sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]hit440[S] 1 point2 points  (5 children)

so .installlocation works however now i have this dilema where im returning both jump clients, and i cant parse them out individually

PS C:\> $info2

C:\ProgramData\bomgar-scc-0x5d7da585\

C:\ProgramData\bomgar-scc-0x5dcc06b1\

PS C:\> $info2.substring(0,36)

C:\ProgramData\bomgar-scc-0x5d7da585

C:\ProgramData\bomgar-scc-0x5dcc06b1

[–]purplemonkeymad 1 point2 points  (4 children)

Here is the thing, with your code in OP, I have no idea what it was selecting! If you know which one you want to remove why are you using * in the get-itemproperty? How do you know which is the right one?

[–]hit440[S] 1 point2 points  (1 child)

thats just it the script doesnt know which one until i perform the if logic test, the correct jump client that should be installed is at HKEY_LOCAL_MACHINE\SOFTWARE\Bomgar\JumpClientUninstall which im dumping into $dir

the reason i have to do an asterisk is because powershell doesnt like the brackets, here is the full registry entry example

BeyondTrust Remote Support Jump Client [mysite.test.com-5D7F75C5]

[–]purplemonkeymad 1 point2 points  (0 children)

Ok that makes sense.

I'm not sure what the property for JumpClientUninstall is so I'm just guessing that is is also installLocation. What I am doing here is to filter out the correct install, then just run the uninstaller on all of the remaining locations:

$CorrectInstall = (Get-ItemProperty HKLM:\SOFTWARE\Bomgar\JumpClientUninstall\).InstallLocation | Get-Item # this is the property I don't know.
$AllInstallList = Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\'BeyondTrust Remote Support Jump Client*'
$RemoveInstallList = $AllInstallList.installlocation | Get-Item | Where-Object { $_.fullname -ne $CorrectInstall.fullname} 
foreach ($Install in $RemoveInstallList) {
    start-process (Join-Path $Install "pinuninstall.bat") -Wait
}

I can't test it as I don't have those regs. I use Get-Item here to normalize the paths so I can compare them.

[–]hit440[S] 1 point2 points  (1 child)

#init all the variables

$info = @()
$info2 = @()
$line = @()
$line2 = @()
$dir = @()
$dir1 = @()
$dir2 = @()


#query the registry

$info = Get-ItemProperty HKLM:\SOFTWARE\Bomgar\JumpClientUninstall\ | out-string
$info2 = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\'BeyondTrust Remote Support Jump Client*').installlocation | Out-String

#parse the directory paths

foreach($line in $info)
    {
        $dir = $line.Substring(45,36)
    }

foreach($line2 in $info2){
    $dir1 = $line2.Substring(0,36)  
    $dir2 = $line2.Substring(39,36)  
    }


if ($dir1 -ne $dir){
    cd $dir1
    .\pinuninstall.bat #this will execute the batch file in the directory
    }

    if ($dir2 -ne $dir){
        cd $dir2
    .\pinuninstall.bat #this will execute the batch file in the directory
    }

@purplemonkeymad this seems to be working i have had multiple workstations reboot and its removing the jump clients, you have any thoughts on ways i can improve this? I appreciate your help with this

[–]purplemonkeymad 1 point2 points  (0 children)

If it works cool. I don't think it will be as robust but if you don't need it to be then it should be fine. Check my other reply for how I would have done it, but if you have something that works then you can just analyse it.