How can I disable the UAC and remove and reinstall the Ampagent without rebooting?
I've tried the options below, but so far the UAC won't disable. If I disable it manually, the agent gets removed and reinstalled perfectly. I need it to do the whole deal without interaction. My tech at the remote site is injured and can't walk to every machine. :-(
I do understand that the UAC wants a reboot, but I know there's a way around that somehow. I've tested with a domain admin account and the local built-in admin.
Anyone know how to get this done. I've got almost 200 remote machines with old 5.3 agents that no longer check in. I'll need to deploy the script with something other than Kace. We can't use Kace's provisioning due to the NTLM limitation and our sec policies.
[code]
SET __COMPAT_LAYER=WINXPSP3
[/code]
Also tried
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
0 Comments
[ + ] Show comments
Answers (5)
Answer Summary:
Thanks goes to @SMall.tmcc for persistent assistance on this. Apologies if my code doesn't format properly below. I couldn't see a code block option in the summary. This code was written and compiled in AutoIT ; ** UNINSTALL ** Run(@ComSpec & " /c psexec @C:\atools\PCLIST.txt -accepteula -s -i ""C:\Program Files (x86)\Dell\Kace\amptools"" -uninstall") ; 7 second nap Sleep(7000) ; ** INSTALL ** Run(@comspec & " /k psexec @c:\atools\PCLIST.txt -s cmd /c msiexec.exe /i \\[server.domain.gov]\ampagent-5.5.30275-x86_[K1000server.domain.gov].msi /qb") MsgBox(0,'', "DONE")
Thanks goes to @SMall.tmcc for persistent assistance on this. Apologies if my code doesn't format properly below. I couldn't see a code block option in the summary. This code was written and compiled in AutoIT ; ** UNINSTALL ** Run(@ComSpec & " /c psexec @C:\atools\PCLIST.txt -accepteula -s -i ""C:\Program Files (x86)\Dell\Kace\amptools"" -uninstall") ; 7 second nap Sleep(7000) ; ** INSTALL ** Run(@comspec & " /k psexec @c:\atools\PCLIST.txt -s cmd /c msiexec.exe /i \\[server.domain.gov]\ampagent-5.5.30275-x86_[K1000server.domain.gov].msi /qb") MsgBox(0,'', "DONE")
Please log in to answer
Posted by:
jagadeish
9 years ago
You are not supposed to disable UAC. Instead, have you tried removing and reinstalling the Ampagent through System context using PSEXEC.exe
Comments:
-
I have not, but I'll begin investigating and testing that option now.
Anything special to know about this method? - murbot 9 years ago
Posted by:
murbot
9 years ago
@SMal.tmcc - Thanks for hanging in there with me. I really appreciate it. I got it to run and remove the Kace agent remotely this morning running as below. I got to the answer sooner than I would have thanks to you.
On my host machine, I opened an elevated cmd prompt, then ran the line below. For future readers, the '-accepteula' can be removed as long as you click the button that pops up the first time you run psexec on a host machine. You don't need to click accept or do anything for the eula on the client.
WORKING:
C:\>psexec \\remoteclient.domain.gov -accepteula -s -i "C:\Program Files (x86)\Dell\Kace\amptools" -uninstall
Alternatively...and I haven't tested this, but I think the line below may also work now.
C:\>psexec \\remoteclient.domain.gov -accepteula -s -i msiexec -x "[unc_path_to_ampagent...msi]"
Thanks
Comments:
-
:) - SMal.tmcc 9 years ago
-
SMall.tmcc - Disregard this post unless you have alternate suggestion. I got it to call PCLIST.txt by copying PCLIST.txt to the system32 directory. So then I could also add the other location to the environment PATH list or I think there's a method to do within the PSEXEC command line. Either way. It's calling my txt file now. :-)
Cheers
-----The text below was this original post----
I was just about to post a question.
How (syntax), do i call the @file?
The stuff we covered is still working great, but I'm attempting to call from a list. Just testing with one name in the list for now. File name is PCLIST.txt and the entire contents are "comp.domain.gov"
PCLIST.txt resides on my host machine: c:\tools\pclist.txt
EDIT: The entire error is: "Error opening c:\tools\PCLIST.txt: Cannot find the file..."
I'm getting "cannot find the file specified". I've been searching the Google for an hour and find mostly variable references, but no examples that are stated to be working.
