How do I create A Fixlet for Add/Remove

(imported topic written by igziabeher91)

I patched Adobe Flash Player. The machines now have both versions 9.0.5 and 9.0.47 and the scanning tool report that the vulnerability is stll there. I find that in the ADD or REMOVE Programs in Control Panel.

When I remove the Adobe Flash Player Plugin and rescan the vulnerability is gone.

I have a lot of machines and would like to know how to write a fixlet to address this issue!

(imported comment written by BenKus)

Hi igziabeher,

You have a couple choices… One is you could just look up the Uninstall string in the registry and then hardcode it in an action… for instance, something like:

wait msiexec /I {{AC76BA86-1033-0000-BA7E-000000000003}

You can find the uninstall string at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

If you want to get clever, you can actually create an action that looks up the uninstall string based on the displayname in add/remove programs:

wait {value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “adobe” AND value “DisplayName” of it as string as lowercase contains “9.0.47”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry}

In both cases, you would need to figure out the way to make the uninstall silent (which is usually possible by adding a commandline option, but you will need to investigate a little more)…

Ben

(imported comment written by sheikh.shadab91)

I’m trying to unistall a program whose display name is “Numara Remote Control Host”

The relevance i wrote is

(exists key whose (value “DisplayName” of it as string contains “Numara Remote Control Host”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry)

It listed all the applicable computers

I tried two action scripts separately

wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “Numara Remote Control Host”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry)& “/uninst”}

wait msiexec /I {00000048-C690-11DB-9900-000E0CBD0225}

Both them are reported “Failed”

Please suggest if I’m missing something. Its urgent.

(imported comment written by sheikh.shadab91)

The action script finally worked :

wait MsiExec.exe /uninstall {{00000038-C690-11DB-9900-000E0CBD0225} /q

It can also be

wait MsiExec.exe /I {{00000038-C690-11DB-9900-000E0CBD0225} /q

If you want users to be prompted for uninstallation

wait MsiExec.exe /uninstall {{00000038-C690-11DB-9900-000E0CBD0225} /qf

Thanks

(imported comment written by sheikh.shadab91)

I have one Q’s thou

If i don’t want to hardcode and want to do the uninstall by searching on the “display name” like below:

wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “Numara Remote Control Guest”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry)}

How to go ahead?

(imported comment written by BenKus)

Hi Sheikh,

I don’t have the ability to test so I am not 100% sure, but I think the issue with your #1 relevance was that you need to do an “as string” to be able to concatenate the “/unist”… So you basically have two options:

wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “Numara Remote Control Host”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry +as string+)& “/uninst”}

or

wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “Numara Remote Control Host”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry)} /uninst

Ben

(imported comment written by rdamours91)

Hey Ben…

If I hardcode the value of the uninstall string after the wait command followed by a /q my uninstall works great. If I try to generate a dynamic uninstall based on the relevence my /q is ignored.

Here’s the code and the variants that do not work…as in it totally ignores anything after the last } and prompts for the uninstall.

wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)& " /q"}

wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)}&"/ q"

Essentially I just need to run the concatenation of the values of the uninstall string and the /q following

(imported comment written by jessewk)

try this:

wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)} /q

(imported comment written by rdamours91)

I tried the following command as one of my first attempts at the /q along with many other variants…

wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)} /q

The wait command is definately carrying on after it gets the uninstall string. From the command like it works perfectly. I’m just wondering if I should do some string manipulation inside of a batch file that strips off the text following the msiexec and tacks on a /q. I can then run an msiexec with the string that was just built. It’s turning into a “thing” so to speak…

(imported comment written by jessewk)

what does this return in the relevance debugger?

(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)

(imported comment written by rdamours91)

A: MsiExec.exe /X{8106D027-BDC6-4673-A9F2-99AA60EB328F}%00

I: singular string

It’s pulling the value which I could make work hard coded but there are going to be different versions of Funk client I would like to eventually like to roll off with one job in a baseline.

(imported comment written by jessewk)

ok, the problem is the null character at the end of the uninstall string. try this:

wait {(preceding text of first “%00” of (it as string) of value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)} /q

(imported comment written by rdamours91)

Damn nulls. It’s like it’s there but it’s not :slight_smile:

Works perfectly my friend. Print this reply off and take it to your boss and ask for a raise post haste.

If I can make it to the west coast user group meeting I’m leaving a bottle at everyone’s desk over there…

1 Like