Endpoint Protection

I have SEPM 11.0.6005 and I need to uninstall the client from a machine remotely. I'm tryingot use the psexec tool to do so. Clients also have a uninstall password enabled.

What does the command need to exactly look like to uninstall? I've tried this below and the error says it cannot find the file specified. I'm using the correct registry string and the IP address is correct.

>psexec.exe \\IPaddress -u domain\admin -p password "msiexec -x {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}"

The error message I get is: PsExec could not start msiexec -x {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D} on 192.168.1.50: the system cannot find the file specified.

So I figure it's not using an msi file?

Also, do you have or know of a script to uninstall\disable the password since we do have it on clients.

Unbelieveable how Symantec cant just have an uninstall remote utility within SEPM.

btw, if I try this path below on the a local test machine it works up to the point of the uninstall password.

>msiexec.exe /x {Product ID}

But I still cant get to the point of doing it remotely. I'm using the correct IP address and have domain admin rights.

Use the SEPPrep tool:

https://www-secure.symantec.com/connect/videos/demo-how-use-symantec-endpoint-protection-prep-tool

It's purpose is a competitive uninstaller and SEP installer but it can be modified to just remove SEP.

It can be found on the DVD under \Tools\NoSupport\CompetitiveUninstall

If you deploy from console I don't believe it uses an MSI. If you deploy from SCCM, then it can, depending on how it was configured.

SEP uninstall pw reg key is here:

My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Administrator Only\Security\VPUninstallPassword

It can also be configured to remove the pw in the sepprep.ini

Does your client still have connectivity to the Server?

If so, than you will need to remove the uninstall password on the server side.

Best way to do this, for a single machine, create a new group and than add the client in it.  Remove the uninstall password for that group only.  You are going to need to remove "inherit permissions" on the newly created group.

* * * * * *

Otherwise, you should be able to execute the command MSIEXEC /x {product ID}.

What version of SEP do you have installed?  And where did you get your Product ID?

One more thing, for PSIexec, best to call the whole path to the executable...

MSIEXEC works locally because it is in the "Local machine's system path (environment variable)"

psexec.exe \\IPaddress -u domain\admin -p password "c:\windows\system32\msiexec.exe /x {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}"

And it's also a '/' not a '-' before the 'x'

See if that will help.

till need to know the version of SEP installed on the client please

Jason 1222 - thanks for the comments. I'll try that now.

client is 11.0.6005. I  got the product ID from the registry - hkey local machine>software>microsoft>windows>currentversion>uninstall

This is an exact copy of the output of the command I just ran (edited the domain password)

I also verified that the msiexec.exe is in the c:\windows\system32\  directory on the remote machine.

crazy...

C:\Windows\System32>PsExec.exe \\10.1.20.134 -u domain\account -p pass "c:\windows\system32\msiexec.
exe /x {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}"

PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Starting c:\windows\system32\msiexec.exe /x {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D} on 10.1.20.134...

PsExec could not start c:\windows\system32\msiexec.exe /x {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D} on
10.1.20.134:
The system cannot find the path specified.

C:\Windows\System32>

I haven't used PSExec for a while so I don't remember the exact syntax.  But what I do rememeber is trying to troubleshoot issues like yours.  What I used to do, and I suggest for you, is to see if you can get a simple program to simply run on the remote computer -- like notepad.exe.  That way you can see if your syntax and username/password/credentials are right and working.  If done right, notepad will popup on the remote computer.

When you attempt to uninstall a SEP client that is password protected a prompt appears on screen requesting the password. You cannot, as of this time, configure the MSI command line switches to automate this password process.

If your command line is correct and you are using the correct MSI GUID for the SEP client you should actually be able to see the pop up requesting the password appear on the client when the installer reaches that point in the process.

If disabling the currently applied password is not an option I would recommend to call into support and open a case. A technician can assist you with manually removing the uninstall password configuration directly from the client.

btw, if I try this path below on the a local test machine it works up to the point of the uninstall password. So, on the client machine everythig is fine - I get the password uninstall prompt.

>msiexec.exe /x {Product ID}

on the remote machine I'm not even getting a prompt for the password - it says -The system cannot find the path specified. So thats why I need help with - why cant it find the msiexec.exe file while it is there on the remote machine?

Is there something wrong with my syntax?

C:\Windows\System32>PsExec.exe \\10.1.20.134 -u domain\account -p pass "c:\windows\system32\msiexec.
exe /x {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}"

PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Starting c:\windows\system32\msiexec.exe /x {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D} on 10.1.20.134...

PsExec could not start c:\windows\system32\msiexec.exe /x {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D} on
10.1.20.134:
The system cannot find the path specified.

C:\Windows\System32>