Windows - Software Lifecycle- Remove Automox Remote Control Application

What the Windows Remote Control remover does

This Automox Worklet™ removes the Automox Remote Control module from Windows endpoints. The Worklet targets every component the module ships with: the remotecontrold.exe service, the cloudflared tunneling agent (cloudflared.exe and the architecture-specific cloudflared-windows-amd64.exe / cloudflared-windows-386.exe / cloudflared-windows-arm64.exe binaries), the TightVNC Server, the dialog.exe operator prompt, and the configuration and log files under the module directory.

The removal flow is staged and idempotent. The Worklet stops the remotecontrold, cloudflared, and TightVNC processes, removes the remotecontrold and TightVNC Server services through Stop-Service and sc.exe delete, invokes the module's own uninstaller (remotecontrold.exe uninstall --conf=config.json), then uninstalls TightVNC via its registry UninstallString or msiexec.exe /x with the product code. After that it deletes binaries, the rc-module.log, rc-module-install-stdout.log, rc-stdout.log, rc-stderr.log files, the config.json, and the temp subdirectory under C:\Program Files\Automox\modules\rc.

The evaluation phase only detects components and never removes anything. You can scope the policy across a target group, review which endpoints come back non-compliant, and schedule remediation without disrupting a user who still has Remote Control actively in use.

Why remove Automox Remote Control from Windows endpoints

Remote access software left behind on an endpoint after the support workflow has moved on is the kind of loose end that turns up in a quarterly audit. The Automox Remote Control module installs a TightVNC Server, a remotecontrold service, and a cloudflared tunnel that together accept inbound sessions from the Automox console. When an organization migrates to a different remote support tool, retires the module from a subset of endpoints, or decommissions a host, those three components need to come off together. A half-removed module that still has remotecontrold.exe running and a TightVNC service registered is worse than a fully installed one, because nobody is monitoring it.

Running the cleanup through an Automox policy applies the same removal logic to a developer workstation and to a kiosk in a remote branch. The evaluation phase checks for the remotecontrold service, the TightVNC services, the cloudflared tunnel, and the module's files and registry entries; remediation only fires where at least one artifact is still present. The next compliance scan returns zero Remote Control components across the estate rather than the long tail of half-uninstalled hosts that follows a manual cleanup.

How Automox Remote Control removal works

1. Evaluation phase: The Worklet inspects the endpoint for any Remote Control artifact. It uses Get-Service to look for the remotecontrold, TightVNC Server, and TightVNCServer services, Get-Process to look for remotecontrold, cloudflared, tightvnc, and TightVNC processes, and Test-Path against C:\Program Files\Automox\modules\rc\ (and the (x86) equivalent on systems where the module installed there) for binaries (remotecontrold.exe, cloudflared.exe, cloudflared-windows-amd64.exe, cloudflared-windows-386.exe, cloudflared-windows-arm64.exe, dialog.exe), the config.json, log files (rc-module.log, rc-module-install-stdout.log, rc-module-remove-stdout.log, rc-stdout.log, rc-stderr.log), and tightvnc*.msi installers. It also queries HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall for any DisplayName matching TightVNC or Remote Control. If any artifact is present the script exits 2 (non-compliant); a clean endpoint exits 0.

2. Remediation phase: The remediation script runs Stop-Process -Force for remotecontrold and cloudflared, then Stop-Service plus sc.exe delete (with up to three retries) for the remotecontrold and TightVNC Server services. It invokes remotecontrold.exe uninstall --conf="config.json" to let the module clean up after itself, then pulls the TightVNC UninstallString from the uninstall registry hive and runs it (or falls back to msiexec.exe /x {ProductCode} /qn /norestart when only the product code is available). Remove-Item then deletes remotecontrold.exe, the cloudflared binaries, dialog.exe, the tightvnc*.msi installer, the rc-module logs, rc-stdout.log, rc-stderr.log, config.json, and the temp subdirectory. The script emits a JSON status object summarizing rcm_uninstall_success, vnc_uninstall_success, service_removed, files_removed, config_removed, temp_dir_removed, and overall_success, exiting 0 on success and 1 if any step failed.

Windows Remote Control removal requirements

• Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, or Windows Server 2022

• Local Administrator privileges on the endpoint (the default Automox agent context already meets this)

• PowerShell 5.1 or later with script execution permitted under the Automox agent's RemoteSigned policy

• Remote Control installed in the default module path under %ProgramFiles%\Automox\modules\rc (the Worklet also checks the (x86) Program Files location when the architectures differ)

• TightVNC uninstaller registered in the standard Windows uninstall registry hive (the Remote Control installer registers it by default)

• The Worklet does not search for Remote Control components installed outside the default Automox modules tree; relocated installs require a manual uninstall

Expected state after Remote Control removal

Once remediation completes, the endpoint has no Automox Remote Control footprint. Get-Service returns no remotecontrold, TightVNC Server, or TightVNCServer service. Get-Process returns no remotecontrold.exe, cloudflared.exe, or tightvnc instance. The C:\Program Files\Automox\modules\rc directory no longer contains Remote Control binaries, MSI installers, log files, or config.json, and the temp subdirectory is gone. The TightVNC entry under HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (and the WOW6432Node mirror) is removed, and Programs and Features no longer lists TightVNC.

Validate the result by running Get-Service remotecontrold, Get-Service 'TightVNC Server', and Get-Process remotecontrold from an elevated PowerShell prompt; each should return an error that the named item cannot be found. Confirm the module directory state with Test-Path 'C:\Program Files\Automox\modules\rc\remotecontrold.exe'. Open services.msc and Programs and Features for an end user view. The next scheduled evaluation of this Worklet will exit 0, the policy reports the endpoint as compliant, and remediation will not run again until a future install puts the module back on the host.