#69367 - 2002-08-23 01:00 AM
Script to Remove Instant Messaging Clients
|
bleonard
Seasoned Scripter
Registered: 2001-01-19
Posts: 581
Loc: Chicago, IL
|
Below is a script I have tested on Win2K and Win9x for removing Instant Messaging apps. It works with AIM, MSN, Trillian, and Yahoo.
It will uninstall the app via uninstall routines, then delete the directory that contained the app. Next, it will delete standard app icons from standard locations.
Lastly, it will write to a registry key and track how many times each app has been uninstalled from a system to alert mgmt to repeat offenders of company policies. If the logging key does not exist it will be created by this script.
In instances where the app is not found installed in registry entries, it will check for the existence of the app's standard install dir, and delete the dir if found.
Under the AIM section there is a routine for handling users that are allowed to run AIM. In this script, it checks for membership in a domain group for such rights. It also has a component for users sharing workstations so that AIM is not removed from systems it is allowed to exist on.
As this runs from the logon script there is no portion to kill running IM app processes as they should not be loaded at the time of logon script processing.
Bill code:
; ######################################## ; ## FILE NAME: IM_APPS.KIX ## ; ## LOCATION : \NETLOGON ## ; ## REVISION : 2002.08.22 ## ; ## KiX VER : 4.10 / 3.63 ## ; ########################################
; ** Declare variables as LOCAL (DIM, script-specific) or GLOBAL (KiX-session) DIM $DelCmd, $DelFil, $DeskTop, $LogKey, $OSPgm, $StartMenu DIM $Idx, $IdxA, $IdxAChk, $IdxChk, $IdxF, $IdxFChk, $IdxY, $IdxYChk DIM $IMApp, $ImAppCnt, $IMDir, $IMDirKey, $IMEndPgm, $IMKey, $IMRmv, $IMRmvCmd DIM $IMRmvCnt, $IMRmvDte, $IMRmvKey, $IMRmvUsr, $IMRmvVer, $IMVer DIM $TmpKey, $TmpSrc, $TmpStr1, $TmpStr2
; ** Variables to commonly accessed registry hives throughout KiX script processing DIM $HKCUS, $HKCUSM, $HKCUSM, $HKCUSMCV, $HKLMS, $HKLMSM, $HKLMSMW, $HKLMSMWCV, $OSPgm $HKCUS = "HKEY_CURRENT_USER\Software" $HKCUSM = "$HKCUS\Microsoft" $HKCUSMW = "$HKCUSM\Windows" $HKCUSMWCV = "$HKCUSMW\CurrentVersion" $HKLMS = "HKEY_LOCAL_MACHINE\Software" $HKLMSM = "$HKLMS\Microsoft" $HKLMSMW = "$HKLMSM\Windows" $HKLMSMWCV = "$HKLMSMW\CurrentVersion" $OSPgm = READVALUE ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion", "ProgramFilesDir") IF (@INWIN = 1) $OSDir = READVALUE ("$HKLMSMWNTCV", "SystemRoot") $OSDrv = UCASE ("%Systemdrive%") ELSE $OSDir = READVALUE ("$HKLMSMWCV", "SystemRoot") $OSDrv = UCASE (SUBSTR ($OSDir, 1, 2)) ENDIF
$IMAppCnt = 0
; -----------------------------------------------------------------
:CheckAIM
; -----------------------------------------------------------------
$IMApp = "AOL Instant Messenger" ; ** Variable for logging $IMExe = "Aim.exe" ; ** Running EXE to kill if necessary for uninstall $IMDir = $OSPgm + "\Aim95" ; ** Default installation path $IMKey = $HKLMSMWCV + "\Uninstall\" + $IMApp + " (SM)" $RC = EXISTKEY ("$IMKey") SELECT CASE (@ERROR = 0) AND ($RC = 0) ; ** IM is installed, check if must be removed $RC = ENUMKEY ("$HKLMS\America Online", 0) $IMDirKey = $HKLMSMWCV + "\App Paths\" + $IMExe $IMDir = READVALUE ("$IMDirKey", "Path") ; ** Confirm installed dir for dir removal at end $IMRmv = $IMDir + "\unwise32.exe /S /Z " + $IMDir + "\install.log" $IMRmvKey = $IMKey $IMVer = ENUMKEY ("$HKLMS\America Online\$RC", 0) SELECT CASE INGROUP ("Domain IM Apps") = 1 ; ** Confirm user is member of group allowed to run approved software $wri = WRITELINE (1, "Verified approved user running authorized Instant Messaging app: $IMApp version $IMVer" + $CR) CASE INSTR (@WKSTA, @USERID) = 0 ; ** Confirm user on their own workstation to evaluate removing authorized software $wri = WRITELINE (1, "Verified unapproved user on system running authorized Instant Messaging app: $IMApp version $IMVer (Wks: $WorkSta / User: $UserID)" + $CR) CASE (1) ; ** User unapproved for running this app GOSUB "Remove_App" ENDSELECT CASE (@ERROR = 2) ; ** Subkey does not exist GOSUB "Remove_Dir" CASE (1) ; ** IM is miss configured or other error, so remove app $Err = $Err+1 $wri = WRITELINE (1, "Error @ERROR verifying existence of $IMApp (@SERROR / Key: $IMKey / RC: $RC)" + $CR) GOSUB "Remove_Dir" ENDSELECT
; -----------------------------------------------------------------
:CheckMSN
; -----------------------------------------------------------------
$IMApp = "MSN Messenger" $IMDir = $OSPgm + "\Messenger" $IMExe = "msmsgs.exe" $IMKey = $HKLMSMWCV + "\Uninstall\Msmsgs" $RC = EXISTKEY ("$IMKey") SELECT CASE (@ERROR = 0) AND ($RC = 0) $IMDirKey = $HKLMSMWCV + "\App Paths\" + $IMExe $IMDir = READVALUE ("$IMDirKey", "Path") $IMRmvKey = $IMKey $IMRmv = READVALUE ("$IMRmvKey", "QuietUninstallString") $IMVer = READVALUE ("$IMKey", "DisplayName") GOSUB "Remove_App" CASE (@ERROR = 2) GOSUB "Remove_Dir" CASE (1) $Err = $Err+1 $wri = WRITELINE (1, "Error @ERROR verifying existence of $IMApp (@SERROR / Key: $IMKey / RC: $RC)" + $CR) GOSUB "Remove_Dir" ENDSELECT
; -----------------------------------------------------------------
:CheckTrillian
; -----------------------------------------------------------------
$IMApp = "Trillian" $IMDir = $OSPgm + "\" + $IMApp $IMExe = "Trillian.exe" $IMKey = $HKLMSMWCV + "\Uninstall\" + $IMApp $RC = EXISTKEY ("$IMKey") SELECT CASE (@ERROR = 0) AND ($RC = 0) $IMRmv = READVALUE ("$IMKey", "UninstallString") $RC = INSTR ($IMRmv, "\$IMExe /uninstall") $IMDir = SUBSTR ($IMRmv, 1, $RC-1) $IMVer = GETFILEVERSION ("$IMDir", "$IMExe") $IMRmvKey = $IMKey GOSUB "Remove_App" CASE (@ERROR = 2) GOSUB "Remove_Dir" CASE (1) $Err = $Err+1 $wri = WRITELINE (1, "Error @ERROR verifying existence of $IMApp (@SERROR / Key: $IMKey / RC: $RC)" + $CR) GOSUB "Remove_Dir" ENDSELECT
; -----------------------------------------------------------------
:CheckYAHOO
; Yahoo can have 2 components installed, so may need to run routine twice ; -----------------------------------------------------------------
$IMApp = "Yahoo! Messenger" $IMDir = $OSPgm + "\" + "Yahoo!" $IMExe = "YPager.exe" $IMKey = $HKCUS + "\Yahoo\Pager" $RC = EXISTKEY ("$IMKey") SELECT CASE (@ERROR = 2) GOSUB "Remove_Dir" CASE (@ERROR <> 0) $Err = $Err+1 $wri = WRITELINE (1, "Error @ERROR verifying existence of $IMApp (@SERROR / Key: $IMKey / RC: $RC)" + $CR) GOSUB "Remove_Dir" CASE (1) DIM $Yarray[2] $IdxY = 0 $Yarray[$IdxY] = $IMApp $IdxY = $IdxY+1 $Yarray[$IdxY] = $IMApp + "Explorer Bar" $IdxY = $IdxY+1
$IdxYChk = 0 DO $IMApp = $Yarray[$IdxYChk] $TmpKey = $HKLMSMWCV + "\Uninstall\" + $IMApp $IMRmv = READVALUE ($TmpKey, "UninstallString") IF ($IMRmv = "") OR (@ERROR <> 0) $wri = WRITELINE (1, "Error obtaining unauthorized $IMApp uninstall string (Cmd: $IMRmv / @SERROR)" + $CR) ELSE IF ($IMApp = "Yahoo! Messenger") $IMVer = READVALUE ("$IMKey\Update", "LastUpdateVersion") ELSE $IMVer = READVALUE ("$IMKey\YFriendsBar\Settings", "Version") ENDIF $RC = INSTR ($IMRmv, "\Yahoo!\") $IMDir = SUBSTR ($IMRmv, 1, $RC + 6) IF INSTR ("$IMRmv", "UNWISE.EXE") <> 0 ; ** Add silent uninstall switches for running UNWISE uninstaller $TmpLen1 = INSTR ("$IMRmv", "UNWISE.EXE") $TmpStr1 = SUBSTR ("$IMRmv", 1, $TmpLen1 + 9) $TmpStr2 = SUBSTR ("$IMRmv", LEN ($TmpStr1)+2, LEN ($IMRmv)) $IMRmv = $TmpStr1 + " /S /Z " + $TmpStr2 ; ** /S=silent, /Z=remove empty directories GOSUB "Remove_App" ENDIF ENDIF $IdxYChk = $IdxYChk+1 UNTIL ($IdxYChk = $IdxY) ENDSELECT
IF ($IMAppCnt = 0) $wri = WRITELINE (1, "Verified no known instant messaging software installed" + $CR) ENDIF
RETURN
; ///////////////////////////////////////////////////////////////////////////////////////
; REUSED SCRIPT COMPONENTS CALLED FROM ABOVE
; ///////////////////////////////////////////////////////////////////////////////////////
; -----------------------------------------------------------------
:Remove_App
; Run application uninstall string to remove unauthorized application ; ----------------------------------------------------------------- $IMAppCnt = $IMAppCnt+1 $wri = WRITELINE (1, "Verified using unauthorized Instant Messaging app: $IMApp $IMVer" + $CR) IF SUBSTR ($IMDir, LEN ($IMDir), 1) = ";" ; ** MSN may tack on a semi-colon here $IMDir = SUBSTR ($IMDir, 1, LEN ($IMDir)-1) ENDIF
IF ($IMRmv = "") ; ** If not defined above, define now $IMRmv = READVALUE ("$IMRmvKey", "UninstallString") IF ($IMRmv = "") OR (@ERROR <> 0) $Err = $Err+1 $Status = $Abort $wri = WRITELINE (1, "Error obtaining unauthorized $IMApp uninstall string (Key: $IMRmvKey / Cmd: $IMRmv / @SERROR)" + $CR) RETURN ENDIF ENDIF
$wri = WRITELINE (1, "Starting unauthorized $IMApp Uninstall (Cmd: $IMRmv)" + $CR) RUN $IMRmv $Idx = 0 $Break = 12 ; ** 12x5 = 60sec to complete DO $TmpTime = $Idx * 5 SELECT CASE EXIST ($IMDir) <> 1 SELECT CASE INSTR ($IMApp, "Yahoo") <> 0 ; ** Yahoo writes to non-standard locations $RC1 = READVALUE ("$TmpKey", "UninstallString") $RC2 = READVALUE ("$TmpKey", "DisplayName") CASE (1) $RC1 = READVALUE ("$IMDirKey", "Path") $RC2 = READVALUE ("$IMRmvKey", "DisplayName") ENDSELECT IF ($RC1 = "") AND ($RC2 = "") $wri = WRITELINE (1, "Verified auto uninstall of unauthorized $IMApp $IMVer (pass: $Idx, $TmpTime sec)" + $CR) $Idx = $Break ENDIF CASE INSTR ($IMApp, "Trillian") <> 0 ; ** Trillian has dialog screen SLEEP 3 $con = SETFOCUS ("Are you sure") $con = SENDKEYS ("{ENTER}") SLEEP 3 $con = SETFOCUS ("Done") $con = SENDKEYS ("{ENTER}") $RC2 = READVALUE ("$IMRmvKey", "DisplayName") CASE ($Idx = ($Break-1)) IF ($RC1 <> "") OR ($RC2 <> "") $wri = WRITELINE (1, "Error verifying auto uninstall of unauthorized $IMApp $IMVer (pass: $Idx/$Break, $TmpTime sec)" + $CR) ENDIF ENDSELECT $Idx = $Idx+1 SLEEP 5 UNTIL ($Idx >= $Break)
$RC = EXIST ("$IMDir\*.*") ; ** Regardless of how uninstall routine runs, delete directory of unauthorized app IF ($RC = 0) $wri = WRITELINE (1, "Verified $IMDir deleted during uninstall" + $CR) ELSE $wri = WRITELINE (1, "Verified $IMDir not deleted during uninstall, directory will be deleted manually" + $CR) GOSUB "Remove_Dir" GOSUB "Remove_Icons" ENDIF GOSUB "Write_Reg_Log" $IMRmv = "" RETURN
; -----------------------------------------------------------------
:Remove_Dir
; After successfull running of uninstall routine, use brute force to delete the remaining directory structure ; ----------------------------------------------------------------- $RC = EXIST ("$IMDir\*.*") SELECT CASE ($RC = 0) CASE ($RC = 1) $IMAppCnt = $IMAppCnt+1 IF (@INWIN = 2) $DelCmd = '%comspec% /c DELTREE /Y "$IMDir"' ELSE $DelCmd = '%comspec% /c RMDIR /S /Q "$IMDir"' ENDIF SHELL "$DelCmd" IF (@ERROR = 0) $wri = WRITELINE (1, "Verified removal of $IMDir directory structure" + $CR) ELSE $Err = $Err+1 $wri = WRITELINE (1, "Error @ERROR deleting $IMDir structure (@SERROR / Cmd: $DelCmd / RC: $RC)" + $CR) ENDIF CASE (1) $Err = $Err+1 $wri = WRITELINE (1, "Error @ERROR verifying contents of $IMDir (@SERROR / RC: $RC)" + $CR) ENDSELECT RETURN
; -----------------------------------------------------------------
:Remove_Icons
; After uninstalling app, then removing app installation dir, remove icons from standard locations ; ----------------------------------------------------------------- DIM $TmpLnk[8]
$DeskTop = READVALUE ("$HKCUSMWCV\Explorer\Shell Folders", "Desktop") ; ** Users Desktop $StartMenu = READVALUE ("$HKCUSMWCV\Explorer\Shell Folders", "Start Menu") ; ** Users Start Menu $IdxA = 0 SELECT ; ** Specific shortcut locations for each O/S, then all common areas follow CASE (@INWIN = 1) AND (@DOS >= 5) $TmpLnk[$IdxA] = "$OSDrv\Documents and Settings\$UserID\Application Data\Microsoft\Internet Explorer\Quick Launch" $IdxA = $IdxA+1 $TmpLnk[$IdxA] = "$OSDrv\Documents and Settings\All Users\Start Menu\Programs" $IdxA = $IdxA+1 $TmpLnk[$IdxA] = "$OSDrv\Documents and Settings\All Users\Start Menu" $IdxA = $IdxA+1 $TmpLnk[$IdxA] = "$OSDrv\Documents and Settings\All Users\Desktop" $IdxA = $IdxA+1 CASE (@INWIN = 1) $TmpLnk[$IdxA] = "$OSDir\Profiles\$UserID\Application Data\Microsoft\Internet Explorer\Quick Launch" $IdxA = $IdxA+1 $TmpLnk[$IdxA] = "$OSDir\Profiles\All Users\Start Menu\Programs" $IdxA = $IdxA+1 $TmpLnk[$IdxA] = "$OSDir\Profiles\All Users\Start Menu" $IdxA = $IdxA+1 $TmpLnk[$IdxA] = "$OSDir\Profiles\All Users\Desktop" $IdxA = $IdxA+1 ENDSELECT
$TmpLnk[$IdxA] = "$OSDir\Application Data\Microsoft\Internet Explorer\Quick Launch" $IdxA = $IdxA+1 $TmpLnk[$IdxA] = "$StartMenu\Programs" $IdxA = $IdxA+1 $TmpLnk[$IdxA] = "$StartMenu" $IdxA = $IdxA+1 $TmpLnk[$IdxA] = "$DeskTop" $IdxA = $IdxA+1
$IdxAChk = 0 DO $TmpSrc = $TmpLnk[$IdxAChk] DIM $TmpFil[4] $IdxF = 0 $TmpFil[$IdxF] = $TmpSrc + "\" + $IMApp + "*.lnk" $IdxF = $IdxF+1 $TmpFil[$IdxF] = $TmpSrc + "\" + $IMExe $IdxF = $IdxF+1 $TmpFil[$IdxF] = $TmpSrc + "\" + $IMExe + "*.lnk" $IdxF = $IdxF+1 $TmpFil[$IdxF] = $TmpSrc + "\Free AOL*.url" $IdxF = $IdxF+1
$IdxFChk = 0 DO $DelFil = $TmpFil[$IdxFChk] IF EXIST ("$DelFil") DEL ("$DelFil") IF (@ERROR <> 0) $wri = WRITELINE (1, "Error @ERROR deleting file $DelFil (@SERROR)" + $CR) ENDIF ENDIF $IdxFChk = $IdxFChk + 1 UNTIL ($IdxFChk = $IdxF)
$DelFil = $TmpSrc + "\" + $IMApp IF EXIST ("$DelFil\*.") IF (@INWIN = 2) $DelCmd = '%comspec% /c DELTREE /Y "$DelFil"' ELSE $DelCmd = '%comspec% /c RMDIR /S /Q "$DelFil"' ENDIF SHELL "$DelCmd" IF (@ERROR <> 0) $wri = WRITELINE (1, "Error @ERROR deleting file $DelFil (@SERROR)" + $CR) ENDIF ENDIF $IdxAChk = $IdxAChk+1 UNTIL ($IdxAChk = $IdxA) RETURN
; -----------------------------------------------------------------
:Write_Reg_Log
; Write entries into registry tracking uninstall of these apps to identify repeat violations ; ----------------------------------------------------------------- $IMRmvCmd = "" $IMRmvCnt = "" $IMRmvDte = "" $IMRmvUsr = "" $IMRmvVer = "" $LogKey = "HKEY_LOCAL_MACHINE\Software\MyCompany\MyDept\IM Apps\" + $IMApp IF EXISTKEY ("$LogKey") <> 0 GOSUB "Verify_Registry_Key" IF ($RegErrCnt <> 0) RETURN ENDIF $wri = WRITEVALUE ("$LogKey", "UninstallCommand", "$IMRmv", "REG_SZ") $wri = WRITEVALUE ("$LogKey", "UninstallCount", "1", "REG_SZ") $wri = WRITEVALUE ("$LogKey", "UninstallDate", "@DATE @TIME", "REG_SZ") $wri = WRITEVALUE ("$LogKey", "UninstallUserID", "@USERID", "REG_SZ") $wri = WRITEVALUE ("$LogKey", "UninstallVersion", "$IMVer", "REG_SZ") IF (@ERROR <> 0) $Err = $Err+1 ENDIF ELSE $IMRmvCmd = READVALUE ("$LogKey", "UninstallCommand") $IMRmvCnt = READVALUE ("$LogKey", "UninstallCount") $IMRmvDte = READVALUE ("$LogKey", "UninstallDate") $IMRmvUsr = READVALUE ("$LogKey", "UninstallUserID") $IMRmvVer = READVALUE ("$LogKey", "UninstallVersion") $IMRmvCmd = $IMRmvCmd + " | " + $IMRmv $IMRmvCnt = $IMRmvCnt + 1 $IMRmvDte = $IMRmvDte + " | @DATE @TIME" $IMRmvUsr = $IMRmvUsr + " | @USERID" $IMRmvVer = $IMRmvVer + " | " + $IMVer $wri = WRITEVALUE ("$LogKey", "UninstallCommand", "$IMRmv", "REG_SZ") $wri = WRITEVALUE ("$LogKey", "UninstallCount", "$IMRmvCnt", "REG_SZ") $wri = WRITEVALUE ("$LogKey", "UninstallDate", "$IMRmvDte", "REG_SZ") $wri = WRITEVALUE ("$LogKey", "UninstallUserID", "$IMRmvUsr", "REG_SZ") $wri = WRITEVALUE ("$LogKey", "UninstallVersion", "$IMRmvVer", "REG_SZ") IF (@ERROR <> 0) $Err = $Err+1 ENDIF $RC = LEN ($IMRmvCnt) IF ($RC >= 2) $Err = $Err+1 $wri = WRITELINE (1, "Warning! $IMApp has been auto uninstalled $RC times - inform users manager of repeated violations of Acceptable Use Policy" + $CR) ENDIF ENDIF
IF ($Err = 0) $Status = $Updat ENDIF
RETURN
; -----------------------------------------------------------------
:Verify_Registry_Key
; Checks to see if full logging registry key exists; creates key(s) if do not exist ; ----------------------------------------------------------------- DIM $AddIdx, $ChkIdx, $FullKy, $RegErrCnt, $RegLen, $RegTmp DIM $AddKey[10] ; ** Array to hold registry key values to create new registry entries from single defined entry
$AddIdx = 0 $FullKy = "" $RegKey = $LogKey $RegTmp = $RegKey $RegErrCnt = 0 WHILE (INSTR ("$RegTmp", "\") <> 0) $AddKey[$AddIdx] = $FullKy + SUBSTR ($RegTmp, 1, INSTR ($RegTmp, "\")-1) ; ** Remove trailing '\' character so ADDKEY performs properly $FullKy = $FullKy + SUBSTR ($RegTmp, 1, INSTR ($RegTmp, "\")) $RegTmp = SUBSTR ($RegTmp, INSTR ($RegTmp, "\")+1, LEN ($RegTmp)) $RegLen = LEN ($RegTmp) $AddIdx = $AddIdx+1 LOOP IF ($RegLen <> 0) ; ** Catch trailing registry key value to add (item after final '\' character) $AddKey[$AddIdx] = $RegKey $AddIdx = $AddIdx+1 ENDIF
$ChkIdx=0 DO IF EXISTKEY ($AddKey[$ChkIdx]) <> 0 $TmpKey = $AddKey[$ChkIdx] $con = ADDKEY ("$TmpKey") IF (@ERROR <> 0) $Err=$Err+1 $RegErrCnt = $RegErrCnt+1 $wri = WRITELINE (1, "Error @ERROR adding registry key: $TmpKey (@SERROR)" + $CR) ENDIF ENDIF $ChkIdx = $ChkIdx+1 UNTIL $ChkIdx = $AddIdx IF ($RegErrCnt = 0) $wri = WRITELINE (1, "Verified addition of logging registry key (Key: $RegKey)" + $CR) ENDIF RETURN
; ///////////////////////////////////////////////////////////////////////////////////////
; END REUSED SCRIPT COMPONENTS
; ///////////////////////////////////////////////////////////////////////////////////////
[ 23. August 2002, 01:13: Message edited by: bleonard ]
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
1 registered
(Allen)
and 382 anonymous users online.
|
|
|