30 Replies Latest reply on Feb 11, 2011 8:35 AM by xxpluckyxx

    Deploy AcroReader v9.1.1 with Customization Wizard 9

    Robert Lindholm

      Hello:

       

      I'm trying to determine if I can deploy the latest security update [v91.1.] to my [v9.1] clients using the customization wizard or how to minimally create a [silent] installer package that I can push using a script.

       

      It seems like I was able to do this with the last security update [v9.1.0], but the package I downloaded from the Adobe web site this morning [adberdrupd911_all_incr.msp] is not in the [msi] format the wizard needs.

       

      Also, there didn't seem to be any [installation] documentation with the package or on the web site [that I could find].

       

      Any recommendations on how to use the customization wizard for deployment or how to correctly expand the [base] installer package to get to a setup.exe file would be greatly appreciated.

       

      Thanks,

       

      Bob

        • 1. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
          Oldhof

          Hi,

           

          I have the some problem. It would be a lot easier if the update came in msi format. Hopefully it will come soon or someone knows how to create a msi file of the msp update.

          • 2. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
            Robert Lindholm Level 1

            Hello:

             

            I found that the [base] installer has a "quiet" [q] option/switch that I've been using for now; I thought the v9.1.0 update allowed me to uncompress it and that expanded package included a msi-based installer, a setup.exe installer and a few other support files, but I could be wrong about that.

             

            Bob

            • 3. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
              GRNS

              I've tried to extract the MSP I'm getting access denied. the command lind " C:\>AdbeRdrUpd911_all_incr.msp /extract
              Access is denied.

               

              Hope they will look into this >>>

              • 4. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                StriderMatic

                MSPs are intended as patches to MSI files, the command to patch an MSI file is:

                 

                msiexec /a path to .msi file in network image /p path to .msp file

                 

                After the patching is done, you'll need to redeploy the software installation.

                 

                PLEASE read full details on this process at the following MS article, before attempting to patch your installation:

                 

                http://support.microsoft.com/default.aspx?scid=kb;EN-US;226936

                 

                I've successfully patched the MSI file, and will be testing out a re-deploy on a few PCs.  The patch output several folders, which seem to match the files inside the Reader 9.1 cab file.  Am I supposed to recompress the files/folders??  I saw no instructions in the MS article regarding this.  I'll just try using uncompressed, and copy the files/folders to my distribution point on the server.

                 

                There is a discussion on patching MSIs using MSPs, as MS intended, vs using ORCA.  I have no experience using ORCA, but it seems to be a viable solution to many.  Link is below.

                 

                http://www.appdeploy.com/messageboards/tm.asp?m=18443&mpage=1&key=&#18443

                • 5. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                  StriderMatic Level 1

                  The first installation of 9.1.1 seems to have worked.  Patched using the MS Article instructions I referenced earlier.  Copied the folders to my Adobe Reader software distribution folder, on my server.  Takes a while, because a re-deploy is basically un-installing then re-installing the distributed application, but it works.

                  • 6. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                    Robert Lindholm Level 1

                    Thank's for the information, I'm going through it now to see if I can get it to work properly.  How are you verifying that update ws successful?  I've been using the AcroRd32.exe file version, which was 9.1.0.2009022700 after the v9.1 update, but doesn't seem to change after the v9.1.1 update. However, when I launch AcroReader, it definitely looks like the update was successful, because the version number [9.1.1] is correct within the application. Is there another file or method I should be using to confirm the update?

                     

                    Bob

                    • 7. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                      StriderMatic Level 1

                      That's a good question.  The GPO deployed installation says 9.1.1 on the splash page.  The file version info says 9.1.0.2009022700, but the folders within the "Program Files\Adobe\Reader 9.0\Reader" have been modified.  I could be mistaken, but I don' t think incremental updates (like 9.1.1, 8.1.4, and 7.1.1) update the AcroRd32 file version.

                      • 8. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                        GRNS Level 1

                        Thanks for the Info; I know how to inject the MSP patch to the MSI which I've alread inejected the patch and show's in the add remove program 9.1.1. The problem is the existing install; I have 620 machines which have Adobe Reader 9.0. Enjecting the pacth to the MSI and resend it out will be problem it will fail to remove Adobe Reader 9.0. I can get around by creating a package to Uinstall Adobe Reader 9.0 and than create another package to install Adobe Reader 9.1.1. This is a lot of work, how about get the MSP to install on the top of the existing version 9.0.


                        Any suggestion on how to run the MSP silent Via SMS ??

                         

                        Thanks

                        • 9. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                          StriderMatic Level 1

                          Hmmm...that's interesting.  I rolled out a software installation GPO of Adobe Reader 9.1 to PCs which had 8.0 and 9.0 installed, without issue.  The new installation seems to handle that on it's own.  If there was an older version of the reader still installed, then Secunia Software Inspector, which we use, should be picking it up.  I had thought I might need to un-install older versions of Adobe Reader, but I've never had to, with the exception of PCs using version 7 or 6, occasionally.  Those are very few.

                           

                          Did you roll out the existing 9.0 installations using a GPO?

