UNINSTALL Internet Explorer 11 - IE11 - Re-Deinstallieren IE 11

 

Some times you may need to Uninstall Internet Explorer 11. It may get corrupt or what we don't hope you would need another browser.

99% of the websites run just fine if you understand Corporate tools like "ENTERPRISE MODE" (http://www.butsch.ch/post/IE11-Umsetzen-Unternehmensmodus-Enterprise-Mode.aspx).

Also keep in mind that in the last leaked CIA Wikileaks (*1) papers all other browsers and esp. Portable Version where mentioned as DLL Injectors. IE is manged by Group Policy

In your company so leave it like it is ;-) No there is NO Gpo for Chrome and Firefox.

 

uninstall IE11 with GUI (If you find it after 2 hrs in list of 800 Updates)

  1. Click the Start button, type Programs and Features in the search box, and then select View installed updates
  2. Under Unistall an update, scroll down to the Microsoft Windows section
  3. Right-click Internet Explorer 11, click Uninstall, and then, when prompted, click Yes

Using batch:

 

 

FORFILES /P %WINDIR%\servicing\Packages /M Microsoft-Windows-InternetExplorer-*11.*.mum /c "cmd /c echo Deinstalliere @fname && start /w pkgmgr /up:@fname /norestart /quiet"

 

Using cli with WUSA tool:

wusa.exe /uninstall /kb:2841134 /quiet

Check our Post for WUSA: http://www.butsch.ch/post/How-to-identify-WSUSWindows-Update-Patches-installed-on-a-Windows-7-in-Batch.aspx

 

If you have an PRE Installed IE11 from Microsoft or some OEM brand (Producer) then you may need to do add. steps to uninstall IE11.

1.    Cmd.exe to bring the Run box, type regedit and hit enter.

2.    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer

3.    Right-click on the Internet Explorer key, choose "New" and select "DWORD" value.

4.    Enter "InstalledByUser" as the name and hit "Enter" on your keyboard.

5.    Cmd.exe

%windir%\ie11\spuninst\spuninst.exe

 

*1 Reference mentioned Wikileaks around 02/2017:

 

Our Links:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

http://www.butsch.ch/post/How-to-identify-WSUSWindows-Update-Patches-installed-on-a-Windows-7-in-Batch.aspx

http://www.butsch.ch/post/IE11-Umsetzen-Unternehmensmodus-Enterprise-Mode.aspx

McAfee ENS 10.2/10.5 Uninstall Web Control fails

Uninstall MacAfee Endpoint Security WEB Control Modul 10.2 on a 10.5 machine.

Error 1336: There was an error creating a temporary File (System Error Code 5)

Well they had it once doucmented very well WITH no solution…

https://kc.mcafee.com/corporate/index?page=content&id=KB87728&locale=en_US&viewlocale=en_US

C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\scripts

So we check with procmon what he means with that GUI message:

C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\scripts\TBD641B.TMP

Yes sure, write under a Folder scripts a File with TMP extension for uninstalling a product? No other Malware Software is on the System.

So we exclude that path? Not the first time MacAfee product a) falls over product b) If you don't keep them all updated to latest all the time.

Fail

So some times the Windows Installer is missing MS-Sources files because noobs clear up space on a machine and delete als Cached files. Well McAfee has that in mind and puts the MSI Files in a separate Folder. But thst also does not solve it.

So here are the MSI to catch that:

Remove > FAIL

Repair > FAIL

Turn of all Protection from Threat protection > FAIL

Uninstall Plattform and Threat Protection

Threat > OK > Uninstall Web > FAIL

Plattform > No Deppendcy

What's this is this a HP BLADE Server? Am i on a Server?

Some how after that Message the "Web" part was away. I am not sure when we succeded but we has to try several times after we uninstalled the Prevention Part.

Magic has happend it's uninstalled all:

This was a Single installation. If this Happens in a Enterprise with EPO? ;-(

 

 

 

 

Exchange 2013 LED 441 4.4.1 Mail Flow stuck because of Receive Connector SELF MADE wrong

 

ERROR:

LED=441 4.4.1 Error encountered while communicating with the Primary Target IP address (Failed to connect. Winsock error code: 10060, Win32 error code 10060. Attempted failover to alternate host)

 

You see E-Mail in the Queue and have no E-Mail flow on Exchange 2013:

This can have following error sources:

  1. DNS Settings of NIC (Server)
  2. DNS Settings of Exchange itself (Not the OS DNS the under /ECP)
  3. HIDDEN OLD NIC as example replaced or in VM
  4. RECEIVE CONNECTOR with DUBLETTE criteria (SELF MADE which reflects built in CRITERIA)

 

Here is how to resolve in steps:

  1. Check if all AUTOMATIC Services from Exchange are running (Exchange 2013 CAN take Services DOWN if he thinks something is wrong)
  2. Restart full Exchange or all *TRANSPORT* Services
  3. Check your DNS Settings in Exchange ITSELF (/ECP) and on your NIC's (http://www.butsch.ch/post/Exchange-2013-451-470-Temporary-Server-errors-Please-Try-Again-Later-PRX.aspx
  4. Check if you have hidden NIC's (http://www.butsch.ch/post/W7-Show-hidden-Hardware-devices.aspx)
  5. Receive Connector > Check all additional RECEIVE Connector and IF they have common criteria with OTHER built in receive connector. If worst CASE both have the MANY identical Criteria on your SELF MADE you may have to change from Port 25 to 26. Test by removing the SELF MADE receive connector and Restart the Exchange. If Mail Flow is ok then it was the connector you made. (http://www.butsch.ch/post/Exchange-2007-2010-How-to-RELAY-ANONYMOUS-for-clients-or-Servers-(GermanEnglish).aspx) < THIS has not changed from 2007/2012 in terms of selection through Criteria.

