These instructions are useful when FortiEDR collectors are disconnected from FortiEDR Manager and there is a need to massively uninstall, re-install or upgrade the collectors.

Important note: Fortinet does not officially support using a Group Policy for Fortinet. The steps below should be used with caution.

The first step is to create the .bat file with the uninstall command:

1. Open a notepad and enter the following command:

msiexec.exe /x "GUID" /qn UPWD="Registration password" RMCONFIG=1 /l*vx log.txt 

For instructions on how to obtain the collector 'GUID' and Registration password, see Technical Tip: How to uninstall FortiEDR using the msiexec command.

2. Save the file as a .bat file.

On the Active Directory Server:

1. Open Group Policy Management.
2. Right-click on the required Organizational Units - OU (OUs where the computers needing the uninstallation belong to) and select Create a GPO in this domain and Link it here...

3. Assign a name to the GPO and select and select OK.
4. Right-click on the created Group Policy and select Edit.

5. On the Group Policy Management Editor, expand Policies -> Windows Settings and select Scripts (Startup/Shutdown).

6. Double-click on Startup to open Startup Properties.
7. Select Show Files... to locate the path to the SysVol folder and copy the .bat file into that location.

8. Back in Startup Properties, select Add and browse to the Sysvol folder and select the .bat file to add the script.

9. Select OK and Apply and OK.
10. Select Start -> Run to open the run dialog box and execute gpupdate /force.

On the Computers:

1. Wait for around 90 to 120 minutes (depending on the configuration on the server) for the GPO policy to apply to the computers or open cmd and execute gpupdate /force for an immediate update.
2. After the PC is restarted, the FortiEDR collectors will start uninstalling. The process will take a few minutes.