• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0

Users Prompted to Manually Install 11.4 Despite Policy Automatic Silent Updates

Community Beginner ,
Aug 22, 2012 Aug 22, 2012

Copy link to clipboard

Copied

Updates wre working fine silently until the last couple of weeks.  Now users are being promoted to manually install the latest update.

Some users are getting prompts saying they need to log in with adminstrator credentials to install it even though they already are.

Other users are not noticing the options to install Chrome and set their homepage to Google were preselected and didn't unselect it and then call the company help desk for help resetting their home page.

How can this be stopped and have updates to 11.4 install silently and not install Chrome or change IE settings?

Views

15.9K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Aug 22, 2012 Aug 22, 2012

Copy link to clipboard

Copied

For regularly scheduled, major updates (like 11.4), users will be presented with a dialog allowing them to read about the new features available.  They then have the option to download and update immediately.  As you noted, the user does need admin privileges to install these updates. 

You have the option to delay the update, in which case the silent auto update service will take kick in automatically either 30 days after release or sooner if a security patch becomes available.  In this case, the install does not need admin privileges.

Thanks,

Chris

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Aug 22, 2012 Aug 22, 2012

Copy link to clipboard

Copied

That is not a good system.  We need users to not be prompted to install Flash regardless of whether it is a major update.  That's why we configured the systems to install without prompting.  The users end up accidently installing undesired software and making system changes that are piggy backed onto the Flash install by default. 

How to we get around this? 

Do we need to set the computers to never update and push the updates out manually each time?

Silent should be always silent without exception.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Aug 22, 2012 Aug 22, 2012

Copy link to clipboard

Copied

This is possible to do in an enterprise environment.  To deploy 11.4 via the silent auto update, you'll need to setup a server internally.  Please see our 11.4 admin guide (page 19) for details.  In addition, I'd recommend reading this blog post.

http://blogs.adobe.com/spohl/2012/04/24/it-admin-deploying-flash-playe r-via-background-updater/

You'll also want to make sure that you've signed our distribution agreement, if you haven't already. 

http://www.adobe.com/products/players/flash-player-distribution.html

Thanks,

Chris

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Aug 22, 2012 Aug 22, 2012

Copy link to clipboard

Copied

We already had silent updates configured and working with 11.2 and 11.3.  We simply deployed a preconfigured mms.cfg file to our workstations that was set to install updates silently.  It worked fine until the 11.4.update.

Why would we need a server for 11.4 if we did not for 11.3 and our workstations do have Internet access or they would not have recived the prompt to install 11.4 manually? 

Is there some way to simply configure the mms.cfg file so it installs Flash updates silently even if it is a "major" update?

It seems the server described in the link is designed to push updates to workstations that do not have access to the Internet, but that is not our issue.

The issue is that users are prompted to install 11.4 (along with unwanted add-ons) when we have configured the updates just install in the background with no user prompts.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Aug 22, 2012 Aug 22, 2012

Copy link to clipboard

Copied

So I won't be silently updated to 11.4. I haven't been notified either. Guidance please.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Aug 22, 2012 Aug 22, 2012

Copy link to clipboard

Copied

Notification can take up to 7 days, and on Windows will appear after your system has been restarted.  If you'd like to immediately update, simply go to http://get.adobe.com/flashplayer and run through the installer.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Aug 24, 2012 Aug 24, 2012

Copy link to clipboard

Copied

... I haven't been notified either...

It'd appear it's not taking the full 7 days period to be notified as it did with version 11.3. I just rebooted the machine and was prompted inmediatelly thereafter. Do so now or go to http://get.adobe.com/flashplayer and install it manually from there.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Aug 24, 2012 Aug 24, 2012

Copy link to clipboard

Copied

RickCP wrote:

... I haven't been notified either...

It'd appear it's not taking the full 7 days period to be notified as it did with version 11.3. I just rebooted the machine and was prompted inmediatelly thereafter. Do so now or go to http://get.adobe.com/flashplayer and install it manually from there.

