I loved scripting and I loved getting rid of all that useless bundled trash that usually causes servers to run as slow as handheld games consoles. I also made it my personal mission to reduce every server's attack vector to something more manageable ... server administrators will know what I'm talking about here.
So it is with great delight that I take on the odd scripting challenge these days. My system administrator was trying to get rid of Macromedia Flash from all of the servers and I didn't blame her. Flash has been known to be a bit of a security vulnerability from time to time and a patch management headache especially as there is no legitimate reason for having it on a server. It's kind of like carrying a spare tyre on a scooter.
I was quite shocked to find that there were loads of complaints about this but no actual real batch script to deal with the problem. Most people were having access denied issues and other permission related errors. Here is my batch script listing:
c:\windows\system32\macromed\flash\uninstfl.exe -silent
@ping 127.0.0.1 -n 2 -w 1000 > nul
@ping 127.0.0.1 -n %1% -w 1000> nul
CACLS C:\WINDOWS\system32\Macromed\Flash\flash*.ocx /T /E /G EVERYONE:F
rd /q /s c:\windows\system32\macromed
mkdir c:\deleteflash
echo Dim WSHShell > c:\deleteflash\regdelete.vbs
echo Set WSHShell=Wscript.CreateObject("Wscript.Shell") >> c:\deleteflash\regdelete.vbs
echo WSHShell.RegDelete "HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\SafeVersions\" >> c:\deleteflash\regdelete.vbs
echo WSHShell.RegDelete "HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\" >> c:\deleteflash\regdelete.vbs
echo WSHShell.RegDelete "HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\" >> c:\deleteflash\regdelete.vbs
c:\deleteflash\regdelete.vbs
@ping 127.0.0.1 -n 2 -w 1000 > nul
@ping 127.0.0.1 -n %1% -w 1000> nul
rmdir c:\deleteflash\ /s /q
The reason for all the issues in clean removal is that the file(s) flash*.ocx has DENY permissions set for the EVERYONE group, hence the access denied error. Now why Macromedia would want to deny access to everyone is anyone's guess.
I scripted CACLS to give EVERYONE full control permissions before promptly sending it to oblivion. I say file(s) because there are about five or so versions on the the Windows servers I was looking at:
- Flash6.ocx
- Flash7.ocx
- Flash7a.ocx
- Flash7b.ocx
- Flash7c.ocx
- ... etc
So much for baseline management huh? No server was the same as the next.
Anyways, it negates the use of the Macromedia Flash cleaner listed on their website which is an executable file with no viewable source! Sneaky huh? Seems like a big file for what should just be the same as my script! Who knows what else they have in there.
In addition to the above, the script creates the regdelete.vbs script and deletes itself too. So there is only need for one remote batch script. Enjoy.
