Tag Archives: Kaseya

MS13-036 Security Update KB2823324

This patch has several issues and should NOT be installed on your system at this time.
If you have installed this patch it is recommended that you remove this patch before you reboot.

This patch has been causing the Event ID 55, or a 0xc000021a Stop error in Windows 7 upon rebooting. If you are using Kaspersky as your Anti-Virus this patch will cause Kaspersky to fail to load properly causing it to report a failure with your license. After you have removed the patch you will have to revalidate your Kaspersky install.

Please refer to http://support.microsoft.com/kb/2839011 for more details.

If you wish to script the removal of this patch you can do so using the following command:

%SYSTEMROOT%\system32\wusa.exe /uninstall /kb:2823324 /quiet /log /norestart

You can also use DSIM to remove the patch with the following command:

32 Bit
dism /image:C:\ /remove-package /PackageName:Package_for_KB2823324~31bf3856ad364e35~x86~~6.1.1.1
64 Bit
dism /image:C:\ /remove-package /PackageName:Package_for_KB2823324~31bf3856ad364e35~amd64~~6.1.1.1

Domain Joins from PowerShell

I have been working in Kaseya a bit and I have had issues with domain joining systems and rejoining systems to domains. I would have even liked to rename systems if I could. After searching and testing many different ideas I have com across PowerShell’s way of domain joining systems.

Help for Add-Computer in Powershell

In Powershell V2 there is a new cmdlet called Add-Computer and it has more power than the GUI version of the domain joining system.
PS C:\> Add-Computer [-DomainName]  [-Credential ] [-OUPath ] [-PassThru] [-Server] [-Unsecure] [-Confirm]
PS C:\> Add-Computer [-WorkGroupName] [-Credential ]

The command below I will be joining the domain “testdom.local” and have already said what account I want to use to do this. This will result in the need to enter a password but that is a simple step. The -passthru switch will give me some basic details about the domain join.
PS C:\> Add-Computer -domainname testdom.local -cred testdom.local\administrator -passthru
You can even specify an Orginization Unit using the switch -OUPath if you did not want to move the system to a different OU after it has been joined to the domain.

The place that this is cmdlet great for anyone running a managed service system like Kaseya is when you can remove a computer from a domain and change the computers name and rejoin the domain. To change a systems name you can use the following command.
PS C:\> Add-Computer -workgroup workgroup -newname testsys01 -force -restart
The switch -Force will suppress the confirmation boxes since the cmdlet Add-Computer asks for confirmation on all commands. The final switch will -Restart will do exactly what it says, it will restart the system after it has run since a restart is often required to make the changes effective.

Removal of Trend Worry Client/Server Security Agent Manually

I have recently needed to replace the current antivirus on all the workstations at a site. The installed antivirus was Trend WFBS and removal is normally simple except under a few situations.

The first issue is very simple the system is offline. Now all you can do is turn it on and remove it, nothing interesting here unless you are not in the office and doing this remotely.

The second issue is roaming systems, Trend does not let you send commands to a system that is roaming so this will be a small problem if the system never come back to the office.

The third issue is that Trend will not uninstall an agent if Internet Explorer is open on the system. This issue might be simple call the user tell them to close IE and issue the command again. The problem is that the Trend console does not tell you that it had an error uninstalling from the system.

I was able to solve both issue two and three using Kaseya, the management tool that we have installed on all the systems we manage. This was done simply with a custom procedure.

  • Close Internet Explorer, and Firefox.
  • Set the registry key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Allow Uninstall” to the value “1” permitting uninstall without entering the admin password.
  • Run the uninstall agent “C:\Program Files (x86)\Trend Micro\Client Server Security Agent\NTRmv.exe”

After this has run I can now install the new antivirus on the systems, I recommend using Kaseya’s implementation of Kaspersky if you are able.

I have attached the procedure for anyone that wish to have a copy of the procedure.
Procedure Remove Trend Micro Client-Server Security