                          • 10. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                            robert.i.anthony

                            Robert,

                             

                            I've found two ways that you can verify the update has been installed.

                             

                            1. Check the following registry key
                              • HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\Installer
                                • VersionMin = 0 (Not Updated)
                                • VersionMin = 65536 (Updated)
                            2. Check the file version of the following file
                              • %programfiles%\Adobe\Reader 9.0\Reader\plug_ins\
                                • Annots.api - v9.1.0.2009022700 (Not Updated)
                                • Annots.api - v9.1.1.2009050100 (Updated)
                            • 11. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                              elyadria

                              I am deploying Reader 9.1 to 4000 PCs and there is a security patch and one of my tech send me this email:

                               

                              --Adobe Will Patch Zero-Day Flaw Next Week (May 4, 2009) Adobe plans to push out a patch next week to address a zero-day flaw in Acrobat and Reader that could be exploited to create denial of service conditions or execute arbitrary code.  Adobe will issue fixes for Reader and Acrobat versions 7, 8 and 9 for Windows and for versions 8 and 9 for Mac and Unix.  Adobe has also acknowledged a second flaw in Reader for Unix that will be fixed in forthcoming Adobe Reader for Unix updates.

                               

                              Until the fixes are available, Adobe recommends disabling JavaScript in both Reader and Acrobat.

                               

                              But I can't find the patch, appears that deploying 9.1 will take care this but reading your forum seems that there is another version 9.1.1...

                               

                              There is a patch?????

                               

                              Thanks guys!!

                               

                              Adrian

                              • 12. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                Xaneth

                                I had to go through this recently, so I worked up a blog about my approach over at:

                                 

                                http://www.vatofknow.com/archives/249

                                • 13. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                  elyadria Level 1

                                  This worked like a champ!!!...thanks so much, your blog is just perfect...

                                  Have a nice weekend

                                   

                                  Adrian Reyes

                                  • 14. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                    StriderMatic Level 1

                                    Thanks for this info Xaneth.  I have one question about your process.  Going by what Robert posted in #10, the installation is not Adobe Reader 9.1.1, but still 9.1.0.  You can tell this by checking the Annots.api, which is one of the files that was supposed to be updated if 9.1.1 went successfully.

                                     

                                    %programfiles%\Adobe\Reader 9.0\Reader\plug_ins\

                                    • Annots.api - v9.1.0.2009022700 (Not Updated)
                                    • Annots.api - v9.1.1.2009050100 (Updated)

                                     

                                    After trying several different methods, I haven't found a way to roll this out in an existing GPO or even a new one.  I've only been able to update with the incremental patch using command line instruction scripts.

                                    • 15. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                      Xaneth Level 1

                                      To be honest, I didn't check all the file versions to determine if I was truly running 9.1.1.  I'm surprised that by applying the update MSP file, that it doesn't update all files?  The main thing I'm concerned about is vulnerability to this new virus.  We've had a couple machines on the network get it, and it's bad.  We've had our hands full in the IT Dept, and did not have time to get on it right away (short staffed), so I'm a little concerned now.  Does an old version of Annots.api leave us susceptible?

                                       

                                      Out of curiousity, what does your script look like for the command line incremental patch?

                                      • 16. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                        elyadria Level 1

                                        MMMMMM.....I have applied the patch and follow all the steps on http://www.vatofknow.com/archives/249 and you are right even though the installation shows 9.1.1 when you open reader the version is 9.1.1 but when you go to Help and click on Reader Plug-Ins all the *.api are still version 9.1.0 dated 2/27/2009....so are we still vulnerable? What version we are really on?.....  

                                         

                                        Thanks,

                                         

                                        Adrian

                                        • 17. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                          Xaneth Level 1

                                          AARRRGGH!  So...  When is Adobe going to release 9.1.1 full in an MSI format, or are there other , more clear options for integrating the incremental patch into a full build?  I have a lot of other higher priority projects to be working on!

                                          • 18. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                            StriderMatic Level 1

                                            Yes, having an older version of the annots.api file leaves you open to the last reported vulnerability.  The updated annots.api patches the vulnerability.  Details can be found here:

                                             

                                            http://www.kb.cert.org/vuls/id/970180

                                             

                                            the command I use is simply 1 line.  I add it to my domain's login scripts:

                                             

                                            msiexec /qn /update %SOFTWARE%\adobereader\AdbeRdrUpd911_all_incr.msp

                                            %SOFTWARE% would be replaced by wherever you have stored the 9.1.1 incremental update.
                                            • 19. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                              Xaneth Level 1

                                              Thanks for that.  Still really need to determine how to integrate 9.1.1 properly.  Thanks for the link as well.  The CW has options to turn off browser integration, etc, to reduce the attack surface, so those are options I'll update the blog with.  I'll keep the blog updated as I figure out a workaround to get 9.1.1 updated properly.    

                                              • 20. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                                elyadria Level 1

                                                Xaneth, what method did you use? Whan command line instruction script? I use SMS to deploy and I need to be clear if this patch even though put the MSI installer in 9.1.1 version really take care the vulnerability flaw.....It should, this is the Adobe resolution...

