none
Deploy powershell script - Uninstall Forefront RRS feed

  • Question

  • Hi

    Im trying to build a powershell script that uninstall Forefront Client and later install SCEP and it also copy the local exclusions from Forefront to insert in SCEP (registry).

    All works fine when Im running the script locally, but when Im deploying it from Altiris DS it halts on Microsoft Forefront Client Security Antimalware Service". Every time, I also have tried to sort them differently but it wont work.

    All I see in the event viewer is a warning:

    "Application 'C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe' (pid 1964) cannot be restarted - Application SID does not match Conductor SID.."

    And then later an error:

    HRESULT:0x80070643
    Description:Cannot complete the System Center Endpoint Protection installation. An error has prevented the System Center Endpoint Protection setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

    This is the deployment from Altiris:
    powershell.exe -noexit "& 'C:\Temp\ForefrontSCEP.ps1'"

    Does anyone has any clue?

    Cheers!

    **** The script ****

    # Backup Forefront registry data
    Reg export "HKLM\SOFTWARE\Microsoft\Microsoft Forefront" C:\Temp\SCEPClient_New\exclbackup.reg

    # Create new registry item
    new-Item "HKLM:\SOFTWARE\Microsoft\" -Name "Microsoft Antimalware"
    new-Item "HKLM:\SOFTWARE\Microsoft\Microsoft Antimalware\" -Name Exclusions

    # Copy Forefront registry exclusion data to newly created regkey
    Copy-Item "HKLM:\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions" -Destination "HKLM:\SOFTWARE\Microsoft\Microsoft Antimalware\" -Recurs

    # "Uninstall Forefront och MOM"
    # "Uninstall Microsoft MOM"
    $app = Get-WmiObject -Class Win32_Product | Where-Object {
        $_.Name -match "Microsoft Operations Manager 2005 Agent"
    }
    $app.Uninstall()

    # "Uninstall Forefront Assessment"
    $app = Get-WmiObject -Class Win32_Product | Where-Object {
        $_.Name -match "Microsoft Forefront Client Security State Assessment Service"
    }
    $app.Uninstall()

    # "Uninstall Forefront Antimalware"
    $app = Get-WmiObject -Class Win32_Product | Where-Object {
        $_.Name -match "Microsoft Forefront Client Security Antimalware Service"
    }
    $app.Uninstall()

    # Install SCEP with policy
    Start-Process -FilePath C:\Temp\SCEPClient_New\scepinstall.exe -ArgumentList "/s /q /policy C:\Temp\SCEPClient_New\ServerSCEP.xml" -ErrorAction SilentlyContinue

    Wednesday, May 28, 2014 2:52 PM

Answers

  • I finally solved, in two ways.

    For the powershell part:

    I changed the name match against a filter function. So now I can deploy the powershell script just fine.

    $app = Get-WmiObject -Class Win32_Product | Where-Object {
        $_.Name -match "Microsoft Operations Manager 2005 Agent"

    $application = Get-WMIObject Win32_Product -filter "Name='Microsoft Operations Manager 2005 Agent'"

    2nd solution:
    I also created a batch file which worked at my first try. Gotta love the old fashion way :)
    I post it here as well, maybe somebody can get use of it.

    Uninstall Forefront - Install SCEP - Copy local exclusions

    REM Backup Forefront exclusions
    regedit /e C:\Temp\ForefrontExclBackup.reg "HKLM\Software\Microsoft\Microsoft Forefront"

    REM Create SCEP registry keys
    reg add "HKLM\Software\Microsoft\Microsoft Antimalware"

    REM Create SCEP registry keys
    reg add "HKLM\Software\Microsoft\Microsoft Antimalware\Exclusions"

    REM Copy Foreront exclusions to SCEP
    reg copy "HKLM\Software\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions" "HKLM\Software\Microsoft\Microsoft Antimalware\Exclusions" /s /f

    REM Uninstall Microsoft Forefront Client Security State Assessment Service
    MsiExec.exe /X{E8B56B39-A826-11DB-8C83-0011430C73A4} /qn

    REM Uninstall Microsoft Forefront Client Security Antimalware Service
    MsiExec.exe /X{436028CD-6476-4224-9274-8F0320F30FD1} /qn

    REM Uninstall Microsoft Operations Manager 2005 Agent
    MsiExec.exe /X{F692770D-0E27-4D3F-8386-F04C6F434040} /qn

    REM Install SCEP and policys
    C:\Temp\SCEPInstall.exe /policy C:\Temp\ServerSCEP.xml /s


    • Edited by c0zzman Wednesday, May 28, 2014 11:31 PM
    • Marked as answer by c0zzman Wednesday, May 28, 2014 11:43 PM
    Wednesday, May 28, 2014 11:30 PM

All replies

  • This is an Altiris question, not a scripting question.

