I recently encountered a situation where i was asked to uninstall multiple agents from multiple servers. In this environment we did not have a system config manager like SCCM.
So the first task becomes to identify the magnitude of the problem i.e. to know all the servers where this application is installed. This can be done by running the following script. Here i am entering each server name you could easily enter a Get-ADComputer query, using appropriate filters or “[system.directoryservices.activedirectory.Forest]::GetCurrentForest().domains | %{$_.DomainControllers.name}” for DCs in a domain
1 2 3 4 5 6 | $DCs = 'Server1','Server2' $name = 'LogRhythm System Monitor Service' # Run this to find exact name of agent you wanna uninstall "Get-WmiObject -Class Win32_Product | Select-Object Name,IdentifyingNumber" foreach ($DC in $DCs) { if (gwmi win32_product -filter "Name = '$name'" -namespace root/cimv2 -comp $DC){ Write-Host "Present on $dc"} } |
Then comes the part of uninstalling the agent. This we can try doing by running below.
1 2 3 4 5 6 7 8 9 | $list = [system.directoryservices.activedirectory.Forest]::GetCurrentForest().domains | %{$_.DomainControllers.name} $name = 'LogRhythm System Monitor Service' $list | foreach { $hostname = $_ gwmi win32_product -filter "Name = '$name'" -namespace root/cimv2 -comp $_ | foreach { if ($_.uninstall().returnvalue -eq 0) { write-host "Successfully uninstalled $name from $($hostname)" } else { write-warning "Failed to uninstall $name from $($hostname)." } } } |
There are chances that the above script fails on few hosts, but there is a workaround we can try on such hosts. Do this on the remaining servers.
Put below script in Netlogon share. This script is a modification of the above script to uninstall the agent locally on the system. In my case, i saved this script with the name Uninstalllogrhythm.ps1
1 2 3 4 | gwmi win32_product -filter "Name = 'LogRhythm System Monitor Service'" -namespace root/cimv2 | foreach { if ($_.uninstall().returnvalue -eq 0) { write-host "Successfully uninstalled" } else { write-warning "Failed to uninstall" } } |
And run below script
1 2 3 4 5 6 7 | $DCs = 'Remaining DCs' $name = 'LogRhythm System Monitor Service' foreach ($DC in $DCs) { Invoke-Command -ComputerName $DC -ScriptBlock {Set-ExecutionPolicy -ExecutionPolicy Bypass } Invoke-Command -ComputerName $DC -ScriptBlock { \\contoso.com\netlogon\Uninstalllogrhythm.ps1 } Invoke-Command -ComputerName $DC -ScriptBlock {Set-ExecutionPolicy -ExecutionPolicy AllSigned } } |
And to verify if the agent really got uninstalled from all these servers, you can make use of script #1 again.
Leave a Reply