Uninstalling the PAM360 Agent from Multiple Endpoints via Windows Group Policy Objects (GPO)
This document details the steps needed to uninstall the PAM360 Agent from multiple endpoints using Windows Group
Policy Objects (GPO). Click here to download the
PAM360-Agent-Script zip file. Unzip the file and extract the PAM360AgentInstallationScript.ps1 and
PAM360AgentUninstallationScript.ps1 files.
Steps to Add the Uninstallation Script in the GPO
- Right click the name of the GPO you created from the left pane and click Edit settings, delete,
modify security. The Group Policy Management editor window will open.
- Expand the Policies >> Windows Settings folders. Double click
Scripts. In the Scripts window, click Startup and then click
Properties.
- Switch to the PowerShell Scripts tab and click Show Files. The network
directory will open up.
- Now, paste the PAM360 agent Uninstallation PowerShell script file in the GPO network location.
- Click Add, add the PAM360AgentUninstallationScript file name under Script
Name. Click Apply and OK again to save the settings.
- In the GPO editor, expand Administrative Templates in the left pane. Expand the
System folder under it and open Group Policy.
- Under the Group Policy folder, right click Specify workplace connectivity wait time for policy
processing.
- In this window, click the Enabled option. Enter the Amount of time to wait
as 120 seconds. Click Apply and click OK to save the settings.
- The GPO will be applied. Once you restart all the target endpoints, the PAM360 Agent PowerShell script will
be invoked and the agent will be uninstalled in the target machines.
- After successful uninstallation, disable the startup script for the GPO you created (AgentGPO in this
example). This will ensure that the script is not invoked every time the target machines are restarted.
Once you have uninstalled the old agents, follow the steps in this link to install the C#/Go agent using GPO.
Troubleshooting Steps
Ensure that the AgentGPO has a higher precedence than the other GPOs. This is to make sure that the other GPOs
don't override the permissions of the AgentGPO.
To check this, click the GPO name, right click the Enforced option and check if it is enabled.