Friday, November 18, 2016

The Elusive Agent





   Are you concerned about an end user uninstalling the Remote Management Agent, but cannot remove local administrative permissions on System?  Here's a way to make the Agent more elusive which can help remove the burden!


BEFORE PROCEEDING, PLEASE MAKE SURE YOU ARE COMFORTABLE MAKING CHANGES TO THE REGISTRY.


DISCLAIMER: Modifying the registry can cause serious problems that may require you to reinstall your Operating System. We cannot guarantee that problems resulting from modifications to the registry can be solved.  USE THE INFORMATION PROVIDED AT YOUR OWN RISK.

  1. Open the registry on a target system housing the RMM Agent and locate the registry entry for the "Advanced Monitoring Agent".
    • The registry path on a 64-bit platform is: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Monitoring Agent_is1
    • On a 32-bit platform, you can remove the "Wow6432Node" from path above
  2. Modify the string name of string shown as "DisplayName" (the entry with "Value data" of "Advanced Monitoring Agent") to be "NoDisplayName"
  3. Close the registry editor and review "Programs and Features" (Your list of locally installed applications).  "Advanced Monitoring Agent" should no longer show in view!
Hive location for Advanced Monitoring Agent

You may also want to hide the Active Discovery feature named Advanced Monitoring Agent Network Management.  Continue searching the registry for 'Advanced Monitoring Agent'.  When you do this, you will arrive to a key path of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F88FE7C0-2B64-405B-9197-25F8BE135460}_is1.  Change "DisplayName" to "NoDisplayName" and you will find the same results as above (the Application will no longer show as an installed entry).



Should you wish to perform the procedure defined within this article in a more programmatic manner, you can look at Scripting the solution.  If you need a little help in doing so, check out the easy-to-use "Automation Manager" in the RMM Dashboard.  A quick webinar to guide with using the Automation Manager can be found here.

And don't worry about "losing" the applications yourself! Both agents above are still controlled and/or automatically uninstalled via the dashboard.  Simply delete the device and all features are uninstalled, or if you want to remove Active Discovery you can simply disable it in its Settings View.

Hope this helps, and take care!