NEW: Atera Agent uninstall prevention
Thank you to our community for suggesting this new feature via User Voice, Atera's features board!
You now have the option to prevent end-users from uninstalling the Atera agent on Windows devices.
Go to Admin > Settings > Agents > Select "Prevent end users from…" > Save
For more information, visit the following Knowledge Base article here.
To add your ideas to User Voice, you can access the features board by going to Resources at the top of the Community page > Got an idea? > User Voice > Describe and post your idea!
Comments
-
Hi Nina,
Can you please confirm if this will work for existing agents as well or its only for new agents (after we enable the feature under settings)?
Kind regards,
Sandeep
1 -
Hi @sandeep.h - It works for previously installed agents, agents that have the latest version, 1.8.5.6.
You only need to enable the feature, and your end users will not be able to uninstall the agent!
4 -
Very nice - thanks for all the work to make this a reality Atera Team!
3 -
@nina - From the KB article you linked to, I see the following exceptions to the restricted uninstall of the Atera agent:
Exceptions include using system privileges (GPO, CMD, Powershell, WMI), deleting the device from the Atera console, setting "UninstallOverride"=true in the registry, or if "integratorlogin" is missing from the system settings.
Is there somewhere else that expands on this a little further?
- Do "system privileges" mean a local administrator, the SYSTEM account, or a user with an elevated admin token?
- Where exactly should the
UninstallOverrideproperty exist in the Windows Registry, and what type is it? - If the
IntegratorLoginproperty is missing, when does it need to be missing? When the Atera agent starts?
2 -
Finally it's here! We have been waiting a very long time for this!
Just tried it and it seems so work properly.
A user which has local admin rights was not be able to uninstall the agent. A message box popped up saying uninstalling is blocked.A little clarification regarding the exceptions would be great!
1 -
Please give some actual detail on how this prevents users from uninstalling. Most software that has this type of feature, there's an "Uninstall Password" we set to prevent uninstallation.
1 -
👍️
0 -
Hey all,
I'm very happy that we were able to release this feature that you have requested :)
Here is some clarification:This setting is available in the Atera console under the account settings. The default if false- meaning the end user can remove the Agent like any other program.
If you want to prevent this, you can set it to True. This will change a registry key that will block the uninstallation from the end device side.
If you want to remove the agent, you can still delete it through the Atera web console, or remove the agent locally on the device with SYSTEM user. Another option is editing the registry key that controls the uninstall prevention feature on the device.
We know that some software offers an uninstall password but it's not very common with RMM systems. If you would prefer an uninstallation password we'd love to hear your thoughts.3 -
@Yasmin from Atera If you delete an agent from the portal, does that send an uninstall command to the machine?
0 -
Really nice!! Thanks for implementing! :-)
2 -
Thanks for implementing.
like others I think an uninstall password might be safer as it prevents PUA's just setting the new registry key and removing atera.
1 -
I agree with @nathan. The other products I use (and have used) have passwords to secure the installation.
@nina and @Yasmin from Atera The uninstall prevention feature isn't working right now, so I can't test this, but bypassing and uninstalling the agent would look something like this in Powershell:
[Microsoft.Win32.Registry]::SetValue('HKEY_LOCAL_MACHINE\SOFTWARE\ATERA Networks\AlphaAgent','UninstallOverride','true',[Microsoft.Win32.RegistryValueKind]::String)
Restart-Service -Name AteraAgent -Force ; Get-CimInstance -ClassName CIM_Product -Filter "Name like 'AteraAgent'" | Invoke-CimMethod -MethodName 'Uninstall'With Atera's current solution to protect against agent uninstalls, I certainly wouldn't brand the feature as "securing" the agent. Adding a password would be a much better step in the direction of securing the agent.
If you want an example of using a password, you're already integrated with ESET. Check out their implementation of securing their management agent with a password.
0 -
@nina Is this a beta feature? It doesn't show up in our settings. Instead of Agents our settings menu lists Devices and the only option is for Retired devices.
