I have recently installed Endpoint Manager to remotely manage 20 x office laptops. Unfortunately these came with bloatware and instead of doing a fresh Windows reinstall on each machine, my plan was to remove all of the bloatware remotely via Itarian. Unfortunately I am having the following difficulties:
After selecting an application to uninstall (e.g. HP Wildtangent Games), I am waiting 20 minutes or longer before the uninstall screen pops up on the target laptop. Sometimes nothing happens at all. I am only testing this one a single laptop also.
The uninstaller application is popping up on the target laptop and asking me to confirm administrator password (AzureAD).
The laptops are for employees so not administrators, but what is the purpose of having an Endpoint manager if a) it takes so long for uninstallers to run, and b) when they do run, it’s asking the user to confirm the uninstall and then they require an administrator to type in the password!?
Hello @Hi@controlz
We are glad to hear of your interest for the ITarian platform. We recommend that you reach out to success@itarian.com to familiarize yourself with the ins and outs of the platform.
To answer your inquiries, we would like to inform you that the Endpoint Manager (EM) client is your main link to your enrolled endpoints to manage and monitor them from the EM portal. Even though it is designed to ‘manage’ the endpoint, it will still respect the current assigned permissions of the currently logged in user account. What you experienced is the expected behavior when logged in to a non-administrator user account.
We are not sure how you performed the ‘uninstall’ action through the EM (portal and/or client) as to why you have to wait for ~20 minutes before you could see any visual cue of the process. But we suggest that you utilize a (custom) procedure / script to accomplish your goal here of removing the bloatware from your managed endpoints. You can run an ‘elevated’ procedure (to give it system-level access) on multiple ‘targets’ at the same time. Of course, you can always remote in to the endpoint using the Remote Control (by ITarian) to manually perform this actions (more likely to be tedious).
What information do you need to understand the uninstall action I used? I simply did the following:
Device List > Device X > Software Inventory > HP Application > Uninstall Application(s)
After waiting 20 minutes the first time, nothing happened, so I tried it again and then after about 10 minutes the endpoint was prompted to do the uninstall… I have no idea why it is so delayed. I have tried it multiple times on other endpoints and it’s the same. This shouldn’t need a custom procedure.
With regards to Administrator access, how do large corporations handle patch management then with remote laptops? It is not possible to remotely access each laptop and log them in as an administrator. Surely there is a way for EM to be verified by the system in order to uninstall in the background without disturbing the user…
After waiting 20 minutes the first time, nothing happened, so I tried it again and then after about 10 minutes the endpoint was prompted to do the uninstall… I have no idea why it is so delayed. I have tried it multiple times on other endpoints and it’s the same.
Client-server latency is the best reason we can offer to you as to why this is happening. The server region where your C1 / ITarian account is hosted compared to the physical location of your managed endpoints mainly contributes to that latency.
About the ‘administrator access’, we missed a statement in our initial reply wherein “the EM client still respect the current assigned permissions of the currently logged in user account”.
Not all ‘interactions’ from the EM portal to the EM client are deployed with ‘normal’ access level. Normal here refers to whatever is the access level of the currently logged in user account. An example is the patch management for OS updates which relies on the Windows Update service. Commands sent to the Windows Update service are usually on the SYSTEM-level (if it’s below that, WU is most likely damaged/compromised).
Our laptops are running off a 1Gb leased line in London so there certainly should not be any delays. What is the normal length of time it should take before an uninstall takes place after sending the request through on EM?
In your portal you can configure the checking times for agents, the default is 15 minutes meaning if you submit a request on the 14th minute it will take one minute until it checks and does it, or you could submit on 1st minut have have 14 to do wait.
Uninstall via the EM is user level which is a pain, but when you think about it your not able to pass switches to the uninstaller via this so would not be sliebt even if it did elevate to admin.
Scripts are the best way, but means you might need a set of them of one master script that removes all bloatware.
Might also be possible to download and script tools like PC Decrapifier.