How to uninstall CA Privileged Identity Manager Agent from a Windows Machine?

Document ID : KB000044651
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

How to uninstall CA Privileged Identity Manager Agent from a Windows Machine?

Answer:  

There are cases in which un-installation of PIM (aka ControlMinder aka Access Control) agent in windows fails by throwing an error as below OR any other driver related errors.

                                                  3.PNG       

 

The below are the steps to do a complete-clean uninstall of the agent from Windows.

 

1. In registry go to: HKEY_CLASSES_ROOT\Installer\Products\CDAFB228040EC5F40AA08B5E852A6D61\Transforms, if the value is "1033.mst", change it to @1033.mst

2. Try to re-uninstall "AC Access Control" via Add/Remove Programs. Reboot  the machine if uninstall successful.

3. If error remains after #1,2, run uninstall with log file via command line.Looking at the log file will give some insights on why the uninstall is failing.

            >>  Msiexec.exe /x {822BFADC-E040-4F5C-A00A-B8E558A2D616} /l*v <log_file_name>

4. If AC was uninstalled successfully, please verify that all AC files have been removed from the Install folder:

    4.1 The default install folder "<Local Drive>:\Program Files\CA\AccessControl" no longer existed.

    4.2 Verify that the drivers binaries have been removed from Disk "<LocalDrive >:\Windows\System32\Drivers". verify that cainstrm.sys, drveng.sys and  seosdrv.sys are not there, otherwise remove them.

5. Verify that AC entry in registry has been removed:  HKLM\SOFTWARE\ComputerAssociates\AccessControl should not exist.  If it still exists please delete it.

6. Verify that all drivers services have been removed from the registry, make sure below entries no longer exists.

                    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cainstrm

                    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drveng

                    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seosdrv

If some driver service still exists in registry, please run the following in  command line:

                    >>  sc delete <driver name>

                   Where driver name can be: cainstrm, drveng or seosdrv.

After deleting the service verify in registry that it has really been  removed.

 

7. Verify that no AccessControl services in services.msc console.  i.e. CA Access Control Agent/Engine/Watchdog/Task Delegation/Report Agent/Policy Model)

If one of the services still exists  please remove it by running the following through command line:

                   >> sc delete <service name>

And then verify that the service has been removed from services view.

8. Reboot is required after uninstall was completed.