The prompts have only been appearing after a reboot, so computers that were not rebooted don't see the prompt to install manually.

Message was edited by: web1c

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Aug 24, 2012 Aug 24, 2012

Copy link to clipboard

Copied

web1c wrote:

The prompts have only been appearing after a reboot, so computers that were not rebooted don't see the prompt to install manually.

That's correct! When the update is made available for the notification updater only (i.e. not for the  Background Updater which is set to a 24 hour update check interval), the check interval defaults to 7 days. The notification updater also requires you to reboot your system before it displays the notification.

Another element to remember about the notification updater is that it only updates one Player at a time (a shortcoming that was addressed in the Background Updater). The Player that will be updated first is the last one to perform an update check. The other Player (if installed) will check again based on the default interval of 7 days. Once you reboot your system after this second check has occurred, both types of Flash Player will have been updated.

So at the end, you (your users) may probably see "2 notifications" - - (depending on how many players/browsers you're using).

Also note that there is a time window after which quarterly updates to Flash Player are then made available for the Background Updater (currently 30 days). This means that if you didn’t get notified for both types of Flash Player installed on your system in 30 days, the remaining Players that weren’t updated yet will be updated silently by the Background Updater (if enabled).

SOURCE: Courtesy of Mr. Stephen Pohl via his BlogPost (Comments) here >

Post - Hello, Adobe Flash Player Background Updater (Windows)! > http://blogs.adobe.com/spohl/2012/03/30/hello-adobe-flash-player-background-updater-windows/

Hope this helps

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Aug 24, 2012 Aug 24, 2012

Copy link to clipboard

Copied

Please note that even if you have been enrolled into the Background Updater to receive 'silent updates', NOT all updates going forward shall be completely silent (as with current version 11.4 over previous version 11.3 - same as it happened back in June when v11.3 was released as an upgrade of previous v11.2, and same situation shall probably be repeated in the future with next upgrade 11.5), even if you have already agreed to allowing background updates.

Because of the requirement of previous acceptance of new terms of use in respect of new feature releases, scheduled updates, new builds and/or version upgrades, Adobe shall/may need to "notify" users before an installation can be performed.

On a case-by-case basis for this type of releases Adobe may use the notification mode. However, please note that Adobe could apply a zero-day patch without requiring end-user confirmation, as long as the user has agreed to receiving background updates.

You may find some more info about Flash updates mechanism in this other thread of mine >

http://forums.adobe.com/thread/1025067?tstart=0

Additionally, If you had enrolled into the Background Updater since it was first introduced with version 11.2, your logs should show similar info as:

*Upgrade 11.2.202.228 released 03-28-2012 prompted to install 04-05-2012,

- Update 11.2.202.233 released 04-13-2012 silently installed 04-14-2012,

- Update 11.2.202.235 released 05-04-2012 silently installed 05-04-2012,

*Upgrade 11.3.300.257 released 06-08-2012 following a reboot - prompted to install 06-17-2012 [1] for the Firefox Plugin. Following a second reboot thereafter - prompted to install 06-26-2012 [1] IE ActiveX,

- Update 11.3.300.262 released 06-23-2012 silently installed 06-23-2012 - for the Firefox Plugin 'only',

- Update 11.3.300.265 released07-11-2012 silently installed07-22-2012[2],

- Update 11.3.300.268 released 07-26-2012 silently installed 07-27-2012,

- Update 11.3.300.270 released 08-02-2012 silently installed 08-03-2012,

- Update 11.3.300.271 released 08-14-2012 silently installed 08-15-2012,

*Upgrade 11.4.402.265 released 08-21-2012 following a reboot - prompted to install 08-23-2012 [3] for the Firefox Plugin. Following a second reboot thereafter - a new notification to update the IE ActiveX Control is expected some time [4] soon.

  • Notes:
  • [1] Notice that after each reboot, it took exactly 9 days (not the default interval of 7 days) for each notification/player to install.

