Product Version: 6.5.0.0
Overview
In scenarios where a large number of devices have Saner CVEM agents that are not connecting to the server, it becomes necessary to uninstall the agents and reinstall the latest version. This ensures that all agents actively connect to the server and are listed correctly on the console.
When the agents are in an offline state, they cannot be uninstalled via the user interface (UI). Additionally, manually uninstalling the agent from each device using the command line is time-consuming and impractical for large-scale environments.
To address this, we recommend automating the uninstallation process using Active Directory Group Policy Object (GPO) settings. This approach minimizes manual effort and ensures consistent execution across all targeted devices.
Solution
Step 1: Prepare the Batch Script for Uninstallation
Open a text editor (e.g., Notepad) and enter the uninstallation command.
Ensure File and Print Sharing is enabled on all target devices.The /S parameter runs the uninstallation silently, without user interaction.
"C:\Program Files (x86)\SecPod Saner\Agent\6.5.x.x\bin\spsaneruninstall.exe" /S
Save the file with a .bat extension (e.g., agentun.bat).
Copy the batch script to a network-shared folder that is accessible by all target devices.
Ensure the shared folder has read permissions for the devices.
Step 2: Create a New GPO Policy in Active Directory
Log in to the Group Policy Management Console.
Identify the devices requiring uninstallation and group them into a new Organizational Unit (OU).
Example: Create an OU named Uninstall and move test devices into this OU.
Right-click the OU and select Create a GPO in this Domain, and Link it Here.
Provide a descriptive name for the GPO (e.g., Uninstall_SanerCVEM_Agent).
Step 3: Configure the GPO Policy
Right-click the newly created GPO and select Edit to open the Group Policy Management Editor.
Navigate to:
Double-click Startup, then click Add.
Browse to the batch script saved in the shared folder and select it.
Leave the Parameter field empty.
Click OK and then Apply to save the configuration.
Step 4: Enforce the GPO Policy
Return to the Group Policy Management Console.
Right-click the newly created GPO and ensure the following options are enabled:
Enforced – Ensures the policy is applied to all devices in the OU.
Link Enabled – Activates the GPO for the linked OU.
Review the configuration to confirm the GPO is correctly linked.
Step 5: Validate the Uninstallation Process
Before applying the policy to production devices, validate on a small subset of systems:
Reboot one or two devices in the test OU.
Verify results:
Before Reboot: Devices appear on the Saner CVEM console but show inactive status.
After Reboot: The Saner CVEM agent is successfully uninstalled.
Best Practices and Recommendations
Test Before Full Deployment: Always validate the policy on a few devices before rolling it out network wide.
Use a Separate OU for Testing: Isolate test devices to prevent accidental impact on production systems.
Reinstall Latest Agent: After uninstallation, deploy the latest Saner CVEM agent to reestablish connectivity with the server.
Conclusion
By automating the uninstallation process using Active Directory GPO settings, administrators can efficiently remove the Saner CVEM agent from multiple devices without manual intervention. This approach saves time, ensures consistency, and provides a reliable foundation for reinstalling the latest agent version to restore proper communication with the Saner CVEM server.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article