When announcing new features please indicate whether they are in beta or general release. It's tiresome to poke around for a new feature that doesn't exist.
Suggesting that I change my company over to beta or preview of some sort to get early access does not interest me. I just want to know if it's general release or not before I go poking around looking for it.
0 -
@dfletcher I've had this happen with several features before. Sometimes Atera will release a feature into production but then pull it because it's not quite ready for primetime. I'm sure it will be back soon. But it was definitely not a beta feature.
0 -
I don't see the new feature either. also I wish atera would stop renaming things - one minute they are referred to as devices - the next they are called agents
new screen nina posted above
Retired devices - should be in a section called "Reporting" and renamed to "Not recently seen devices" because, just because it hasn't been switched on recently - does not mean it is retired it could be a laptop that is only used twice a year as a standby, but just should be excluded from certain patch compliance reports etc.
0 -
Retired devices - should be in a section called "Reporting" and renamed to "Not recently seen" because, just because it hasn't been switched on recently - does not mean it is retired it could be a laptop that is only used twice a year as a standby, but just should be excluded from certain patch compliance reports etc.
@nina ^^ this. It would also be great if retired devices weren't counted when generating invoices either (see this post)
1 -
Good suggestion. Thank you! I've passed this on internally.
0 -
Hi all!
Quick update: As you already pointed out in this discussion, we did have an issue with the uninstall prevention feature, so we’ve turned the toggle off. For now, you won’t see this option under the settings until the fix is uploaded.
FWIW We will redeploy the feature again with the new Agent version 1.8.5.7
Thank you again for your assistance in helping us troubleshoot the issue! Community for the win.
Nina
0 -
I have done and improved the wording for the suggested replacement to "Infrequent devices".
Please everyone go and vote for it here:-
and while you are at it, please add your votes too for proper retired devices support :-
1 -
Please, please, please - as I have said before, once you have announced a feature as available (as you did above) if it then gets pulled please too announce this in the "What's new section" under known issues, it is such a waste of time for us all to go looking for a feature - only to find that it is not there.
To be clear - I have absolutely no issue with you announcing something and then having to roll back - that is all good - just make sure you keep your customers informed.
3 -
Agreed. I will speak with the Product Team about this to see what we can do to better communicate this to our users.
1 -
I don't have:
"Go to Admin > Settings > Agents > "
…..but I have an agent that didn't install fully (splashtop service won't start, most files are missing from the Splashtop folder) and I can't uninstall Atera to fix it. Love when this sort of stuff happens when under pressure with deadlines.
Another half-baked Atera feature. I can't believe I'm saying this, but the Kaseya agent was 1000% better in managing the agent itself.0 -
Hi @AElliott,
I had a few agents a while ago that wouldn’t let me connect using splashtop because there was a version conflict with the Splashtop RMM. While it was not convenient, I got on the phone with the customer, used Anydesk to connect and fix Splashtop. You do have the option when connecting to clients with other choices such as TeamViewer, Anydesk, and Splashtop. I have used scripts in the Shared Library to send scripts through the agent that was working in the cmd prompt to also fix the Splashtop connection issue. Like I mentioned before it’s not a convenient solution, but as we know with a lot of remote connections, that can be a problem when it drops off.1
Topics
- All Topics
- 37 Getting started
- 21 Read before posting
- 8 Meet and greet
- 193 General
- 54 News and announcements
- Roadmap updates
- 54 Resources
- 8 Knowledge Base
- 8 Webinars
- 1 Shared Script Library
- 1 Blog
- 10 Pro Tips
- 25 Got an idea?
- 112 Remote Monitoring and Management
- 74 Remote Monitoring
- 23 Patch Management
- 78 Professional Services Automation
- 46 Helpdesk
- 15 Billing
- 16 Reporting
- 28 Integrations & add-ons
- 16 Integrations
- 9 Add-ons
- 79 Scripting and automations
- 48 Scripts
- 25 Automations