Worklet: Remove Manage Engine Agent

  • 28 January 2021
  • 5 replies
  • 212 views

Userlevel 2
Badge

Hey All, I recently switched to Automox from Manage Engine’s Patch Manager and wanted an easy way to remove the Manage Engine agent from my systems. In talking with Nic, I found out this would be a perfect job for a worklet. So here’s my first Worklet 😃


Evaluation Code:

Keeping this one super simple as I don’t need it to check if it’s already there since the MSI command for remediation will do that and remove it.

exit 1


Remediation Code:

This works on Windows systems and checks if Manage Engine’s Agent is already installed and then calls the uninstall by the ID since an option exists to hide the program from the Uninstall Programs list.

Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList '/x{6AD2231F-FF48-4D59-AC26-405AFAE23DB7}', 'MSIRESTARTMANAGERCONTROL=Disable', 'REBOOT="ReallySuppress"', '/qn' -Wait -NoNewWindow


If anyone else has improvements for this, please feel free to add them, but after testing this on my system it works just fine as-is.


5 replies

Userlevel 2

I’d consider at least registry key evaluation to check that the agent is installed. That way it’s not firing up the msiexec process on every Automox evaluation cycle.

Userlevel 7

That’s a good point. I think for @EagleMitchell’s use case he knows that it’s on every machine so he’s just running the policy once to remove it all in bulk. But if it were an ongoing policy then you’re right that you’d want an actual evaluation to check if it’s installed.

Userlevel 2
Badge

Yeah, exactly a thought I had, though like Nic said, for me it was a one and done thing so I didn’t need that check, and honestly am not sure how to code that check, so if you want to kick in or if anyone does I would be happy to add that. Catch is this software has an option to be installed but not visible in the control panel so that script was a partial incorporation of their published uninstall script but I am not sure how you would do that check.

Userlevel 2
Badge

That and I also wanted to note that I did not run this on a schedule but rather as an on-demand only worklet so it doesn’t fire it off unless I manually call it.

Userlevel 4
Badge

You could just find out where its install location is, and check to see if it exists… Heres something I put together for airlock agent.


$checkexist = Test-Path 'C:\Program Files (x86)\Airlock Digital\Airlock Digital Client\airlock.exe' -PathType Leaf

if ($checkexist -eq $true)
{
Write-Output "Airlock exist on this machine"
exit 1
}
else
{
Write-Host "Airlock does not exist"
exit 0
}

Alternatively, You can always check to see if a process is running and check compliance against that


if((Get-Process "amagent" -ea SilentlyContinue) -eq $Null){ 
Echo "Not Running"
exit 0

}

else{
Echo "Running"
exit 1
}

Hope this helps!

Reply