    [2] Players were not installed automatically within 24 hours due to a non-conectivity issue my side.

    [3] Now I'm confused! First notification got in inmediatelly after the machine was restarted, i.e. less than 48 hours of the release. The 'Prompt-window' only showed the 'Install' button, which did not open the installer dialog (therefore no new licence acceptance? and no new updates-setting options?), but redirected me instead to the download website to install it from there. Again, this online installer did not ask me to accept nothing or allowed me to change my options?

    [4] In view of [3] above, I'm not manually installing the second (IE ActiveX) player, to allow some more time to see what happens next...

    And to check if -

    (a) this may be a Flash updates mechanism policy change? or...

    (b) is it a case of Adobe applying a zero-day patch? in view of the 'critical' security updates included?

    I don't know but in either case, why then not using the background updates channel (but prompting users) if no need for users to accept new terms of use? 

    @web1c @jimmy @wrx7m

    Notwithstanding my own doubts above, and as it's the "true silent automatic updates" what you guys are really interested in, I may refer you to the following 'feature request' (There should be an option for silent (prompt-free) automatic update) which still open for you to place your votes/comments > https://bugbase.adobe.com/index.cfm?event=bug&id=3211239

    Good Luck!

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    Community Beginner ,
    Aug 24, 2012 Aug 24, 2012

    Copy link to clipboard

    Copied

    Clearly this does not need to be the case since Google updates their Chrome browser which includes Adobe Flash with no need for user interaction to accept new EULAs whenever there is a new version.

    In a corporate environment, there needs to be a way for the company to accept software agreements on behalf of users when they deploy Flash with the via Active Directory GPO Software Installation or other corporate deployment methods.

    Only people who orginally downloaded their Flash software from the Adobe Flash website http://www.adobe.com/products/flashplayer.html shoud be getting these terms of service prompts.  The end users many not even have the right to accept terms of service on company-owned systems anyway. 

    Does configuring the update server software that mirrors Adobe's Flash update server bypass all user prompts to download Flash from the Adobe web site in all cases or does automatic updates have to be completely disabled to stop this?

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    Adobe Employee ,
    Aug 27, 2012 Aug 27, 2012

    Copy link to clipboard

    Copied

    Yes, configuring an internal update server (Flash Player 11.4 Admin guide page 19, section Background updates from an internal server) will allow you to configure all of your client systems to download and silently apply all updates that are made available.

    We highly recommend all IT admins take a look at this feature, as we believe it will be the simplest, most straight forward way to making sure all of your client systems are running the latest Flash Player without any interaction from your users.

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    Community Beginner ,
    Aug 27, 2012 Aug 27, 2012

    Copy link to clipboard

    Copied

    OK, as long as there are no exceptions to being silent even if there is a major version upgrade to Flash and aslo no exceptions to this if the user is on a laptop off the corporate LAN at home or connected to a public wifi hotspot and it fails over to Adobe's update servers when it can't reach the internal update server.

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    Adobe Employee ,
    Aug 27, 2012 Aug 27, 2012

    Copy link to clipboard

    Copied

    In the case of the system being unable to contact your internal server, Flash Player will fall back to the old style notification mechanism for all updates.  Would this be a deal breaker for you?  If so, how would you expect it to behave?

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    Community Beginner ,
    Aug 27, 2012 Aug 27, 2012

    Copy link to clipboard

    Copied

    I would expect it always to be silent if that's how the mms.cfg file is configured on that computer.  Do not install major version updates if they are not security fixes.  If they are security fixes, then install silently.

    It is actually even worse if the user gets the notification prompts for manual installation when out of the office with their company-owned laptop.

