IBM Unified Device ManagementSecuring Your World

17 July 2015Jason Cordell – Sales Engineer – Endpoint and Mobility Management

Automatic and Controlled Removal of Unused Software

Leverage Lifecycle Management and Software Use Analysis

Automatic Removal of Unused Software

July 2015

2

Issue

When discussing SUA with customers, both technical folks, managers and executives, they are often very happy with the capability of knowing which licensed software is deployed but isn’t being used within their organization.

This is almost always followed up by someone asking if we can automatically uninstall the unused software. My standard response is that we can do this, but the content doesn’t exist out of the box. This is frequently a big let down for them.

This is an important capability that is missing from our bag of tricks.

Automatic Removal of Unused Software

July 2015

3

SolutionBy leveraging the application usage data from SUA that is stored locally on each client, we can identify applications that haven’t been used in X days.

We can then use the inherent goodness of BigFix to remove the software automatically. We can even skip systems that should be excluded from this process.

This solution is designed to deal with this problem from an individual application perspective – we aren’t going to start blindly ripping a lot of apps off the machines.

This is a very straight forward solution that will be easy to implement and bring a lot of value to the customer.

Automatic Removal of Unused Software

July 2015

4

Use CaseThe use case for this demonstration is to identify systems that have Microsoft Visio Professional 2013 installed that haven’t used it in 90+ days and automatically remove it.

AssumptionsThere are some assumptions that I am making. The biggest one is that there is a fixlet that will properly perform the uninstall. If they are using BigFix to deploy software – which they probably are or will be once we sell it to them, then this fixlet will exist.

I am also assuming that SUA scans are enabled and running within the environment. For us to be completely sure that the software hasn’t been used in 90+ days, the customer would need to have SUA scans running for 90 days before implementing this.

Automatic Removal of Unused Software

July 2015

5

High Level DetailsTo properly identify systems that have software installed that isn’t being used, there are a couple of things that we need to do.

1. Verify that the application is installed2. Verify that the app isn’t listed in the SUA app usage file as being used within the last 90 days3. Verify that the install date of the application is more than 90 days ago

All of this is done through relevance and systems that match the above criteria will be placed into an automatic group (Group 1).

Next we need to create a manual group for the systems that should be excluded from this process (Group 2).

The final step to identifying the systems that haven’t used it and that can have it removed is to create another automatic group (Group 3) that is simply the delta of Group 1 and Group 2.

Automatic Removal of Unused Software

July 2015

6

High Level Details - continuedNow that we have the systems with unused Visio properly identified, we can leverage the existing fixlet to uninstall Visio by enabling a policy action against Group 3.

As the customer begins to implement more of these types of actions, we can simply throw all of these Group 3s into another automatic group and then leverage a baseline of all of the uninstalls against this “master” group.

Automatic Removal of Unused Software

July 2015

7

Technical DetailsLet’s talk about the specifics on how this truly works. The key logic for all of this inside Group 1.

Group 1 – Visio is Installed and Not used in 90 daysThis group relies upon three relevance queries to evaluate to True.

Relevance 1This relevance query will look in the Add/Remove programs area of the registry to see if the app is listed there.

Relevance 2This relevance query will look in the app_usage_data file from SUA to check for a couple of things.

•Visio.exe is listed there and it shows not being used for 90+ days•Visio.exe is not listed there at all.

This will allow the solution to work properly even if the application is installed but has never been launched.

Relevance 3This relevance query will look for the date that the app was installed. This will ensure that an application that has been installed – but never used – will not be uninstalled before the 90 day mark. This is a key piece of protection.

Automatic Removal of Unused Software

July 2015

8

Technical Details - continuedGroup 2 – Exemptions to the automated Visio removal policy

This is simply a manual group. When systems are identified as being allowed to keep an application installed even if they hardly ever (or never) use it should be placed in this group.

Group 3 – Systems that we can automatically remove Visio from if they don’t use it.

This is an automatic group that is simple the delta of Group 1 and Group 2

Automatic Removal of Unused Software

July 2015

9

Technical Details - continued

Now we can automatically identify systems that aren’t using Visio and we can automatically uninstall it and allow for exemptions.

From here we can simply create a Policy action – pointed dynamically to Group 3 above that will uninstall the application using the Visio Uninstall fixlet that has already been validated to function properly.

As the customer grows this implementation, they could easily throw the desired uninstall fixlets into a baseline and leverage a policy action from there. Again – controlled, predictable and repeatable actions.

Automatic Removal of Unused Software

July 2015

10

ScreenshotsHere we can see that we have two systems that haven’t used Visio in 90+ days.

This is a system that has been excluded from the automatic uninstalls.

This is a list of the systems that will have Visio uninstalled automatically. Again, this group is simply the delta of the other two groups.

Group 1

Group 2

Group 3

Automatic Removal of Unused Software

July 2015

11

ScreenshotsI can see here that both of the systems that have Visio installed are applicable to the Uninstall fixlet. If this fixlet doesn’t exist in the customer’s environment, they can easily leverage the Software Distribution dashboard to create it.

This is the policy action that I could enable to automatically remove Visio from systems that have not used it in 90+ days and are not on the exemptions list.

Automatic Removal of Unused Software

July 2015

12

Relevance QueriesHere are the contents of the relevance queries that I used in Group 1.

(exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.VISPRO" whose (exists values whose(name of it = "DisplayName" AND it as string as lowercase = "Microsoft Visio Professional 2013" as lowercase ) of it) of registry)

(exists lines whose ((((preceding text of first ";" of following text of first ";" of it) as time) <= (now - 90*day)) and ((preceding text of first ";" of it) as lowercase = "visio.exe")) of file "C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\CIT\app_usage_data" or not exists lines whose ((preceding text of first ";" of it) as lowercase = "visio.exe") of file "C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\CIT\app_usage_data")

(value "InstallDate" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109150000000000000000F01FEC\InstallProperties\" of native registry) as integer <= (((year of it as string & month of it as two digits & day_of_month of it as two digits) of date (local time zone) of it) of (now - 90*day)) as integer

Automatic Removal of Unused Software

July 2015

13

SummaryThis solution will fill an important gap that we currently have with SUA and BigFix. Until now, we could automatically tell them which apps aren’t being used, but we couldn’t automatically leverage that information. Now we can.

This will allow customers to easily implement a process to automatically remove applications that aren’t being used. This relevance for this can easily be modified to look for any other application. This solution will provide controlled, predictableand repeatable actions – again this highlights the tremendous power of BigFix.

This solution isn’t designed for massive numbers of automated uninstallations, but can easily scale to 50-75 or so applications – maybe even 100 before you start seeing an impact.

The customer can easily take these individual groups/actions and build a baseline to easily manage this from an enterprise perspective. This process can easily fit into an existing Change Management process.

One of the side benefits of this type of solution is that this shows the customer the true power and flexibility of BigFix and hopefully begins to get them to think outside of the box. This is where we can truly dominate our competition.

Before I could only say “we could do this”. Now I can clearly change this to “we can do this, let me show you how”.