7 Replies Latest reply on Feb 23, 2017 5:54 AM by rsteele77

    Removal via GPO?


      <p>Greetings..  I'm in a mixed environment of McAfee and Symantec products.  The powers that be have chosen Symantec to be our Security product vendor.  Currently, the McAfee clients report to an EPO server, and on their installs with FramePkg.exe, it installed the AV, DLP, and HIPS.  We need to remove those products in whatever order is best.  However, the control to prevent a regular user from removing these products has been enabled, so we are getting errors running basic MSI uninstall strings, and we don't want to have to enter the password on each client.



      Best question is, Is it possible to link a EPO/GPO to a new Active Directory OU that we can move clients into, so the inherit the updated policy to allow automated removal using MSI strings?  Once they are gone, a reboot and install process for the new products will be initiated.



      We just don't want to blanket disable the password requirement for all clients if possible, so we can do these in batches of 100 at a time.




        • 1. Re: Removal via GPO?

          Could you kindly apprise us of which particular McAfee product you are referring to? This will give us an idea of where to move this discussion for better exposure and better chance of assistance.


          Thank you



          Consumer Products

          • 2. Re: Removal via GPO?

            We need to remove the McAfee Av, DLP, and HIPS modules.


            Thanks, ricka

            • 3. Re: Removal via GPO?

              So are you saying I need to move to *ePO* or *DLP*?



              • 4. Re: Removal via GPO?

                I guess move to EPO.  I have not used much on the McAfee side, and those who manage the EPO don't seem to know what to do either, so I'm helping out as I can.  If we can create an additional workgroup in EPO, then set a different set of policies to machines in the group, that would work as well.

                • 5. Re: Removal via GPO?

                  Thank you for the confirmation I will move your thread to (ePO).


                  Moving to (ePO)

                  • 6. Re: Removal via GPO?

                    You could do this without GPO.  Create an ePO group and assign an uninstallation task to that group for each product you need to remove.  Move systems into that group and let the product uninstall.  Then, when the product have been removed, delete the systems from ePO and select the option to "Remove Agent on next Agent-Server communication". 

                    • 7. Re: Removal via GPO?

                      Thank you tkinkead!  I had an idea that is how it would work, but as I am not the one in front of the ePO console, I wanted to reach out to those with more experience.  I have a feeling the guy who does watch over it, was placed in the seat after it was fully configured and doesn't seem to know much about it unfortunately.  One of the reasons why the management team decided to run with Symantec.  My company is larger than the company we just bought, so our management won the argument over product choice.


                      Anyway, I will show this in our next meeting to discuss.  Thank you again!