Page 1 of 1
[SOLVED] Password to uninstall the agent
Published: June 21, 2022 - 3:50 PM
by Renaud Villet
Hello
, is it possible to set a password to secure the uninstallation of the WAPT agent?
Thank you.
Re: Password for uninstalling the agent
Published: June 21, 2022 - 5:14 PM
by jacky35
+1
Re: Password for uninstalling the agent
Published: June 21, 2022 - 11:09 PM
by vcardon
Currently, no, because logically we consider that a local administrator of the machine should have all rights, including the right to uninstall the WAPT agent.
Local Admin is Local Admin; WAPT's objective is not to deprive a legitimate admin user of their rights.
WAPT self-service addresses this practice of granting admin rights to a user on a workstation by allowing them to install software even though they don't have admin rights.
What use cases led you to ask your question?
Re: Password for uninstalling the agent
Published: June 22, 2022 - 09:37
by sfonteneau
I agree with what Vincent said
If it's really necessary with a package, you need to modify:
Code: Select all
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WAPT_is1\UninstallString
To replace with a small script that asks for a password
Otherwise, you delete it completely
Code: Select all
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WAPT_is1
And the software will no longer appear in appwiz.cpl
But if the user is an admin, they can ultimately do whatever they want... even switch to a system account
Re: Password for uninstalling the agent
Published: June 22, 2022 - 11:14
by Renaud Villet
So, in theory, yes, you're right.
But in practice, there are always special cases, especially when managing a large number of machines!
This option would therefore be quite useful for avoiding some problems...
Re: Password for uninstalling the agent
Published: June 22, 2022 - 12:33
by sfonteneau
C:\Program Files (x86)\wapt\uninstall.py:
Code: Select all
import waptguihelper
import hashlib
from setuphelpers import run
password = waptguihelper.login_password_dialog("Uninstall WAPT","Uninstall WAPT",'Uninstall WAPT',"")['password']
hashpassword = hashlib.sha256(password.encode('utf-8')).hexdigest()
print(hashpassword)
if hashpassword == '31f7a65e315586ac198bd798b6629ce4903d0899476d5741a9f32e2e521b6a66':
run(r'start "" "C:\Program Files (x86)\wapt\unins000.exe"')
then edit:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WAPT_is1\UninstallString
and add:
Code: Select all
"C:\Program Files (x86)\wapt\waptpython.exe" "C:\Program Files (x86)\wapt\uninstall.py"
Should work
Re: [SOLVED] Password for uninstalling the agent
Published: June 22, 2022 - 5:07 PM
by Pierre Baridon
Hello,
Indeed, in practice we will always have users with administrative rights, even if WAPT allows us to limit this.
For example, the antivirus we deploy is managed and password-protected against uninstallation because we don't want users (even if they are administrators of their machines) to be able to uninstall it.
We would like to be able to do the same with WAPT to avoid "losing" machines.
Sincerely,
Re: [SOLVED] Password for uninstalling the agent
Published: June 22, 2022 - 6:34 PM
by dcardon
Hello,
to implement effective uninstallation protection, I think there's no other option than to create a kernel module. I don't believe WAPT can do that.
You could check with your antivirus software to see if it can protect certain paths.
Regards,
Denis