Procedure for Clean Uninstall of v0.0.15.0

[DarwinJS]

When I use the same elevated administrator user as I used to install, uninstall does not succeed.

What would be the procedure for a clean uninstall?

It would be great if there were a helper script to re-prepare server key files (only) for an uninstall.

[manojampalam]

What are the permissions on ssh_host_dsa_key? Is the error an artifact of some process using that file? Nothing should prevent an elevated admin from performing any operations on host keys.

[DarwinJS]

This was after a successful install of 0.0.15.0 using FixHostFilePermissions.ps1 - which successfully set the permissions during install.

So the new permissions model does not seem to allow for clean removal via direct deletes by an elevated admin.

Maybe another helper "RemoveHostFiles.ps1" ?

[bingbing8]

@DarwinJS After FixHostFilePermissions.ps1, the host keys should be owed by system or administrators group account and both are allowed full control. If you are member of admin group, you should be able to remove the key files. We are not able to repro from this side. Is there any chance the administrators group ace removed from the dcal after your previous installation or the inherited acls from parent chocolatey does not allow administrators group?
Can you list out the output of (Get-Acl "c:\Program Files\chocolatey\OpenSSH-Win64\ssh_host_dsa_key").Access?
Here is my output:

[manojampalam]

@DarwinJS can you dump the output of
icacls ssh_host_dsa_key

@bingbing8 please add explicit access to AdministratorsGroup as part of FixHostFilePermisssions. That should cover any corner case scenarios where any of the files originally did not have an explicit ACL for this group.

[DarwinJS]

@bingbing8 - this is the same Windows 7 machine where I ran the 0.0.15.0 install with the newer module files.
By the time this delete runs, the service has been removed (as it has already been in the below screenshot). This is a standard removal order so that the files can be removed without having the service exe locked.

Is there any problem if the ACLs for the service are still on the files when the service is removed (they don't show up below if they are)?

[bingbing8]

@manojampalam the file permissions are correct on Darwin's machine.
@DarwinJS can you find out if the file is locked by any other process?

[DarwinJS]

I can't reproduce this myself. So I am closing it. However, I am still having the problem in #758 with "The security identifier is not allow to be owner of this object" - so not sure if I will still be able to do a clean delete once that is fixed properly. Will open a new report if that happens.

[DarwinJS]

As per my updates to #758 I am not having that problem anymore either.