Hey guys,
Thought I would give this a shot. I am currently constructing a script for a company with 30 000 plus clients. Both win XP and win 7. The script will be sort of a generic removal script. It should be able to uninstall pretty much any application.
The functionality of the script is on place but we kind of stumbled on to something that was previously used as a solution. I'll leave the background out for now, but basically the problem is some application folders in C:\Program files\ have an entry for an AD-group with the corresponding access rights to the folder.
If user is removed from the AD-group and we try to uninstall the application in system context or user context from SCCM, the uninstall script can't do anything. So basically best would be to add "USERS" (Domain users) with full access rights to the correct folder before uninstallation starts.
Problem is, script is generic, so the only thing the script is fed with is the productcode(msiexec /X) or a path to the setup.exe file. The product codes are written to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, but far from all of them have any install location entered(which is where I'd like to change the ACL using CACLS).
The .msi's are all constructed in different fashions so I can't read the entry from there either. I think my last option, not being able to pinpoint which install location belongs to which product code or setup.exe is to change the ACL on the entire program files folder.
Now, I know this is not a good solution, so what I really wish to do is to save the ACL of all program folders in to a file, then change the acl of all program folders to full access, and once the script is complete restore the acl from the file.
This is possible using ICACLS on win7, but not in CACLS or XCACLS on Win Xp. Script should be working for both. So basically, I could just add another row into my ini-file that would force the application packagers or technicians to enter then installation location, but I really want the script to perform EVERYTHING with very little input(productcode and registry keys).
So, my questions are:
1. By using VBScript, is there any magical way of finding out what folder msiexec /x goes to BEFORE it actually commences the uninstall? This is to be able to change the ACL before the uninstall.
2. By using VBScript, or any other free utility, is is possible to save the acl for the entire program files folder, use cacls to change everything and then restore the saved acl?
Can you identify any other problems with these methods? Thanks in advance.
Thought I would give this a shot. I am currently constructing a script for a company with 30 000 plus clients. Both win XP and win 7. The script will be sort of a generic removal script. It should be able to uninstall pretty much any application.
The functionality of the script is on place but we kind of stumbled on to something that was previously used as a solution. I'll leave the background out for now, but basically the problem is some application folders in C:\Program files\ have an entry for an AD-group with the corresponding access rights to the folder.
If user is removed from the AD-group and we try to uninstall the application in system context or user context from SCCM, the uninstall script can't do anything. So basically best would be to add "USERS" (Domain users) with full access rights to the correct folder before uninstallation starts.
Problem is, script is generic, so the only thing the script is fed with is the productcode(msiexec /X) or a path to the setup.exe file. The product codes are written to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, but far from all of them have any install location entered(which is where I'd like to change the ACL using CACLS).
The .msi's are all constructed in different fashions so I can't read the entry from there either. I think my last option, not being able to pinpoint which install location belongs to which product code or setup.exe is to change the ACL on the entire program files folder.
Now, I know this is not a good solution, so what I really wish to do is to save the ACL of all program folders in to a file, then change the acl of all program folders to full access, and once the script is complete restore the acl from the file.
This is possible using ICACLS on win7, but not in CACLS or XCACLS on Win Xp. Script should be working for both. So basically, I could just add another row into my ini-file that would force the application packagers or technicians to enter then installation location, but I really want the script to perform EVERYTHING with very little input(productcode and registry keys).
So, my questions are:
1. By using VBScript, is there any magical way of finding out what folder msiexec /x goes to BEFORE it actually commences the uninstall? This is to be able to change the ACL before the uninstall.
2. By using VBScript, or any other free utility, is is possible to save the acl for the entire program files folder, use cacls to change everything and then restore the saved acl?
Can you identify any other problems with these methods? Thanks in advance.
