Solved

How to upgrade Adobe Acrobat only on workstations that have it, via a GPO?

Posted on 2010-08-17
8
385 Views
Last Modified: 2012-05-10
I have been working on a way to try and keep third party software such as Adobe and Java products up to date on all of our servers and workstations. We are now required to perform quarterly Vulnerability scans, one of which we use the Nessus scanner. The scans are loaded with Java, Adobe reader, flash player, air, and acrobat. The last scan showed up almost 100 computers with outdated versions of the software listed above.

I have implemented a GPO for java and adobe. The adobe reader GPO is a software installation with reader 9.3, then 9.3.2, then 9.3.3 .msi packages to upgrade over eachother. This has been working properly.
The adobe flash player gpo is the same thing, only it just installs 10.1 msi, which also has been working properly.
The Java update is similar, but under software installation I only have the version 6 update 21 msi package, no older versions. This also has been working properly, only all of the older versions all the way back to version 5 are still on the computers. I have not found a way to uninstall these old versions and have been doing it manually.

Now, with these GPOs it installs Java and Adobe on ALL workstations. I need to know what to do with Adobe Acrobat Reader Pro since only select users have this software (since its licensed). If I make another GPO with the packages Acrobat 9.0, 9.1, 9.2, 9.3, 9.3.1, 9.3.2, 9.3.3, all in the same gpo, it is going to install acrobat on reader on everyone PC. I need it to only install updates on users that have the software installed. How would one accomplish this?
Same with Adobe air, not everyone has it on their PC.
0
Comment
Question by:NoneProfit
8 Comments
 

Author Comment

by:NoneProfit
Comment Utility
To summarize, I need to know:

- How to push updates via a GPO that will only upgrade the software if it is on a workstation and not install the full software

- How to uninstall older versions of Java from a group of computers

0
 

Author Comment

by:NoneProfit
Comment Utility
Adobe only provides an msi package for adobe air 1.0. The latest version you can only download an exe file.
0
 

Author Comment

by:NoneProfit
Comment Utility
Can you push out a .exe install via a gpo software package? Or does it have to be an msi?
0
 
LVL 15

Accepted Solution

by:
vahiid earned 250 total points
Comment Utility
You can create a security group and put all the users who need Adobe Acrobat Pro in that group, and create a security filtering on the Adobe Acrobat Pro install GPO to only apply to this group.

You can only use MSI in GPO installs. There are tools in converting EXE to MSI, but your best option is would be to apply a vbs script to the GPO and run the exe to run from there, as those conversions might not always work. If still prefer the MSI method, have a look at this program: http://www.advancedinstaller.com

Vahid


0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 11

Expert Comment

by:asian_niceguy
Comment Utility
when you run the AIr installer manually, leave the installer open. It will extract the files needed including the MSI. Search for recent MSI files, include hidden folders, and you will find the AIR msi file. This can be applied to most EXE installations
0
 
LVL 42

Expert Comment

by:Davis McCarn
Comment Utility
I like vahiid's solution of creating a group for the Acrobat Pro users; but, would also mention that a little, old fashioned MS-Dos might help you.  In a BAT file, do
IF EXIST "C:\Program Files\Adobe\(some file only part of Pro) THEN ......
You could use the same testing to locate and uninstall older versions of Java; though these would best be run as machine STARTUP jobs so they would have permissions to modify the HKLM registry and delete files in the Windows folder.
0
 
LVL 42

Assisted Solution

by:Davis McCarn
Davis McCarn earned 250 total points
Comment Utility
Rats, I forgot to add a great utility I found a few moths ago.  It's called universal extractor and will let you pull the MSI's out of installer executables: http://www.legroom.net/software/uniextract
0
 

Author Closing Comment

by:NoneProfit
Comment Utility
Davis that program is awesome!! thanks guys!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video teaches viewers about errors in exception handling.
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now