Jump to content

CWAutomate Agent Executioner script

Recommended Posts

I present: A CWAutomate Executioner.

This script is designed to install itself as a startup task that runs as system. After each startup, it will run a knife right through any CWA Agents that it finds, delete the LTSvc folder, and clear out registry keys.

  • To help make sure this agent is not installed again, it re-creates the LabTech\Service registry key with read only permissions.
  • It also creates the LTSvc directory, but denies everyone read and execute status.
  • These steps should prevent any attempts (ever) to reinstall a LabTech agent on the system.

You can save and run the .bat file or just paste the content into an Execute Script block, it will install from any temporary location automatically. 

After it has installed, you can run it without waiting for a restart with: schtasks.exe /run /i /tn "CWAutoMaintenance"

The script has a few other tricks:

  • If you set LOGGINGPATH on line 3 to a file path the actions will be recorded. If you set it to CON, it will just output everything as it runs.
  • You can pass as a parameter any of the labels, and it will jump to that label. Some options:
  • UNINSTALL - Will just perform the uninstall, without installing the scheduled task. Does not exit until the process has completed.
  • DELAYUNINSTALL - Will launch a background call to the script to start in 2 minutes, and immediately exits. This is safe to even run from CWAutomate since it will not begin the uninstall for 2 minutes after the command finishes.
  • NEVERMIND - Removes the scheduled task.

This is just a re-post under a new topic of my original comment under this thread: https://www.labtechgeek.com/topic/3702-block-former-clients-agents-from-eating-up-licenses/?do=findComment&comment=22906



Keywords: destroy destruction offboarding removal remove agent ban banned blacklist blacklisting permanent prevent execute

  • Like 4

Share this post

Link to post
Share on other sites

Thanks very much @DarrenWhite99, I've had a few ex client devices checking back in for months even after running the offboarding script so something is auto-deploying our agent. 

I tested it and it worked flawlessly. The 'blocking' technique worked by default and if you wanted to revert it I found (on a Win10 machine) that simply enabling inheritance on the registry key, and then removing the Deny entry on the LTsvc folder allows you to delete them so they can be installed again. Don't forget to remove the scheduled task as well otherwise it will all happen again after a reboot!


Not sure why you'd do that after running the script but you never know!

Edited by Flobberknock
  • Thanks 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now