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    New Here ,
    Aug 27, 2012 Aug 27, 2012

    Copy link to clipboard

    Copied

    Chris,

    Setting up an internal server to manage the updates and write custom scripts to automatically download the update files is fine; But why doesn't Adobe offer to host corporate versions of the update files on their own servers? That would allow companies that have systems with full web access to point to enterprise.adobe.com (or whatever) and allow business PC's to download updates SILENTLY IN THE BACKGROUND without ANY prompts or Google Chrome being bundled (some might call this adware).

    The issue with Chrome being set to download, install and become the default browser in the 11.4 Flash Player update is the last straw for our company and we are disabling the Flash "background" updater. If I had the power to ban Flash at our company I would.

    To all reading this thread I suggest you submit a bug/fix request for the issues with the Flash Background updater:

    https://bugbase.adobe.com/index.cfm?event=bug&id=3317738

    https://bugbase.adobe.com/index.cfm?event=bug&id=3211239

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    Adobe Employee ,
    Aug 27, 2012 Aug 27, 2012

    Copy link to clipboard

    Copied

    Thanks for your input.  I'll forward this along to the team.  Part of the problem with us having two two different types of servers (one for the general public, the other for distribution agreement holders) is that there's no way to enforce which one is used.

    Chris

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    New Here ,
    Aug 27, 2012 Aug 27, 2012

    Copy link to clipboard

    Copied

    Thanks Chris, that makes sense.  I would suggest the default would be to forward all update traffic to the general public server and admins can point to/add the adobe corporate server in the MMS file as needed.  That wouldn't be as intuitive as a seperate setting (in the MMS or even better the GUI) but at least it would be an option that could be implemented quickly with no changes to the updater code.

    Heck Adobe already has the special corporate download site (won't post the URL per the EULA) for the redistributable versions of Flash. It seems like that site could be slightly modified to work with the Flash auto-updater.

    At our company of 4000 users, Flash is a fun little web feature (with the occasional significant security vunerability) that offers minimal business value in our professional corporate environment.  It really isn't practical that Adobe expects companies to setup their own internal update infrastructure for this auxilliry feature.

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    New Here ,
    Aug 28, 2012 Aug 28, 2012

    Copy link to clipboard

    Copied

    Hi Chris,

    I appreciate you answering on this forum post however it is disappointing that you are not taking the extra time to clarify all the points that are being raised here, but rather relying on members of the public to provide the information.

    As to your question around potential improvements to your Internal Server Update architecture here are my suggestions on improving the system:

    MMS.CFG settings

    1. Allow the ability to include a SilentAutoUpdateProxy value so that smaller companies with unauthenticated proxy servers can still access your silent auto-updating mechanism without using an internal system
    2. Provide a fallback - SilentAutoUpdateServerDomainFallback switch to use the internal update server, and failing that for X days will try and access the Internet servers as well. This option should be enabled by exception. It would suit my situation where I have a handful of users who rarely VPN or are onsite, yet they still get my MMS.CFG config file.
    3. Change the switch SilentAutoUpdate to SometimesSilentAutoUpdate. Preferably make the auto update completely silent like it should be.

    Internal Update Server recommendations

    1. Provide a tool that sits on a server and configures the system to do the updates. It would be a simple tool to create and test.
      1. The install of the tool should install IIS (easy 3 lines in PowerShell)
      2. Create an internal DNS name that's friendly (to use in the MMS.CFG file)
      3. Allow the installation of a certificate, where either you can attach the PFX or your app creates a self signed one. (link it to Digicert and take a commission if you want)
      4. Configure the download location (major version number), destination location, etc
      5. provide logging functionality
      6. provide functionality where the latest version needs approval before installation (rolling basis) - this is something i would like to see, but doubt Adobe would implement.
    2. If you don't build a tool, at least document a tried and tested method for IT admin's to use (the scripts)
    3. Improve your documentation on how the system is designed to work, and what all the exceptions are. Provide a visual diagram of the entire process - you might then see where it can fail depending on circumstances.
    4. Hire me for 6 months to improve these processes, and for the other products as well

    Finally, I personally think the current updating system is by far better than what were were given before, the installations are more robust and leave less junk behind. We just need to tidy up the teething problems, or find workarounds.

