Uninstall Symantec from all PCs in a Domain

Last time, I posted about some leftover permission issues for FlowerCo and the Enterprise Admins group.  Today, I will explain how to remove Symantec from all the workstations in the domain. Most of this comes from this awesome post by Locutus, and if I could send this guy a beer over the internet, I would.

FlowerCo’s Symantec rollout is a combination of a misconfigured old central server, a new central server with no managed clients, and workstations that are all unmanaged clients. The great thing about this is that none of the clients are managed, so there isn’t any password needed to remove them from the workstations, which makes this a lot simpler. The bad thing about this is that the clients are all running the full endpoint protection suite, so remotely uninstalling them will briefly disconnect them from the network.  Don’t run this command during business hours unless you like having your phone suddenly ring off the hook.

Find the GUID for Symantec’s uninstall command (it’ll be buried somewhere in HKLM\Software\Microsoft\Windows\Current Version\Uninstall), then from a machine logged on as Domain Admin, run the following command (you’ll need the PsTools suite from SysInternals):

psexec \\* MsiExec.exe /norestart /q/x{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D} REMOVE=ALL

This will run the uninstall command on every machine in the domain. The /norestart should be obvious, the /q makes the uninstall silent, and the /x enables logging. You can substitute other installer GUIDs to uninstall those products too.

This does not remove LiveUpdate.