    -- Bill Stewart [Bill_Stewart]

    Wednesday, May 28, 2014 2:56 PM
    Moderator
  • This is an Altiris question, not a scripting question.

    -- Bill Stewart [Bill_Stewart]


    Recrording to event viewer its a windows error. Perhaps not a scripting error, but maybe someone here can help me out.
    Wednesday, May 28, 2014 3:05 PM
  • You're more likely to run into someone with a similar error if you post in a more appropriate forum (IIRC, Symantec has a number of Altiris forums). Helping you troubleshoot your error requires someone to reproduce the problem, which can be a tall order. Also, if this is critical, you're probably better off with an official support engagement, rather than waiting for a response in a free forum.

    -- Bill Stewart [Bill_Stewart]

    • Proposed as answer by jrv Wednesday, May 28, 2014 4:37 PM
    Wednesday, May 28, 2014 3:20 PM
    Moderator
  • Does it actually uninstall Forefront and MOM?

    Karl


    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
    My Blog: Unlock PowerShell
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join ('6F6C646B61726C40686F746D61696C2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

    Wednesday, May 28, 2014 5:51 PM
  • Hi Karl

    Yes, it does everything except uninstalling "Microsoft Forefront Client Security Antimalware Service".
    It backups the registry, creating new registry values and uninstalling the other two. But not Antimalware.

    Right now Im trying to run it from SCCM 2007, to see if it works from there.


    [EDIT]
    And yes, when Im running it locally on the server it works all fine.
    • Edited by c0zzman Wednesday, May 28, 2014 7:53 PM
    Wednesday, May 28, 2014 7:52 PM
  • Hello,

    I'd look in the following for the UninstallString to use:

    SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
    SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

    Karl


    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
    My Blog: Unlock PowerShell
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join ('6F6C646B61726C40686F746D61696C2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

    Wednesday, May 28, 2014 8:21 PM
  • Hello,

    I'd look in the following for the UninstallString to use:

    SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
    SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

    Karl


    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
    My Blog: Unlock PowerShell
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join ('6F6C646B61726C40686F746D61696C2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

    Yes, I did that at first. But the unisntall values are not the same in 2003 >> 2012 R2.

    Microsoft Forefront Client Security State Assessment Service
    MsiExec.exe /X{5343BE4E-B247-41D0-B81D-4E7C55460910}

    Microsoft Forefront Client Security Antimalware Service
    MsiExec.exe /X{A22989EE-AE7A-42F8-A0C0-9C99CFB644FB}

    Microsoft Operations Manager 2005 Agent
    MsiExec.exe /X{F692770D-0E27-4D3F-8386-F04C6F434040}

    Wednesday, May 28, 2014 8:39 PM
  • I finally solved, in two ways.

    For the powershell part:

    I changed the name match against a filter function. So now I can deploy the powershell script just fine.

    $app = Get-WmiObject -Class Win32_Product | Where-Object {
        $_.Name -match "Microsoft Operations Manager 2005 Agent"

    $application = Get-WMIObject Win32_Product -filter "Name='Microsoft Operations Manager 2005 Agent'"

    2nd solution:
    I also created a batch file which worked at my first try. Gotta love the old fashion way :)
    I post it here as well, maybe somebody can get use of it.

    Uninstall Forefront - Install SCEP - Copy local exclusions

    REM Backup Forefront exclusions
    regedit /e C:\Temp\ForefrontExclBackup.reg "HKLM\Software\Microsoft\Microsoft Forefront"

    REM Create SCEP registry keys
    reg add "HKLM\Software\Microsoft\Microsoft Antimalware"

    REM Create SCEP registry keys
    reg add "HKLM\Software\Microsoft\Microsoft Antimalware\Exclusions"

    REM Copy Foreront exclusions to SCEP
    reg copy "HKLM\Software\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions" "HKLM\Software\Microsoft\Microsoft Antimalware\Exclusions" /s /f

    REM Uninstall Microsoft Forefront Client Security State Assessment Service
    MsiExec.exe /X{E8B56B39-A826-11DB-8C83-0011430C73A4} /qn

    REM Uninstall Microsoft Forefront Client Security Antimalware Service
    MsiExec.exe /X{436028CD-6476-4224-9274-8F0320F30FD1} /qn

    REM Uninstall Microsoft Operations Manager 2005 Agent
    MsiExec.exe /X{F692770D-0E27-4D3F-8386-F04C6F434040} /qn

    REM Install SCEP and policys
    C:\Temp\SCEPInstall.exe /policy C:\Temp\ServerSCEP.xml /s


    • Edited by c0zzman Wednesday, May 28, 2014 11:31 PM
    • Marked as answer by c0zzman Wednesday, May 28, 2014 11:43 PM
    Wednesday, May 28, 2014 11:30 PM