     

     

Look out for IP ranges which are in Connector two times AND have the same setting on PORT, Authentication etc. If Exchange DOES not KNOW WHICH receive connector to take/use he will end up in a loop and may take down services in 2013 if this happen many times.

 

 

Some sample Connector Criteria:

Sample wrong Connector range which covers the "OTHER" Exchange Server which would have IP 192.168.200.10 and thus Exchange would FALSE use this connector for INTERNAL MAIL FLOW (Exchange Mail Flow). Beside this would open MAIL RELAY for the Full VLAN segment in Ransomware days.

 

 

Exchange Services:

Exchange Internal DNS

Exchange 2010/2013 POP or IMAP with Wildcard Certificate activation

You try to activate a WILDCARD Certificate for IMAP or POP Services for Exchange 2010.

Either GUI or Powershell this does not work as wanted:

Enable-ExchangeCertificate -Server ' exchange2010' -Services 'IMAP, IIS, SMTP' -Thumbprint 'C22E2AE9FC07C7DA55454522B0E0ACF996C8'

 

ERROR:

This certificate with thumbprint C22E2AE9FC0646473449422B0E0ACF996C8 and subject '*.butsch.ch' cannot used for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-IMAPSettings to set X509CertificateName to the FQDN of the service.

Solution:

Is to set the parameter with SET-POPSETTINGS and set-IMAPSETTINGS:

Set-POPSettings -X509CertificateName exchange2010internalname.butsch.ch

Set-IMAPSettings -X509CertificateName exchange2010internalname.butsch.ch

Restart the services:

restart-service MSExchangePOP3

restart-service MSExchangeIMAP4

Check what you changed:

Get-popsettings

Get-imapsettings

Technet Links:

 

Exchange 2010

https://technet.microsoft.com/de-de/library/bb691401(v=exchg.141).aspx

For Exchange 2013:

If you want this active FROM External (Which we don't recommend!) on your 2013 don't forget to set these parameters:

Set-POPSettings -ExternalConnectionSetting {mysamplenamethirdleveldomain.butsch.ch:995:SSL}

Set-ImapSettings -ExternalConnectionSetting {mysamplenamethirdleveldomain.butsch.ch:993:SSL}

https://technet.microsoft.com/en-us/library/jj657728(v=exchg.150).aspx

Exchange 2013 Log Options:

https://technet.microsoft.com/de-de/library/aa997690(v=exchg.150).aspx

Done forget to enable (Turn to automatic) the POP or IMAP3 Service and start it.

 

 

WIN 10 Debug Unattend Setup and malformed or Deprecated Options 1607.1

 

Changes in Windows 10 CBB Version 1607.1

There seem to be some Unattend option which don't work anymore or have changed.

For some reason nothing of that info can be found under:

https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/desktop/unattend/changed-answer-file-settings-for-windows-10-build-1607

We talk about this CBB 1607 Release which included updates from November 2016.

SW_DVD5_WIN_ENT_10_1607.1_64BIT_German_MLF_X21-27039.ISO

Here is the error you see:

Open the COMMAND LINE with:

SHIFT + F10

Hier findet man nicht viele Infos.

 

The Panther Directory

N

In dem Folder c:\windows\panther\unattendGC gibt es dann interessante Files.

Im setuperr.log sieht man warum Windows 10 die Unattend nicht sauber verarbeitet hat. Dies hat wohl vom CBB 1607 zum 1607.1 (November Kumulative) release geändert. Wir konnten dies im 1607 RTM ohne Probleme machen beim letzten ISO ging es nicht mehr.

Wir reden von dem ISO:

SW_DVD5_WIN_ENT_10_1607.1_64BIT_German_MLF_X21-27039.ISO

Auch die Option <WindowsFeature> geht wohl bei 1607.1 in der Form nicht mehr….

Es gab mal ähnliche Fehler schon bei anderen OS. Hier mit dem SHOWMEDIACENTER. Dies war es aber nicht. Trotzdem immer gut zu wissen.

https://support.microsoft.com/de-de/help/947303/error-message-when-you-perform-an-unattended-installation-of-windows-server-2008-windows-could-not-parse-or-process-unattend-answer-file-drive-windows-panther-unattend.xml-for-pass-oobesystem

 

 

Even now:

After REMOVE of the complete <WINDOWSfeature> stuff this also works under 1607.1 ISO. You will have to rip out those things with DISM after OS setup or within the WIM.

We TEND to NOT change THE wim ITSELF FOR ALL DEPLOYMENTS.

 

Some ENTEO/Frontrange related DIAGNOSE

If you have errors with Enteo/Frontrange/Heat in the First Windows PE Phase

Es gibt auch eine neue Methode dies im Windows PE selber zu machen. Falls das Problem ganz vorne liegen würde. Einfach beim COMPUTER Objekt (test Client) diesen Wert anpassen. Dann fragt Enteo selber und macht falls niemand was klickt in 5 Sekunden weiter.

Falls man ein separates DEBUG Windows PE machen will gibt es dazu FIX eine Option:

http://www.butsch.ch/post/EnteoFrontrange-Debug-MODE-PE-5X-WIN-10-aktivieren-in-Boot.aspx