Remove CyberArk Agent

adeilson · June 12, 2023, 8:16pm

I have the following code which worked with cmd:

@echo off
setlocal enableextensions disabledelayedexpansion
set "TOKEN=66REDACTEDCB4E70REDACTEDF04567B77REDACTED5E513841"
set "searchString=CyberArk Endpoint Privilege Manager Agent"
set "uninstallString="
for /f "tokens=2 delims={}" %%a in ('REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s /f "%searchString%"') do set "uninstallString={%%a}"
MsiExec.exe /X %uninstallString% FULL_UNINSTALL="YES" SECURE_TOKEN="%TOKEN%" /qn

Now, how can I apply this using Action Script? Thank you.

SLB · June 12, 2023, 8:52pm

An approach I like to use is use relevance substitution to parse the registry key names for the product I want to remove and capture it as an action parameter then loop each value in a for %a command. For the most part this caters for cases where same applicaton but different version maybe has a different GUID to send to the msiexec command.

For testing I’d first use something like this in the Fixletdebugger to check syntax of the for %a loop.

parameter "GUIDS" = "{concatenation "," of names of keys whose (exists value "DisplayName" whose (it as string as lowercase contains "CyberArk Endpoint Privilege Manager Agent" as lowercase) of it) of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry ; x64 registry)}"
wait cmd.exe /k "for %a in ({parameter "GUIDS"}) do (echo msiexec.exe /x %a FULL_UNINSTALL="YES" SECURE_TOKEN="66REDACTEDCB4E70REDACTEDF04567B77REDACTED5E513841" /qn)"

Once I was happy with it, I’d change to a waithidden command and the CMD.exe command to use /c then test it as the fixlet action

parameter "GUIDS" = "{concatenation "," of names of keys whose (exists value "DisplayName" whose (it as string as lowercase contains "CyberArk Endpoint Privilege Manager Agent" as lowercase) of it) of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry ; x64 registry)}"
waithidden cmd.exe /c "for %a in ({parameter "GUIDS"}) do (echo msiexec.exe /x %a FULL_UNINSTALL="YES" SECURE_TOKEN="66REDACTEDCB4E70REDACTEDF04567B77REDACTED5E513841" /qn)"

You could also use a parameter for the secure token if you prefer but I don’t see ay immediate advatange of paramatizing it as its all the same command line once you have the GUID.