My attempts have been like so:
psexec @c:\tools\PCLIST.txt -accepteula -s -i "C:\Program Files (x86)\Dell\Kace\amptools" -uninstall - murbot 9 years ago-
that should be right, here is one of the calls we use. The txt file is on the server with pstools.
psexec @C:\pstools\ClassRoomFiles\MWS-321.txt -i -accepteula -u tmccacad\adminuser -p password -d C:\Windows\W2D\fixlogon.bat
mws-321.txt:(the server is in the same domain so we use the short machine name)
mws-321-tchr
mws-321-01
mws-321-02
mws-321-03
mws-321-04
mws-321-05
mws-321-06
mws-321-07
mws-321-08
mws-321-09
mws-321-10
mws-321-11
mws-321-12
mws-321-13
mws-321-14
mws-321-15
mws-321-16 - SMal.tmcc 9 years ago -
only difference is you are using the -s system call instead of using a user, I do not know if that makes any difference in using a txt file, I would not think that would prevent it from reading the file - SMal.tmcc 9 years ago
Posted by:
murbot
9 years ago
SMall.tmcc,
I thought I should post the completed code for future reference and also wanted to let you know how grateful I am that you stayed in contact. A lot of folks will stop responding after going back and forth [x] number of times. They either get busy, or may just not want to carry on with it. The applications for what you helped with will serve me in many areas beyond the one we covered. Thanks again.
To others: I'm sure there are other ways to this, but our network has some additional security that pointed me in this direction.
For future readers:
You should be logged on as a domain admin or with at least some level of network administration access.
I used AutoIT to code and compile this into an exe so our techs can run it when needed.
Save a file named PCLIST.txt in C:\aTools
Put the computer names the code should run on in PCLIST.txt
You can put just one name in if needed. I don't know if there is a limit to how many can be used.
If you want to reinstall the agent on a remote machine named xyz, then run it from host machine that has access.
The code will run and it takes about what you'd expect for an uninstall/reinstall to occur, plus a 7 second break. Just an arbitrary number. The "Done" message box only pops on the host machine, not the remote machine.
; ** UNINSTALL **Run(@ComSpec & " /c psexec @C:\atools\PCLIST.txt -accepteula -s -i ""C:\Program Files (x86)\Dell\Kace\amptools"" -uninstall"); 7 second napSleep(7000); ** INSTALL **Run(@comspec & " /k psexec @c:\atools\PCLIST.txt -s cmd /c msiexec.exe /i \\[server.domain.gov]\ampagent-5.5.30275-x86_[K1000server.domain.gov].msi /qb")MsgBox(0,'', "DONE")
Comments:
-
Great job! as far as I know there is no limit in the txt file to the number of entries. If you use that list often and want to skip any machine in your txt file just put a semi-colon in-front of that name and it not be able to find that machine and skip to the next one in the list. We do that a lot, we have a list for every classroom to allow us to run a change against that room as we go when we cannot make the change via Kace. You should mark this answered and paste your code into the summary. - SMal.tmcc 9 years ago
-
Great tip on skipping a machine. That makes it possible to put notes in [pclist].txt template.
I'll mark it answered and post the code now.
btw - Truckee is great (beautiful in winter). It's been 25 years since I was there for a week to visit and ski. It remains one of my top 3 places. Sorry for jumping off topic. :-)
Cheers - murbot 9 years ago-
are you in Ashland? - SMal.tmcc 9 years ago
-
I'm in Maryland. Live about 45 minutes from DC and work at the NIH in Bethesda. Family trip to Tahoe years ago and my cousin over did it on the cross country skis and got lost in Truckee. We had to go get her. Those snowy roads are just great. - murbot 9 years ago
-
Ahh, I know another tech at the University in Ashland OR who works with someone that has the same handle as you do for his email.
I Grew up in upstate NY, USAF stationed me LV, so when I got out moved to Reno, better climate, not as hot as Vegas and not as cold as NY. and great skiing! - SMal.tmcc 9 years ago -
The dog in my avatar was my best bud. He passed in 2010, but his name was Murry (no 'a'). I got him from my sister who lived in Murray KY and at the time, I lived in MD on Murray Hill Rd. My other login name is stev379, but it's because I had a phone with 379-steve as the number years ago. People ask if I was born in 79 and I didn't like that because they think I'm younger than I am. Which bugged me up till last year. I'll be 41 next month though and I'm now kinda happy for folks to think I was born in 79 - LOL. Yep, I'm a Steve too. :-)
I'll stop posting off-topic now. :-) That other login name at comcast - net is my email. Feel free to ping me anytime. - murbot 9 years ago
Posted by:
SMal.tmcc
9 years ago
I agree use pstools psexec to get around the UAC, you can run that as an admin from any domain system, you do not need kace to do this either. Disablling the UAC requires a reboot, do not know of any way around it
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
Comments:
-
use the file method to run it, then you can list the machines needing the fix and get them all at once
psexec @Machines.txt -i -accepteula -u AdminLevelUser -p password -d C:\...\ExeorBat to call - SMal.tmcc 9 years ago-
Thanks. I've been toying with it all day and no luck thus far.
