How to upgrade Adobe Acrobat only on workstations that have it, via a GPO?

I have been working on a way to try and keep third party software such as Adobe and Java products up to date on all of our servers and workstations. We are now required to perform quarterly Vulnerability scans, one of which we use the Nessus scanner. The scans are loaded with Java, Adobe reader, flash player, air, and acrobat. The last scan showed up almost 100 computers with outdated versions of the software listed above.

I have implemented a GPO for java and adobe. The adobe reader GPO is a software installation with reader 9.3, then 9.3.2, then 9.3.3 .msi packages to upgrade over eachother. This has been working properly.
The adobe flash player gpo is the same thing, only it just installs 10.1 msi, which also has been working properly.
The Java update is similar, but under software installation I only have the version 6 update 21 msi package, no older versions. This also has been working properly, only all of the older versions all the way back to version 5 are still on the computers. I have not found a way to uninstall these old versions and have been doing it manually.

Now, with these GPOs it installs Java and Adobe on ALL workstations. I need to know what to do with Adobe Acrobat Reader Pro since only select users have this software (since its licensed). If I make another GPO with the packages Acrobat 9.0, 9.1, 9.2, 9.3, 9.3.1, 9.3.2, 9.3.3, all in the same gpo, it is going to install acrobat on reader on everyone PC. I need it to only install updates on users that have the software installed. How would one accomplish this?
Same with Adobe air, not everyone has it on their PC.
NoneProfitAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
vahiidConnect With a Mentor Commented:
You can create a security group and put all the users who need Adobe Acrobat Pro in that group, and create a security filtering on the Adobe Acrobat Pro install GPO to only apply to this group.

You can only use MSI in GPO installs. There are tools in converting EXE to MSI, but your best option is would be to apply a vbs script to the GPO and run the exe to run from there, as those conversions might not always work. If still prefer the MSI method, have a look at this program: http://www.advancedinstaller.com 

Vahid


0
 
NoneProfitAuthor Commented:
To summarize, I need to know:

- How to push updates via a GPO that will only upgrade the software if it is on a workstation and not install the full software

- How to uninstall older versions of Java from a group of computers

0
 
NoneProfitAuthor Commented:
Adobe only provides an msi package for adobe air 1.0. The latest version you can only download an exe file.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
NoneProfitAuthor Commented:
Can you push out a .exe install via a gpo software package? Or does it have to be an msi?
0
 
asian_niceguyCommented:
when you run the AIr installer manually, leave the installer open. It will extract the files needed including the MSI. Search for recent MSI files, include hidden folders, and you will find the AIR msi file. This can be applied to most EXE installations
0
 
Davis McCarnOwnerCommented:
I like vahiid's solution of creating a group for the Acrobat Pro users; but, would also mention that a little, old fashioned MS-Dos might help you.  In a BAT file, do
IF EXIST "C:\Program Files\Adobe\(some file only part of Pro) THEN ......
You could use the same testing to locate and uninstall older versions of Java; though these would best be run as machine STARTUP jobs so they would have permissions to modify the HKLM registry and delete files in the Windows folder.
0
 
Davis McCarnConnect With a Mentor OwnerCommented:
Rats, I forgot to add a great utility I found a few moths ago.  It's called universal extractor and will let you pull the MSI's out of installer executables: http://www.legroom.net/software/uniextract
0
 
NoneProfitAuthor Commented:
Davis that program is awesome!! thanks guys!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.