    Regards,
    Ivan Dretvic

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    Explorer ,
    Aug 24, 2012 Aug 24, 2012

    Copy link to clipboard

    Copied

    web1c wrote:

    We already had silent updates configured and working with 11.2 and 11.3.  We simply deployed a preconfigured mms.cfg file to our workstations that was set to install updates silently.  It worked fine until the 11.4.update.

    Yes, it was working fine as configured to work with v11.3 which updated -silently- 5 times within the last 2+ months.

    Please note however that Adobe can/may not use the automatic-silent background update channel for those new feature-bearing releases and/or any update that changes the default settings of Flash Player, which would require confirmation (acceptance of new terms) from end-users, even if they have already agreed to allowing background updates.

    For these new features and/or releases that require the acceptance of new terms of use, Adobe may need to notify users before an installation can be performed.

    You must therefore get the new 11.4 release installed first, and then re-enable the Background Updater to receive -silently again- further updates to this new version.

    Remember that to enable the Background Updater to your workstations, you would need to push an mms.cfg with AutoUpdateDisable=0 and SilentAutoUpdateEnable=1.

    Hope this helps.

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    Community Beginner ,
    Aug 24, 2012 Aug 24, 2012

    Copy link to clipboard

    Copied

    I don't remember this on the 11.2 to 11.3 updates.  We do not want these prompts to manually install Flash updates appearing on every user's computer regardless of it being a new version number..

    Would using the internal server to mirror Adobe's update server suppress the notification even when there is a new version number or is the purpose of the internal server only tp push updates to computers that don't have direct  access to adobe's update servers?

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    Guest
    Mar 12, 2013 Mar 12, 2013

    Copy link to clipboard

    Copied

    I'm having this problem too, but we use SCCM SUP to roll out flash updates. Why would it check in when the mms.cfg says: (copying and pasting here)

    AutoUpdateDisable=1

    AutoUpdateInterval=0

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    New Here ,
    May 15, 2013 May 15, 2013

    Copy link to clipboard

    Copied

    LATEST

    Hello everyone,

    Apparently I'm in the thread which fits the better my issue. Currently, we deploy FP v11.6 on our user's computers, but recently, a bunch of users has been prompted for a flash update, despite the fact I've configured a system which worked (until the last weeks), to silently update for our internal web server, FP.

    2 questions are haunting me :

    - Why, magically, the internal silent auto update decided to not work again ? (from the 11.6 version ?)

    I almost trust that Adobe made on purpose a prompt to end users in order to install Chrome at the same time, because of a strong commercial contract with Google.

    - Why the version.xml files available at http://fpdownload2.macromedia.com/pub/flashplayer/update/current/sau/1 1/xml/version.xml and http://fpdownload.adobe.com/pub/flashplayer/update/current/sau/11/xml/ version.xml are not up-to-date with the last version ? Because it's a beta version ? Not safe ?

    EDIT : Ok, the files are now up to date, it's perfect, te silent autoupdate worked again. But I'm still wondering why it asked for the update on some computers, in spite of the mms.cfg were correctly configured on it ...

    Thanks a lot for the care, and to fill the blanks in my mind.

    Regards,

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines
    New Here ,
    Aug 28, 2012 Aug 28, 2012

    Copy link to clipboard

    Copied

    Chris,

    As long as users without admin rights are *never* prompted. There is no logical reason you'd ever want users without admin rights prompted for anything. Especially if your auto-updater is going to take care of it eventually anyhow.

    This is how all Adobe products should work. They should just update, so Admin can get back to the mountain of other work they have. It'd be really nice if Microsoft had a more built-in means of doing this, instead of every vendor creating their own pocket service for doing so.

    *cough* Third-Party WSUS *cough*

    -- Brandon

    Votes

    Translate

    Translate

    Report

    Report
    Community guidelines
    Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
    community guidelines