Automatic update to Flash 18 via mms.cfg?

Hi chri5b‌,

Yes, In some time when we plan to give a complete silent update to v18, all Flash Players still on older v18 or v17 or older will silently move to v18(latest).

--

Piyush

chri5b,

We also had the mms.cfg deployed via GPO to silently update. And most of us here also use Fire Fox.  I grew tired of seeing the message that flash is vulnerable and having to allow it and each and every site to run Flash and I am sure that my users were tired of this as well.  I ended up writing a script that runs during startup on each client.  The script checks the registry to see what version of Flash is installed on the client.  If the version installed on the client does not match the latest version, then the old version is uninstalled and the latest version is installed, if the client does have the latest version the script stops. Since I am using this method I configured the mms.cfg to no longer silently update and I now receive email notifications when a new version of flash is installed and will then update my script.  I went this route because major releases Flash will not install over the previous version, this is the case anyway going from Flash 17 to 18.

Hi Ricard - does your script not require administrator rights though?

The good thing about the mms system was that it ran as the "local system" account so non-admins (e.g. the users) would be updated without needing admin rights..

Ideally the mms would update major flash versions immediately.

No admin rights needed as the script runs on startup of each client and the Flash exe's are stored in a public directory.  Simply deploying the mms.cfg was nice until this major release was pushed.  Another way around all of this is to limit users to using Chrome only.

This is the deployment method for Chrome:

Download the chrome msi (googlechromestandaloneenterprise.msi) from https://www.google.com/work/chrome/browser/

create shared folder on the server, and share it out

share permissions: "everyone" full control

NTFS permissions: "domain computers" full control (note this is "domain computers" not "domain users")

Let's say the share is \\servername\gpopublishedapps then the full path to the msi is \\servername\gpopublishedapps\googlechromestandaloneenterprise.msi

Now create a GPO:

Computer Configuration - Policies - Software Settings - Software installations - New Package - Now browse to the msi in the shared folder as noted above - Then under the Deployment method window set the radio box to "assigned".

Now apply this new GPO policy to the OU with your workstations.

When they next reboot they will get Chrome installed by the computer account so even users without admin rights will get it installed. By default the msi will also install the Google scheduled task that runs as the system user to autoupdate Chrome to the latest version meaning you will always have a fully patched Chrome and flash. This is a "set and forget" method.

You could do the same for flash if there was an msi but you would have to copy in the new msi and refresh the policy each time a new flash came out. No "set and forget" here.

Ricardc might give you his method of updating flash with a script...

Or maybe as piyush says, adobe will rethink their autoupdate policy and fix their scheduled task so it actually updates to the latest version as soon as a new release is out regardless if it's a "loud release" or not.. Hopefully they will soon after all that crytolocker fun this flash bug has caused