Tuesday, November 12, 2013

Using a Command Line to Uninstall Software on Remote PCs

WMIC (Windows Management Instrumentation Command-Line) is a potent tool that often doesn't see much use due to the lack of (easily accessible) documentation available. More information can be found on WMIC here: http://technet.microsoft.com/en-us/library/bb742610.aspx. Some great switches and alternate options can be found here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/wmic_overview.mspx. We’ll be using WMIC with domain admin credentials to crawl through a list of nodes (PCs/Laptops) and uninstall an example program without interrupting the user.

01. Load up a command shell with appropriate access permissions

Though a WMIC instruction can be given appropriate credentials prior to operation, it is typically best-practice to avoid clear-text typing the password (who is that looking over your shoulder;)). We’ll execute the runas command like the following:

Runas /user:DomainAdminAccount@DOMAIN cmd

… which will prompt us for the credentials of our DomainAdminAccount. If authenticated, we’ll be handed a command shell running as the Admin

 02.     
Verify Program Installation (an optional informative step)

With our WMIC prompt, we can ask many questions of a node (or nodes) and receive some nicely formatted replies. Though formatting the replies is beyond the scope of this "How To", much more information can be found on the internet.

So let's find out if a particular node even has our target software (Spiceworks does attempt to list this information in its software scan)

>/node:COMPUTERNAME product get name,version,vendor

This command asks WMI to reply with a list including the Name, Version, and Vendor of all compliant software installations.

If you would like to filter for a specific product, you may do so. Here's an example scanning a networked machine for all installed applications from the vendor "Apple, Inc"

>/node:ANOTHEREXAMPLE product where vendor="Apple Inc." get name,vendor

(*Note from Anders4221:
A small hint if you have special characters like '-' or '/' in the computer name you need to use ' ' characters in order to get information from client)

(**Note from Joe3034:
Here is how you use wildcards in your search:

Surround the like phrase in double quotes and your search criteria in single quotes, and use % as the wildcard symbol.

e.g.:
/node:ComputerXYZ product where "vendor like 'adobe%'" get name,version,identifyingNumber )

03. Call for the Uninstallation

So we can make a call to the WMI interface to uninstall a particular product... let's pick on the MobileMe Control Panel from our previous example. The command:

>/node:EXAMPLE product where name="MobileMe Control Panel" call uninstall

... will prompt you for confirmation in the following (long) format:

Execute (\\EXAMPLE\ROOT\CIMV2:Win32_Product.IdentifyingNumber="{6DA9102E-199F-43A0-A36B-6EF48081A658}",Name="MobileMe Control Panel",Version="2.1.0.24")->Uninstall() (Y/N/?)?

.. to which you must reply 'y' if you wish to uninstall. WMI compliant software will run the default uninstalation procedures without the user needing to do anything (they receive no prompts etc).

**Note that you may also use the
/nointeractive flag like /node:EXAMPLE product where name="MobileMe Control Panel" call uninstall /nointeractive to prevent the confirmation request!
-thx Bart2691

04. Call Uninstall for a List of Machines (an optional informative step)

Let's assume you just got word that Adobe Reader has a serious flaw in it's old version. In a panic, you asked all your users to blindly install the new version of Adobe reader straight from Adobe's site. Thankfully, they all managed to do so... however you've received 3 tickets so far about an Acrobat.com icon on the desktop.

You have a flat text file of all your computer's names stored in c:\computers.txt. You pop open a WMIC shell with appropriate permissions and enter the following command:

>/failfast:on /node:@"c:\computers.txt" product where name="Acrobat.com" call uninstall /nointeractive

Which iterates through your list, skipping nodes that are invalid (eg:machine is turned off) and those that don't meet the criteria. You'll need to confirm 'y' that you want to uninstall on every node unless you use the nointeractive flag.

* Updated Note from Bart2691
... an easy way to automate answering 'Yes'. Examples for doing it by PC or a text file is to use the /nointeractive flag. Additionally, if you don't wish to hang on failed nodes, use the /failfast:on flag to quickly skip a node that isn't responding.

** note from true911 (unconfirmed)
The correct flag is failfast:on, not fastfail:on

wmic /failfast:on /node:@"FILENAME.txt" product where "name like 'microsoft office professional edition 2003'" call uninstall /nointeractive

This for Spiceworks for this links.

No comments: