Does the customer have a deployment technology in place to manage the devices and as such to remove the footprint left behind, e.g. Microsoft SCCM?
If that's the case it would be quite easy to "deploy" a services removal job to delete these "left overs"...
Thanks,
Dec 28, 2020 09:36 AM
Hi @JohnSorensenDK ,
Thank you for your reply! Do you have steps\script available to remove the services? i could see the jobs created which get created donot have a unique name. attached screenshot for your reference.
Thank you
Sasi
Jan 20, 2021 08:27 AM
You didn't mention whether you've got SCCM implemented but if you do a Google search using 'sccm example remove registry keys' as keywords provides a number of useful hits.
You can also use PowerShell to remotely remove registry keys, again Google search using 'powershell script to remove registry keys' as keywords provides good examples.
Services are placed in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services registry leaf...
A reboot will be needed to make them visually disappear from the Services list after they're deleted...
Thanks,
Jan 25, 2021 02:47 AM
Hi @JohnSorensenDK ,
Customer use SCCM and they can try with powershell as well. on internet i could see we have to use service\display name to delete the service but as i mentioned service name which is getting created are not unique it starts with mgs- and rest is filled with numbers(example mgs-[12345678}. so it is bit hard to identify the managesoft service that needs to be deleted. However i have tried with wildcard like below to identify & remove the service. It is yet to be tested. if you have any other better solution it would be very helpful.
Get-WmiObject win32_service | ?{$_.displayname -like '*mgs-*' -And $_.pathname -like '*sambeacon*'} | ForEach-object{ cmd /c sc stop $_.Name}
Get-WmiObject win32_service | ?{$_.displayname -like '*mgs-*' -And $_.pathname -like '*sambeacon*'} | ForEach-object{ cmd /c sc delete $_.Name}
Thank you
Sasi
Jan 25, 2021 04:17 AM
To stop the service remotely the following PowerShell syntax seems to be working for me (replace <device name> with a device to which you have remote admin access rights (but you can begin with localhost)):
Get-WMIObject Win32_Service -ComputerName <device name> | Where-Object{$_.Name -like 'mgs*'} | ForEach-object{ cmd /c sc stop $_.Name}
and obviously the delete syntax would be:
Get-WMIObject Win32_Service -ComputerName <device name> | Where-Object{$_.Name -like 'mgs*'} | ForEach-object{ cmd /c sc delete $_.Name}
Please be careful in testing that these commands don't delete other services that you don't want to delete from the environment, i.e. I would be run commands to list the services returned first...
Thanks,
Jan 25, 2021 09:36 AM - edited Jan 25, 2021 09:37 AM