Hello everyone,
We are currently testing the forticlient 5.2. We used to install the forticlient in version 5.0.9 for which we had a template and it was working fine.
The 5.2 and now the 5.4 has been released and I guess it's time to check the new feature.
Unfortunately, i've installed a forticlient 5.2.5 which is registered with our firewall but i'm no longer able to uninstall this client.
Stop forticlient is "gray"
Unregistered is "gray"
I've also set the config : set forticlient-settings-lock disable but we are still having the same issue.
Do you have any idea ?
Many Thanks
Nick
When FortiClient is registered to a FortiGate or EMS, the client is locked. End user cannot shutdown FortiClient or uninstall it. By default, the end user can manually unregister from the FortiGate or EMS. But the administrator may disable unregister from the FortiGate or EMS.
The administrator can deregister the client from the FortiGate as follows:
- from the FortiOS GUI, right-click on the endpoint record and select "Unregister" from the shortcut menu
- from the FortiOS CLI, run the following commands:
diagnose endpoint registration list
diagnose endpoint registration deregister
The first CLI command provides the UID of registered clients (among other details). The UID is required as input for the second CLI command.
You can also deregister from the EMS GUI. Click the right mouse button on the endpoint record and select "Deregister" from the shortcut menu.
Hello kolawale,
Thnak you for your answer. So the only way to remove the forticlient is to plug the PC on the network and then deregister the forticlient from the fortigate.
It's working but If I remember right, I used to have a button to allow configuration change. A password was required but it was easier to remove or unregister the client.
How can I permit a user to change the configuration if he know the lock password ?
Thanks.
Nick
kolawale_FTNT Gold Member Total Posts : 143Scores: 10Reward points: 0Joined: 10/23/2012Status: offline[/ul] Re: Unable to unregister / uninstall / stop forticlient 2 days ago (permalink) 0 When FortiClient is registered to a FortiGate or EMS, the client is locked. End user cannot shutdown FortiClient or uninstall it. By default, the end user can manually unregister from the FortiGate or EMS. But the administrator may disable unregister from the FortiGate or EMS. The administrator can deregister the client from the FortiGate as follows: - from the FortiOS GUI, right-click on the endpoint record and select "Unregister" from the shortcut menu - from the FortiOS CLI, run the following commands: diagnose endpoint registration list diagnose endpoint registration deregister The first CLI command provides the UID of registered clients (among other details). The UID is required as input for the second CLI command. You can also deregister from the EMS GUI. Click the right mouse button on the endpoint record and select "Deregister" from the shortcut menu. Answer Helpful Report AbuseForward Quote #2 nicoco59 Quick Reply: (Open Full Version) Paragraph Font Family Font Size Path: p Preview Submit Post Home » All Forums » [link=https://forum.fortinet.com/tt.aspx?forumid=121][Other Fortinet Products][/link] » FortiClient » Unable to unregister / uninstall / stop forticlient Jump to: Jump to - - - - - - - - - - [FortiGate / FortiOS UTM features] - - - - AntiVirus - - - - Application Control - - - - Data Leak Prevention (DLP) - - - - Email filtering (AntiSPAM) - - - - Former Content Management Forum - - - - Intrusion Detection & Prevention - - - - Web Filtering [Fortinet Beta Programs] - - - - Beta Message Board [Fortinet Services] - - - - FortiCloud Threat Detection Service [Other FortiGate and FortiOS Topics] - - - - Firewall - - - - Log & Report - - - - Miscellaneous -- FortiOS and FortiGate - - - - New Features -- FortiOS - - - - Routing and Transparent Mode - - - - System settings - - - - User and Authentication - - - - VPN [Other Fortinet Products] - - - - AscenLink - - - - Coyote Point - - - - FortiAnalyzer - - - - FortiAP - - - - FortiAuthenticator - - - - FortiBalancer - - - - FortiBridge - - - - FortiCache - - - - FortiCamera & FortiRecorder - - - - FortiCarrier - - - - FortiClient - - - - FortiConverter - - - - FortiCore - - - - FortiDB - - - - FortiDDOS - - - - FortiDirector - - - - FortiDNS - - - - FortiExplorer - - - - FortiGuard - - - - FortiMail - - - - FortiManager - - - - FortiPlanner - - - - FortiSandbox - - - - FortiScan - - - - FortiSwitch - - - - FortiToken - - - - FortiVoice - - - - FortiWeb - - - - FortiWiFi [Forum Information & Miscellaneous Topics] - - - - Forum News - - - - Ideas for Forum Site - - - - Fortinet Cookbook - - - - Knowledge Base - - - - Technical -- non-FortiOS - - - - Miscellaneous -- non-technical © 2015 APG vNext Commercial Version 5.5 Latest Posts Re: No Traffic logs visible and No matching log data in FortiAnalyzer 1000B FortiAnalyzer not generating any reports Re: strange DNS traffic Re: Fortimanager - FSSO User Groups Fortiweb400C do not generate Attack report Re: FortiCloud Sandbox - Cannot see details of "High Risk" files, alert emails not receive Fortimanager - FSSO User Groups Daily Limit reached with one Fortigate Re: web pages won't open through fortiap on a laptop and some mobile phones Re: No Traffic logs visible and No matching log data in FortiAnalyzer 1000B [/ul] Active Posts FortiOS v5.2.4 is out(Unstable GUI, Bad SSLVPN).... System tab missing in Chrome Device based rule in 3 tier network with intervlan routing switch at distribution level Fortigate IPSec VPN and iOS9 Root-CA Import for SSL-Inspection Installation failed: service FortiShield failed to start. Traffic with "Source Interface unknown-0" form the wireless connection. A lot of bugs in FortiPlanner v2 Fortinet CPU and Memory unable to restore settings and "Registering to Fortigate" popup loop [/ul] All FAQs New features : Changing your email, screen name & username New features: Private Messaging New features: Marking posts as 'Answer' or 'Helpful'. Using 'Report Abuse' and Ticket List [/ul] kolawale_FTNTHi nicoco59, I had same problem and I found a solution.
