I don’t get to work with MDM or UEM applications much anymore due to my focus on Azure so I got pretty excited when an ex-colleague asked me if there was a way to use VMware AirWatch (also known as Workspace One) to remotely execute an uninstall command for an application because I had gone through the process before. After digging up some old notes to guide him through the setup, I thought I’d write this blog post in case anyone else happens to ask me in the future.
The official documentation, although a bit outdated, for this feature can be found here:
Using Product Provisioning to Deliver Files to Windows 10: Workspace ONE Operational Tutorial
https://techzone.vmware.com/using-product-provisioning-deliver-files-windows-10-workspace-one-operational-tutorial#_991596
For the purpose of this example, I will be using a batch file that manually (and forcefully) removes Cylance Protect from devices. Not long ago I ran into an issue where attempting to uninstall Cylance Protect from devices would display the following error:
Cylance PROTECT
You are attempting to run the 32-bit installer on a 64-bit version of Windows. Please run the 64-bit installer.
I couldn’t determine how to get around this as none of the methods such as editing registry keys and executing the following msiexec.exe would work:
msiexec /x {2E64FC5C-9286-4A31-916B-0D8AE4B22954} /quiet
Reaching out to Blackberry support had an support engineer point me to:
Fix problems that block programs from being installed or removed
https://support.microsoft.com/en-us/mats/program_install_and_uninstall
The tool worked but it had to be ran interactively and did not allow me to use it at scale.
A bit more research led me to the following script written by James Gallagher, which worked but please note that as this was originally provided by Cylance but later modified by Cyberforce, use this at your own risk. It worked for me but may not for others.
Manual Removal Of CylancePROTECT
https://cyberforcesecurityhelp.freshdesk.com/support/solutions/articles/44002036687-manual-removal-of-cylanceprotect
In case the post ever gets deleted, I will paste the contents for the customized-CylanceCleanupTool.bat at the end of this post.
With the above scenario described, let’s begin creating the configuration in AirWatch Version: 20.11.0.5 (2011):
Create the Files/Actions
The first step is to create a Files/Actions that will allow you to upload the batch file, define where to store it on the device, and how to execute the batch file.
Begin by navigating to Devices > Provisioning > Components > Files/Actions:
Click on the ADD FILES/ACTIONS:
Select Windows under Add Files/Actions:
Select Windows Desktop under Select Device Type:
Type in a name for the action and select the appropriate organization for Managed By:
Navigate to the Files tab, click on the ADD FILES tab, then Choose Files to select the batch file that will be uploaded and pushed to the clients:
Specify a download path where the batch file will be downloaded to on the client:
C:\Temp\AirWatch\
Save the configuration and the following line will be displayed in the Files tab:
Navigate to the Manifest tab and click on Install Manifest:
Select Run for Action(s) To Perform:
Select System for the Execution Context so the batch file is running with elevated permissions and specify the path and batch file (the location specified earlier for downloading the batch file and the batch file name that was just uploaded:
C:\Temp\AirWatch\customized-CylanceCleanupTool.bat
The following configuration will be displayed under Install Manifest. We can specify a command to uninstall but there will not be one configured for this example:
Proceed to save the new Files/Actions:
Create the Product to assign to devices
With the creation of the Files/Actions completed, the next step is to assign it to devices.
Navigate to Devices > Provisioning > Product List View and click on ADD PRODUCT:
Select Windows under Add Product:
Select Windows Desktop under Select Device Type:
Provide a name and description for the product, select the appropriate organization, and select the Smart Group this product should be applied to. For the purpose of this example, we will be assigning it to all devices.
Click on the Manifest tab and then the ADD button:
Select File/Action - Install for Action(s) To Perform and the previously created Files/Actions for the Files/Actions field:
The saved Manifest will be displayed as such:
You can further specify Conditions, Deployment and Dependencies options:
With the configuration completed, decide to click Save button to simply save the Manifest or Activate to save and immediately activate the configuration:
For the purpose of this example, I will click on Activate, which will display the list of devices it will be applied to:
The new product should now be displayed:
Waiting a few seconds and refreshing the update the In Progress, Compliant and Failed values:
Hope this helps anyone who might be looking for instructions on how to remotely run batch files with AirWatch.
customized-CylanceCleanupTool.bat
@ECHO OFF
title UNIFIED DRIVER CYLANCE CLEANUP TOOL
Echo UNIFIED DRIVER CYLANCE CLEANUP TOOL
:SwitchToWorkingDirectory
cd /d "%~dp0" 1>nul 2>&1
:AdminCheck
openfiles>nul 2>&1
IF %ERRORLEVEL% == 0 (
:AdminCheckPass
GOTO ManualUninstall
) ELSE (
:AdminCheckFail
Echo * Please re-run the Unified Driver Cylance Cleanup Tool as Administrator.
Echo * Exiting...
GOTO CyExit
)
:ManualUninstall
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Cylance /f
reg delete HKEY_CLASSES_ROOT\Installer\Products\C5CF46E2682913A419B6D0A84E2B9245 /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CylanceSvc /f
taskkill /im CylanceUI.exe
takeown /f "C:\Program Files\Cylance" /r /d y
icacls "C:\Program Files\Cylance" /reset /T
rd /s /q "C:\Program Files\Cylance"
takeown /f "C:\programdata\Cylance" /r /d y
rd /s /q C:\programdata\Cylance
:InstallCleanup
Echo * Installing the Unified Driver Cylance Cleanup Tool service...
CyCleanupSvc.exe "-install"
IF %ERRORLEVEL% == 0 (
GOTO WaitCleanup
) ELSE (
Echo * Failed to install the Unified Driver Cylance Cleanup Tool service.
Echo * Please check the Logs directory.
Echo * Exiting...
GOTO CyExit
)
:WaitCleanup
Echo * Waiting for the Unified Driver Cylance Cleanup Tool service to cleanup...
ping -n 30 127.0.0.1 1>nul 2>&1
Echo * Unified Driver Cylance Cleanup Tool is finished.
Echo * Removing the Unified Driver Cylance Cleanup Tool service...
CyCleanupSvc.exe "-uninstall"
IF %ERRORLEVEL% == 0 (
GOTO FinishCleanup
) ELSE (
Echo * Failed to remove the Unified Driver Cylance Cleanup Tool service.
Echo * Please check the Logs directory.
Echo * Exiting...
GOTO CyExit
)
:FinishCleanup
Echo * Unified Driver Cylance Cleanup Tool service has been removed.
Echo * Exiting...
:CyExit
exit
No comments:
Post a Comment