We're domain admins of our OU, but not Ent Admins. We have almost 30 sub institutes here and we only cover one of them with about 1500 people. Only 200 at this remote site. The point is that each institute has an OU with User/Computers/OPS/Groups etc. The same deal as with a domain basically. But it does cause some AD related permission issues.
I get access denied with the syntax below. Even if I logon as the built-in Admin and remove "-s" and run it from an elevated prompt. ...I tried the elevated prompt remotely and locally.
I'm using the syntax below:
PSEXEC -accepteula -u domain\username \\computer.domain.gov -s -i -d msiexec -x ampagent-5.5.30275-x86_HOST.domain.gov.msi -qb - murbot 9 years ago-
does it fail when run like this?
PSEXEC \\computer.domain.gov -accepteula -u administrator -p password -i -d msiexec -x ampagent-5.5.30275-x86_HOST.domain.gov.msi -qb - SMal.tmcc 9 years ago
Posted by:
murbot
9 years ago
@ SMall.tmcc - No luck.
I ran it like below, but no luck. Sorry my name blocks make it look messy, but you can see the syntax.
I tried it with my domain account using my name as domain\username and then again with just 'administrator' minus the quotes as the name. Both returned the same error. PSExec is in the SysWOW64 folder on both computers and the ampagent...msi is in the C:\INSTALLS folder on the machine I'm sitting at. But not on the remote machine that I'm trying to remove the agent from.
The error looks like PSExec thinks the username is in a filename position I think.
I
Comments:
-
duh yea, you would need to call the exact location of the msi. the -d call should be in quotes also since you have spaces in the call.
-d "msiexec -x c:\the\path\on\the\target\machine\ampagent-5.5.30275-x86_host.domain.gov.msi -qb" - SMal.tmcc 9 years ago-
Sadly, I did call the exact location, but it's residing on my host, not the remote machine. :-(
So I'm on PCAB and the ampagent.msi is here: C:\INSTALLS\ampagent...msi
AH HA!, but that location is not named with an admin share or shared so the remote computer can see IT!!! aagghhh. For some reason I though it just needed to be seen from the host. I agree with you "Duh". LOL Testing again. :-) Thanks!! - murbot 9 years ago -
I cannot remember but with 5.5 can you call C:\Program Files (x86)\Dell\Kace\amptools -uninstall like you can with 6.0? - SMal.tmcc 9 years ago
-
I don't know because I haven't up'd to 6.0 yet. I'm not sure how it is done there. I mean, I have called it, but not sure if it's the same in 5.5 and 6.0. - murbot 9 years ago
-
try calling amptools -uninstall instead of msiexec -x at least that will be in the same spot on your systems. - SMal.tmcc 9 years ago
-
Still getting "The system can't find the file specified".
I tried running it with my domain\useradmin and also the local admin account. I also tried calling a copy of the MSI from our existing shared SDP on our network and then I placed a copy in C:\MSI on the remote machine, but it can't find it. I double checked my spelling of the MSI as well.
EDIT - I actually started with amptools - uninstall last week, but couldn't get it to work either. I'll check it again to be sure. - murbot 9 years ago-
Yep. Same issue. I ran
psexec \\comp.domain.gov -accepteula [username] -p [password] -i -d "C:\Program Files (x86)\Dell\Kace\amptools -uninstall
And the result is "PsExec could not start [username] on [remote pc].
The system cannon find the file specified. - murbot 9 years ago -
Try putting a -u in front of username and a " at the end
this
psexec \\comp.domain.gov -accepteula -u [username] -p [password] -i -d "C:\Program Files (x86)\Dell\Kace\amptools" -uninstall
or this
psexec \\comp.domain.gov -accepteula -u [username] -p [password] -i -d "C:\Program Files (x86)\Dell\Kace\amptools -uninstall" - SMal.tmcc 9 years ago