Jump to content
DarrenWhite99

CWAutomate Agent Executioner script

Recommended Posts

I present: A CWAutomate Executioner.

This script is designed to install itself as a startup task that runs as system. After each startup, it will run a knife right through any CWA Agents that it finds, delete the LTSvc folder, and clear out registry keys.

  • To help make sure this agent is not installed again, it re-creates the LabTech\Service registry key with read only permissions.
  • It also creates the LTSvc directory, but denies everyone read and execute status.
  • These steps should prevent any attempts (ever) to reinstall a LabTech agent on the system.

You can save and run the .bat file or just paste the content into an Execute Script block, it will install from any temporary location automatically. 

After it has installed, you can run it without waiting for a restart with: schtasks.exe /run /i /tn "CWAutoMaintenance"

The script has a few other tricks:

  • If you set LOGGINGPATH on line 3 to a file path the actions will be recorded. If you set it to CON, it will just output everything as it runs.
  • You can pass as a parameter any of the labels, and it will jump to that label. Some options:
  • UNINSTALL - Will just perform the uninstall, without installing the scheduled task. Does not exit until the process has completed.
  • DELAYUNINSTALL - Will launch a background call to the script to start in 2 minutes, and immediately exits. This is safe to even run from CWAutomate since it will not begin the uninstall for 2 minutes after the command finishes.
  • NEVERMIND - Removes the scheduled task.

This is just a re-post under a new topic of my original comment under this thread: https://www.labtechgeek.com/topic/3702-block-former-clients-agents-from-eating-up-licenses/?do=findComment&comment=22906

 

CWAutomateDestruction.zip

Keywords: destroy destruction offboarding removal remove agent ban banned blacklist blacklisting permanent prevent execute

  • Like 4

Share this post


Link to post
Share on other sites

Thanks very much @DarrenWhite99, I've had a few ex client devices checking back in for months even after running the offboarding script so something is auto-deploying our agent. 

I tested it and it worked flawlessly. The 'blocking' technique worked by default and if you wanted to revert it I found (on a Win10 machine) that simply enabling inheritance on the registry key, and then removing the Deny entry on the LTsvc folder allows you to delete them so they can be installed again. Don't forget to remove the scheduled task as well otherwise it will all happen again after a reboot!

 

Not sure why you'd do that after running the script but you never know!

Edited by Flobberknock
  • Thanks 1

Share this post


Link to post
Share on other sites

Is there a reasonable way to have this automatically run when an agent checks into a certain location? 

Share this post


Link to post
Share on other sites

Hi I want to remove it to install our own Automate agent.  If this make the registry read only then we have a new issue to install the product.  all  I want to do is remove it on all machine pc or Server via group policy.   Can you make that possible...

Share this post


Link to post
Share on other sites
On 2/15/2019 at 9:41 PM, amw3000 said:

Is there a reasonable way to have this automatically run when an agent checks into a certain location? 

Schedule a repeating script that runs it on a location.

Share this post


Link to post
Share on other sites
On 4/11/2019 at 2:28 PM, Emski said:

Hi I want to remove it to install our own Automate agent.  If this make the registry read only then we have a new issue to install the product.  all  I want to do is remove it on all machine pc or Server via group policy.   Can you make that possible...

No*. Use a script like https://slack-files.com/T0SD04DSM-F8RA68F53-da5f31ba6a (which uses the LabTech-PowerShell module, LT-PoSh) to remove any existing agent and install your agent.

 

*If you edit the script, look for ":BlockInstall" starting on line 116. If you wiped from there to the end of the script, you would take away the "nasty" parts and it would just be a remover. 
 

Share this post


Link to post
Share on other sites
On 4/13/2019 at 2:45 AM, DarrenWhite99 said:

Schedule a repeating script that runs it on a location.

How taxing is that on the server? My concern is that I will end up with a ton of pending scripts and a small window for these rouge agents checking in and for that scheduled script to run. 

Share this post


Link to post
Share on other sites

Its no big deal @amw3000. It will only queue the script once per computer.  If you have hundreds or thousands of old computers that are not checking in and need to be offboarded, you have more important concerns than the number of queued scripts.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...