup/Shutdown).

Uninstal4.jpg

6. Select Startup Script ->Add.

Uninstal5.jpg

7. Browse Batch file ( Shared Location) -> Ok.

Uninstal6.png

 

Uninstal7.jpg

8. Apply Ok.

Uninstal8.jpg

9. Select AD OU where you want to apply and  select Link an Existing GPO.

Uninstal9.jpg

10. Select GPO and OK.

Uninstal10.jpg

 

10 Restart Computer.

11.This process will take 5 to 10 min. for removing Sep client.

Note:-

  • In SEPM side you need to remove uninstall password.
  • I have tested this process in my testing environment successfully
  • Please use this article First in your test environment then apply to your production environment.

I hope this Article will helpfull to you all……

Statistics
0 Favorited
29 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

May 09, 2013 05:28 PM

I'm guessing that your planning to migrate to another Antivirus vendor or upgrade to another version of SEP. (SEP can upgrade over older versions btw).  When you follow your appouch you leave the computers unprotected. A big security risk

I would recommendt to combine the uninstallation of the old antivirus software with installation of the new one to minimize the time your computers are left without protection. The same script to uninstall old AV and install new.

Also: if you wish to uninstall through CMD  its easier to use the command below. That way you don't need to update with new MSI string everytime SEP comes out in a new version.

wmic product where "name like 'Symantec Endpoint Protection%'" call uninstall /nointeractive

Torb

Related Entries and Links

No Related Resource entered.