On Thu, Nov 20, 2008 at 11:38 AM, Angus Scott-Fleming
<[EMAIL PROTECTED]> wrote:
> On 20 Nov 2008 at 9:34, Kurt Buff wrote:
>
>> This script is rough - and it's a steal from a web site, and we've
>> modified or added to it, heavily. It's also not a complete solution -
>> for instance, we've found that, for reasons we don't have nailed down
>> yet, the frameworkservice doesn't *always* disappear, though it does
>> over 80% of the time, so for now we've just been turning it off and
>> disabling it when we find that problem.
>>
>> Don't blame me if it blows up your machine...
>>
>> Several notes:
>>
>> 1) We launch this script remotely with 'psexec \\computername -c -f
>> c:\batchfile.cmd'
>>
>> 2) You'll note that we delete registry entries twice. This was much
>> more successful than removing them once. I don't know why.
>>
>> 3) This script works against Win2k and XP machines - we don't have Vista
>>
>> 4) Watch for line wrappage!
>>
>> 5) This script is very rough, feedback appreciated. I'm using this as
>> a teaching tool for the junior admin who found it and has modified it.
>> I have not reviewed all of it, though I answered lots of questions
>> while he modified it. He's learned a lot. Heh.
>>
>> -----------Start Batch File----------
> [snip]
>
> Looks like you doubled up on most of it.
2) You'll note that we delete registry entries twice. This was much
more successful than removing them once. I don't know why.
Actually, we just did most everything twice. It just worked better
that way. Don't know why, I didn't investigate it.
> What's with these two lines?
>
> MsiExec.exe /x{59224777-298D-4E9C-9AEB-4A91BDA01B27} /quiet /l*v
> "c:\LuciusVerinus.txt"
>
> MsiExec.exe /x{5DF3D1BB-894E-4DCD-8275-159AC9829B43} /quiet /l*v
> "c:\TitusPullo.txt"
Well, if you've seen the HBO series ROME, you'd recognize the names.
Otherwise, they're just logging the output of the commands, so that we
could verify success later.
Kurt
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
