I have been working on a way to try and keep third party software such as Adobe and Java products up to date on all of our servers and workstations. We are now required to perform quarterly Vulnerability scans, one of which we use the Nessus scanner. The scans are loaded with Java, Adobe reader, flash player, air, and acrobat. The last scan showed up almost 100 computers with outdated versions of the software listed above.
I have implemented a GPO for java and adobe. The adobe reader GPO is a software installation with reader 9.3, then 9.3.2, then 9.3.3 .msi packages to upgrade over eachother. This has been working properly.
The adobe flash player gpo is the same thing, only it just installs 10.1 msi, which also has been working properly.
The Java update is similar, but under software installation I only have the version 6 update 21 msi package, no older versions. This also has been working properly, only all of the older versions all the way back to version 5 are still on the computers. I have not found a way to uninstall these old versions and have been doing it manually.
Now, with these GPOs it installs Java and Adobe on ALL workstations. I need to know what to do with Adobe Acrobat Reader Pro since only select users have this software (since its licensed). If I make another GPO with the packages Acrobat 9.0, 9.1, 9.2, 9.3, 9.3.1, 9.3.2, 9.3.3, all in the same gpo, it is going to install acrobat on reader on everyone PC. I need it to only install updates on users that have the software installed. How would one accomplish this?
Same with Adobe air, not everyone has it on their PC.