Endpoint Protection

 View Only

  • 1.  Automated uninstall of SEP 14.x client

    Posted Aug 21, 2018 01:58 PM

    Hello there,

    I've been tasked with finding a way to automatically uninstall the SEP 14 client from a batch of PCs so another group can install other stuff, then reinstall the client.

    Automated installs are easy.  Automated uninstalls would be easy too, BUT.... I cannot find a way to pass the uninstall password to the client in an msiexec commandline.  Is there a public property that can be referenced to pass the uninstall password?

    SEPprep will not work and notes about removing a registry entry that holds the password that I've seen don't apply to version 14.

    Any ideas or solutions?

     

     

     



  • 2.  RE: Automated uninstall of SEP 14.x client

    Posted Aug 21, 2018 02:02 PM

    I believe you need to remove the uninstall password first.



  • 3.  RE: Automated uninstall of SEP 14.x client

    Posted Aug 21, 2018 02:10 PM

    That does simplify the uninstall process but as it removes the uninstall password from ALL clients, they'd rather not go that route.

    That's why I'm looking for a way to pass the uninstall password in an msiexec command line, or some other command line.



  • 4.  RE: Automated uninstall of SEP 14.x client

    Posted Aug 21, 2018 02:13 PM

    This is what I found from Symantec:

    https://www.symantec.com/docs/TECH105827

    Doesn't appear to be possible unless the password is removed first.



  • 5.  RE: Automated uninstall of SEP 14.x client

    Posted Aug 21, 2018 03:16 PM

    Can you move the devices to a new group, remove the uninstall password from the policy, and then after the software is done, move them back?



  • 6.  RE: Automated uninstall of SEP 14.x client

    Posted Aug 21, 2018 06:24 PM

    This might actually work if I uncheck the Apply password settings to non0inherited sub-groups and then make sure each sub-group has the correct password, except the ToBeUninstalled group.



  • 7.  RE: Automated uninstall of SEP 14.x client

    Trusted Advisor
    Posted Aug 22, 2018 04:16 PM

    The uninstall password is part of Symantec and is not within the command line string of msiexec, sadly.

    I would suggest that you create a new Group within SEPM, where the Policy is set not to have the password in place. When they're ready to install something, just move their computer to this newly created group and the password will be removed itself, so they can freely uninstall it.

    Once completed, move the Computer back to the original group and have the SEP client reinstalled. Bonus if you already set up the Packages, so it will be installed & protected itself (reboot may be required)

    Hope this helps.



  • 8.  RE: Automated uninstall of SEP 14.x client

    Posted Aug 22, 2018 04:49 PM

    The uninstall password, as far as uninstalling goes, is just a parameter.  It /could/ be passed to msiexec through a property parameter such as PASSWORD="WhatEver", if the msi is rigged to accept it.

    The uninstall password is stored on the local PC somewhere, because the uninstaller will check the password even if the PC has no network connection at the time you try to uninstall, but it's not stored in the same place, nor in the same keyname that was used in earlier versions.

    So far, using groups to specify one without an uninstall password seems like the most workable method.