Preface: Often in our line of work, the answer requires a little digging. The purpose of this post is to walk you through my thought process in an effort to illustrate how I go about linking disparate pieces of information together to arrive at a solution.
Last week, I was tasked with creating a script to silently uninstall an application across a managed environment with nearly 800 endpoints spanning multiple physical locations and at least 3 separate domains – that was the easy part.
The hard part was that this application was installed as .EXE file rather than an MSI package (i.e. I couldn’t just script out msiexec /x…). While it did have an uninstall.exe file, this called the GUI uninstaller, and I wasn’t about to have someone go through and click ‘next’ ‘next’ ‘next’ for each one!
Many .EXE’s have CLI parameters you can invoke, so I started with the usual suspects:
- uninstall.exe /?
- uninstall.exe –?
- uninstall.exe /help
- uninstall.exe -help
- uninstall.exe –help
None of these worked (it wouldn’t be post-worthy if it was that easy)!
Next, I went looking for any documentation that was available for the application – I had:
- Googled the manufacturer for any documentation/examples – nada
- Read all of the .txt files in the installation folder – zilch
- Reviewed the .ini and .config files for clues, saw something vaguely useful – a reference to “NSIS” – tabled it and kept looking
Finally, I decided to use SysInternals Process Explorer to inspect the application:
- Run the application you want to inspect
- Open Process Explorer (as administrator)
- Find the application on the list
- Right click on the application and select “Properties…”
- Under the “Image” tab, you will see a field for “Command line:”
The Command line will tell you what commands/switches it runs. In this case, the uninstall.exe was running with the switch, “_?=C:\Program Files\[Application Name]”.
I decided to Google the switch itself, which lead me to the Nullsoft Scriptable Install System documentation. I was able to work out that the application used NSIS to create the installer/uninstaller package, and through that, found some examples, one of which (/S) runs the installer/uninstaller silently!
This was exactly what I was looking for! All I had to do was append the command with “/S”, and sure enough, it removed the application without any prompts or launching the GUI!
It just goes to show that persistence pays off, and a little time and effort can save your organization/client hundreds of hours of manual work.