Tuesday, February 21, 2012

Disable Solidcore


Running solidcore you may run into a problem where you have to disable it with out using epo or the local CLI

Here are the steps.

Step 1.
Boot computer into Safe Mode(Press F5 before windows boot screen)
Step 2.
Open Registry (Start->Run->regedit)
Step 3.
Navigate to:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swin\Parameters]
Step 4.
Double-click DWORD RTEMode and change value to 0
Double-click DWORD RTEModeOnReboot and change value to 0


Reboot the computer and the agent should now be disabled.
Note:
Doing this will send out alerts to the central server.

No comments:

Post a Comment

KQL - Group Object Audits ADDS

This is a KQL written for Azure Sentinel. Purpose is to search for eventid from Active Directory Domain Services related to Group objects....