This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 25th, click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to delete the services created by Agent less inventory scan

sasikumar_r
By
Level 7

Hi ,

Agentless inventory(Zero foot print) scan has created 4 services(screenshot attached), anybody know how to remove those services from the devices. Is there any option to remove the services automatically by any policy from beacon server.

 

Thank you

Sasi

‎Dec 22, 2020 02:00 AM

Preview file
288 KB
(5) Replies

JohnSorensenDK
By Moderator Moderator
Moderator

@sasikumar_r 

Does the customer have a deployment technology in place to manage the devices and as such to remove the footprint left behind, e.g. Microsoft SCCM?

If that's the case it would be quite easy to "deploy" a services removal job to delete these "left overs"...

Thanks,

‎Dec 28, 2020 09:36 AM

sasikumar_r
By
Level 7
In response to JohnSorensenDK

Hi @JohnSorensenDK ,

Thank you for your reply!  Do you have steps\script available to remove the services? i could see the jobs created which get created donot have a unique name. attached screenshot for your reference.

 

Thank you

Sasi

‎Jan 20, 2021 08:27 AM

Preview file
160 KB
0 Kudos

JohnSorensenDK
By Moderator Moderator
Moderator
In response to sasikumar_r

@sasikumar_r 

You didn't mention whether you've got SCCM implemented but if you do a Google search using 'sccm example remove registry keys' as keywords provides a number of useful hits.

You can also use PowerShell to remotely remove registry keys, again Google search using 'powershell script to remove registry keys' as keywords provides good examples.

Services are placed in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services registry leaf...

A reboot will be needed to make them visually disappear from the Services list after they're deleted...

Thanks,

‎Jan 25, 2021 02:47 AM

0 Kudos

sasikumar_r
By
Level 7
In response to JohnSorensenDK

Hi @JohnSorensenDK ,

Customer use SCCM and they can try with powershell as well. on internet i could see we have to use service\display name to delete the service  but as i mentioned service name which is getting created are not unique it starts with mgs- and rest is filled with numbers(example mgs-[12345678}. so it is bit hard  to identify the managesoft service that needs to be deleted. However i have tried with wildcard like below to identify & remove the service. It is yet to be tested. if you have any other better solution it would be very helpful.

Get-WmiObject win32_service | ?{$_.displayname -like '*mgs-*' -And $_.pathname -like '*sambeacon*'} | ForEach-object{ cmd /c  sc stop $_.Name}

Get-WmiObject win32_service | ?{$_.displayname -like '*mgs-*' -And $_.pathname -like '*sambeacon*'} | ForEach-object{ cmd /c  sc delete $_.Name}

 

Thank you

Sasi

‎Jan 25, 2021 04:17 AM

0 Kudos

JohnSorensenDK
By Moderator Moderator
Moderator
In response to sasikumar_r

@sasikumar_r 

To stop the service remotely the following PowerShell syntax seems to be working for me (replace <device name>  with a device to which you have remote admin access rights (but you can begin with localhost)):

Get-WMIObject Win32_Service -ComputerName <device name> | Where-Object{$_.Name -like 'mgs*'} | ForEach-object{ cmd /c  sc stop $_.Name}

and obviously the delete syntax would be:

Get-WMIObject Win32_Service -ComputerName <device name> | Where-Object{$_.Name -like 'mgs*'} | ForEach-object{ cmd /c  sc delete $_.Name}

Please be careful in testing that these commands don't delete other services that you don't want to delete from the environment, i.e. I would be run commands to list the services returned first...

Thanks,

‎Jan 25, 2021 09:36 AM - edited ‎Jan 25, 2021 09:37 AM

0 Kudos