Endpoint Integration Guide › Endpoint Hardening › General Hardening Recommendations › Prevent Unauthorized Uninstallation of CA Data Protection

Prevent Unauthorized Uninstallation of CA Data Protection

By default, CA Data Protection is installed in such a way that users can view, modify, or remove the endpoint using the standard Windows utility ‘Add or Remove Programs’. However, CA Data Protection ships with a sample Microsoft Installer transform script that prevents the user from invoking 'Add or Remove Programs' to modify or uninstall the endpoint.

For command line, Group Policy or SMS installations, you can use a transform to prevent users from uninstalling CA Data Protection with the Add/Remove Programs utility. The ClientLockDown.mst transform disables the Change and Remove buttons when a user selects CA Data Protection in the Add/Remove Programs dialog.

Follow these steps:

1. Find the ClientLockDown.vbs script in the \Support folder of your CA Data Protection distribution media.
2. Run the script.

   It creates the ClientLockDown_Client.mst (or ClientLockDown_Client_x64.mst) transform.

3. Copy the transform into the folder containing your administrative installation source image.
4. When you install the client, also deploy the ClientLockDown_Client.mst transform.

   msiexec /i path\client.msi ARPSYSTEMCOMPONENT=1 TRANSFORMS=path\ClientLockDown_Client.mst