You used a .config file (or .xml file) with a locked password with this command line : "%programfiles(x86)%\Fortinet\Forticlient\fcconfig.exe" -m all -f ".\config.conf" -o import -i 2 -q
Inside .conf file I had a password to lock Forticlient. So I couldn't do nothing. Uninstall and update forticlient either.
Solution : I used this command line to unlock Forticlient on my machine :
"%programfiles(x86)%\Fortinet\Forticlient\fcconfig.exe" -m all -f ".\config.conf" -o import -i 2 -k <password> -q
I used the same .conf file with a password inside, but I unlock with -k command line.
For more information about fcconfig.exe :
"%programfiles(x86)%\Fortinet\Forticlient\fcconfig.exe" -h
Forticlient will be unlocked completely.
I hope to help you. Best Regards,
Yeah I was thinking the same. I'm sure if you re-import the non-register configuration that should revert the FClient.
PCNSE
NSE
StrongSwan
emnoc wrote:Yeah I was thinking the same. I'm sure if you re-import the non-register configuration that should revert the FClient.
Unfortunately this does not work as expected. While KarimAW's instructions to import and export the configuration settings is correct, when you import a configuration from a non-registered FC, it still stays registered. It doesn't seem to unregister the device, even on reboot. However, when I import a configuration with Fortigates in the configuration to FC that is not registered, it will register for me. I'm looking for an easy way to batch uninstall all FC clients so I can install the latest version 5.4.0. I have a script to run to uninstall all FC clients but it will fail if the FC client is registered to my fortigate.
I could unregister the clients from fortigate but this is an extra time consuming step, I'd like this all scripted on the client end. Also, using IE11 or Chrome with FortiGate firmware 5.2.4 build688, I am unable to "unregister" any FC devices in the GUI, I am not given a context menu when right clicking on the registered client.
Anyone else find an easy way to unregister FC remotely through script or GPO?
Solved: Uninstall or GPO shutdown script:
**********************************************************************
if not exist c:\windows\control md c:\windows\control
if not exist “%programfiles(x86)%\Fortinet\FortiClient\quarantine” goto finito “%programfiles(x86)%\Fortinet\Forticlient\fcconfig.exe” -m all -f “\\server\NETLOGON\Program\FortiClient_No_antivirus\No_password.conf” -o import -k password -q echo %errorlevel% > c:\windows\control\FortiClient_deleted.txt wmic product where name=”FortiClient” call uninstall /nointeractive >> c:\windows\control\FortiClient_deleted.txt echo %errorlevel% >> c:\windows\control\FortiClient_deleted.txt :finito ********************************************************************* Install or GPO startup script:
********************************************************************* If not exist c:\windows\control\FortiClient_deleted.txt goto finito msiexec /i “\\server\NETLOGON\Program\FortiClient_No_antivirus\FortiClient.msi” /q TRANSFORMS=”\\server\NETLOGON\Program\FortiClient_No_antivirus\FortiClient.mst” /L c:\windows\control\FortiClient_rewrited.txt :finito ****************************************************************** When the computer is restarted, then is rewritten FortiClient version .
dtellier wrote:Anyone else find an easy way to unregister FC remotely through script or GPO?
Solved: Uninstall or GPO shutdown script: (script removing full FortiClient version) ********************************************************************** if not exist c:\windows\control md c:\windows\control if not exist “%programfiles(x86)%\Fortinet\FortiClient\quarantine” goto finito “%programfiles(x86)%\Fortinet\Forticlient\fcconfig.exe” -m all -f “\\server\NETLOGON\Program\FortiClient_No_antivirus\No_password.conf” -o import -k password -q echo %errorlevel% > c:\windows\control\FortiClient_deleted.txt wmic product where name=”FortiClient” call uninstall /nointeractive >> c:\windows\control\FortiClient_deleted.txt echo %errorlevel% >> c:\windows\control\FortiClient_deleted.txt rem after "wmic .... uninstall" command computer restarts :finito ********************************************************************* Install or GPO startup script: (Script installing only FortiClient VPN) ********************************************************************* If not exist c:\windows\control\FortiClient_deleted.txt goto finito
if exist c:\windows\control\FortiClient_rewrited.txt type c:\windows\control\FortiClient_rewrited.txt | find /i "FortiClient -- Installation completed successfully." if %errorlevel% == 1 msiexec /i “\\server\NETLOGON\Program\FortiClient_No_antivirus\FortiClient.msi” /q TRANSFORMS=”\\server\NETLOGON\Program\FortiClient_No_antivirus\FortiClient.mst” /L c:\windows\control\FortiClient_rewrited.txt :finito ****************************************************************** When the computer is restarted, then is rewritten FortiClient version.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.