Previous Topic: Prevent Unauthorized Changes to the Internet Explorer Add-on ListNext Topic: Prevent Unauthorized Changes to CA DLP Services

Endpoint Integration GuideEndpoint HardeningPrevent Unauthorized Uninstallation of CA DLP

Prevent Unauthorized Uninstallation of CA DLP

By default, CA DLP is installed in such a way that users can view, modify, or remove the endpoint using the standard Windows utility ‘Add or Remove Programs’. However, CA DLP ships with a sample Microsoft Installer transform script that prevents the user from invoking 'Add or Remove Programs' to modify or uninstall the endpoint.

For command line, Group Policy or SMS installations, you can use a transform to prevent users from uninstalling CA DLP with the Add/Remove Programs utility. The ClientLockDown.mst transform disables the Change and Remove buttons when a user selects CA DLP in the Add/Remove Programs dialog.

Follow these steps:

  1. Find the ClientLockDown.vbs script in the \Support folder of your CA DLP distribution media.
  2. Run the script.

    It creates the ClientLockDown_Client.mst (or ClientLockDown_Client_x64.mst) transform.

  3. Copy the transform into the folder containing your administrative installation source image.
  4. When you install the client, also deploy the ClientLockDown_Client.mst transform. 
    msiexec /i path\client.msi ARPSYSTEMCOMPONENT=1 TRANSFORMS=path\ClientLockDown_Client.mst