0

One of the business critical applications for us is powered by Adobe Flash. Naturally, this comes with plenty of associated problems.

The company wide browser in use is Google Chrome. We run a Windows Server 2008 domain environment with Windows 7 clients.

The biggest problem we have is the very frequent roll-out of updates for Flash, and Chrome disables Flash until the update is performed.

Naturally, you can imagine my frustration as the Domain admin and I need to implement a long term solution.

Considering the following constraints:

  • Users obviously do not have local admin/power user rights to install software
  • We run a UTM firewall that blocks EXE files for users (for obvious reasons)
  • It would be impractical for me to make my way round every PC, every couple of days, manually updating Chrome's flash plug in

How would it be best to automate these updates?

I imagine something like a Group Policy software installation policy, that runs on start up (to avoid restricted user perms), but any advice from more seasoned domain admins than myself would be gratefully received.

Thank you.

George
  • 383
  • 1
  • 5
  • 17
  • Have you seen the Chrome for Business docs? http://www.google.com/intl/en/chrome/business/browser/ – jscott Mar 06 '13 at 12:12

1 Answers1

1

Deploy the Google Chrome MSI through your usual software deployment process, turn off automatic updates using Google's ADM/ADMX template, and then subscribe to the Chrome Releases blog so you will know when you need to deploy a new security update.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Thank you for your reply. I assume from your answer then, that the Flash plugin updates cannot be managed separately, and instead it is best to update Chrome as a whole as and when? – George Mar 06 '13 at 12:40
  • 1
    Right. Chrome bundles its own version of Flash Player (on Windows) and so you're stuck with it. It's kind of annoying, but even if they didn't, you'd be updating Flash all the time instead... – Michael Hampton Mar 06 '13 at 12:47
  • A bit annoying, agreed - but at least now I know a great solution. Thank you :-) – George Mar 06 '13 at 13:03
  • Michael - a couple of extra questions if I may. I have deployed Chrome through a GPO, it has installed fine. You mention rolling manual updates out - I have tried this but I have a problem. I have tried deploying a second (newer) version of the MSI using the upgrade feature in the GPO. This seems to be failing with a 1722 error. Would it be best to deploy like this, or to just replace the original MSI file with the update, or to delete/recreate the package in the GPO? – George Mar 08 '13 at 15:33
  • That should be a new question, I think. – Michael Hampton Mar 08 '13 at 20:04
  • For completeness, here is this follow up question: http://serverfault.com/questions/490058/correct-way-to-update-google-chrome-msi-through-group-policy – George Mar 21 '13 at 14:10