Our enterprise deployed Microsoft's UPHClean (User Profile Hive Cleanup) utility prior to a domain migration on all our Windows XP/Server 2003 hosts.  In most instances, this application, even though it was deployed using msiexec, does not show up in Add/Remove Programs but is still active as a system service.

I would like to clean this service off of all our hosts as it serves no purpose and is causing some small havoc on certain hosts as it's still looking for the old domain.  However, it does not show up in K1000 inventories of installed software on the affected hosts.  Is there a way I can use the K1000 to remove or at the very least disable this service on every host in our domain where it still resides?

My research so far has not been successful.

Answer Summary:
From tshupp: 1) Create a Custom Inventory rule using the following syntax: RegistryKeyExists (HKLM\System\CurrentControlSet\Services\UPHClean) 2) Create a new Machine Smart Label in K1000 to find KACE clients that match the Custom Inventory Rule. From SMal.tmcc: 3) Under K1000 Scripting choose the Configuration Policy tab and then select "Enforce Registry Settings" to create your script that you'll apply against the Smart Label clients. 4) Syntax for the script in this particular case (disabling the service) should be: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPHClean] "Start"=dword:00000004 5) Make sure to include the line break after the registry location. Save the script and apply it after testing.
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

2

I believe it creates a registry key and subkeys at:

HKLM\System\CurrentControlSet\Services\UPHClean

You could create a custom inventory rule to identify machines with that key. That would ID the systems with it installed. Then use managed installs to remove via command line. There are a few uninstall strings found here, under inventory records:

http://www.itninja.com/software/microsoft/user-profile-hive-cleanup-service/1-15044

I'd take a look again for a software entry, though... as those inventory records are reported by customers' K1000s.

Answered 02/13/2013 by: tshupp
Second Degree Black Belt

  • Thanks for the info. I'll have to look into how to craft the custom rule and see if I can find something similar. I'm SQL-ignorant.
    • Custom registry rule for a registry key should be:

      RegistryKeyExists (HKLM\System\CurrentControlSet\Services\UPHClean)

      Give the software entry a name. (I like to preface all of my custom inventory rules with 'CIR:' so they stand out) You can then create a simple smart label (as SMal suggested) searching for software which matches 'CIR: UPHClean' or whatever you name it. Once you have the smart label, you can target either a script or a managed install. Managed installs can be used to uninstall, so if you're unfamiliar with scripts, that might be a different route to take.
  • Thanks, tshupp. I've created the Custom Inventory rule based on what you wrote above and it's polling successfully.
Please log in to comment

Answers

1

You can run a script based on the lable tshupp mentioned also.  You can create one manually or use the configuration policy -enforce registry settings to create a quick script.  Also you may just want to disable that service vs deleting the key.  To disable change the "start" key to 4.

Answered 02/14/2013 by: SMal.tmcc
Red Belt

  • Steve,

    Thanks for the suggestion. Unfortunately, I don't know how to create scripts yet. The couple that I've implemented were ones I found. I'll look into it some more. I see the configuration policy. Now I'll just have to research the syntax.
  • to delete the key
    reg.exe /delete HKLM\System\CurrentControlSet\Services\UPHClean /f
    to disable
    reg.exe /add HKLM\System\CurrentControlSet\Services\UPHClean /v start /t REG_DWORD /d 4 /f
    • Steve,

      Thanks again for your continued help. I did create a script with the configuration policy > enforce registry settings tool, and I copied your syntax above for disabling the service. I then ran the script against one test machine, but it didn't change the "Start" value to 4. It remained at 2. Not sure where the problem lies, but I'm guessing it's what i actually put in the script.

      I'll poke at it some more.
      • see pic I posted as new answer for syntax.
Please log in to comment
0

Answered 02/15/2013 by: SMal.tmcc
Red Belt

  • Steve,

    I altered the script I have to match your syntax, but I'm still not having any success. Registry key on my test system is still showing a value of "0x00000002(2)."

    I've added pics of my configuration and the results on the test PC after running the script.
  • Thanks, Steve! That did the trick. Now I can apply it to my machine smart label.
Please log in to comment
0

 

Answered 02/15/2013 by: KFox
Purple Belt

  • try putting it on two lines like I did, all of our working registry policies have two lines.

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UPHClean]
    "start"="00000004"
    • I am not sure what kace does in the background to run this but if they do it as a merge file this matches a typical merge file layout

      example of reg merge file:

      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UPHClean]
      "Type"=dword:00000010
      "Start"=dword:00000004
      "ErrorControl"=dword:00000000
    • I can do run now in the script with this layout and refresh the registry editor and see the change.
      • That's what I saw as well. I ran the script against a remote PC on which I had a network registry view, and after the successful run of your script, I refreshed and saw the change.
    • I commented in the wrong spot above, so here's another:

      That splitting of lines did the trick, Steve. Thanks for all your help and patience with my n00bery.
      • This content is currently hidden from public view.
        Reason: Removed by member request
        For more information, visit our FAQ's.
  • Actually, it wasn't quite resolved yet.

    Instead of creating a DWORD value of 0x00000004(4), the script created a REG_SZ value of 00000004. I looked at your comment above detailing an example of a reg merge file and changed the second line to say "Start"=dword:00000004 and then tested successfully against several hosts.

    Thanks again.
Please log in to comment
Answer this question or Comment on this question for clarity