                                                 

                                                Thanks

                                                • 21. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                                  elyadria Level 1

                                                  UPPSSS sorry the question was for StriderMatic.....

                                                  • 22. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                                    Xaneth Level 1

                                                    You're using this script on an existing 9.1.0 installation?    

                                                    • 23. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                                      StriderMatic Level 1

                                                      I tested this a few hours ago,  on my Windows XP workstation.  Adobe Reader 9.1.0 had been installed using a GPO.  The 9.1.1 was installed using the command I referenced in my last post.

                                                       

                                                      I have verified the annots.api to be:

                                                       

                                                      v9.1.1.2009050100  (create/modify date should be 5/1/2009)

                                                       

                                                      I would love to have this working via the GPO, instead of having a separate instruction necessary in the login scripts.

                                                       

                                                      From what I've read, you can use ORCA to edit the transform (MST) files, adding in the incremental updates.  I, however, have no experience with that.

                                                       

                                                      Still looking into other solutions.  Thanks for everyone's suggestions / ideas on this.

                                                      • 24. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                                        Xaneth Level 1

                                                        OK, I've confirmed that the Annots.api gets updated when using "msiexec /qn /update AdbeRdrUpd911_all_incr.msp" on a 9.1.0 installation.  I had deployed 9.1.0 originally before I knew about the 9.1.1 update.  I then crafted a script that would uninstall 9.1.0 and install the new 9.1.1 MSI (or so I thought).  At this point, it would be best to push out a 9.1.0 installation, then update with the /update switch I missed.  I was looking for a command line way to update my 9.1.0 installation and didn't know about the /update switch at the time.

                                                         

                                                        Now I'm going to have to uninstall my 9.1.1 installation, install 9.1.0 and update.  Sorry about the bad instructions.  Wish Adobe could just post a full installation of 9.1.1!

                                                         

                                                        Even after updating a lot of the plug-ins are still 9.1.0 versions, however the Annots.api file itself does get updated.  Rather than using an Adobe Admin GPO, I'm installing using command line script attached to GPO logon script.

                                                        • 25. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                                          Xaneth Level 1

                                                          Would it be feasable to just overwrite Annots.api itself?  Where there any other files?  I was reworking my script, to re-install 9.1.0 then update if it finds version 9.1.1, but I don't want an endless loop script that uninstalls every time it finds 9.1.1.  Dammit Adobe, release a full version.

                                                          • 26. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                                            elyadria Level 1

                                                            Me too. I've confirmed that the Annots.api gets updated when uninstall the 9.1.1 (yea right!!), install the original install MSI "AcroRead.msi" 9.1.0, applied the "msiexec /qn /update AdbeRdrUpd911_all_incr.msp" from a batch file and BINGO...now I will build an SMS program with the command line. It should work..this has been a great forum

                                                            • 27. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                                              elyadria Level 1

                                                              Yes you can overwrite Annots.api itself. But you need InstallShild. Ones you update to 9.1.1 take Annots file and create an MSI that copies the updated version and replace the old Annots.api. I have not tested but appears that that the file that we need to updated...and you are all right.... Dammit Adobe at this point I will install the original 9.1.0 and aplied the patch using SMS.

                                                              • 28. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                                                elyadria Level 1

                                                                StriderMatic, what you can do if you really want to use your GPO. Write a BV script and placed into the logon GPO if you have one, or create a new GPO, I would prefer use an existing GPO. I have a funky application that I could not have installed normally (Proprietary application for 4,000 users)so I create script with some command lines and switches, so the GOP calls the VB script after the logon and works great, you can even write the script to call the original MSI and then the update.

                                                                • 29. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                                                  Xaneth Level 1

                                                                  OK, after working with it all day, I figured out what happened.  According to my original instructions, the command:

                                                                   

                                                                  AdbeRdr910_en_US.exe  -nos_o./InstallFiles -nos_ne

                                                                   

                                                                  Extracts the AcroRead.msi folder into the "InstallFiles" folder.  It also extracts setup.exe, setup.ini and data1.cab.  This is where EVERYTHING goes wrong.  Inside the data1.cab file is the culprit Annots.api file that we don't want!  When we run:

                                                                   

                                                                  msiexec /a Acroread.msi /p AdbeRdrUpd911_all_incr.msp

                                                                   

                                                                  It updates everything to 9.1.1 within the folder, and if you traverse the folder structure you will see in Program Files/Adobe/Reader 9.0/Reader/plug_ins the file we are looking for, but it doesn't use this repository to install from, it uses data1.cab.

                                                                   

                                                                  To work around this, I've updated my blog.  From scratch, go ahead and extract the MSI file with:

                                                                   

                                                                  AdbeRdr910_en_US.exe  -nos_o./InstallFiles -nos_ne

                                                                   

                                                                  Now traverse to that folder and perform:

                                                                   

                                                                  msiexec /a <path to msi> /t:<network location>

                                                                   

                                                                  Then we apply the update with:


                                                                  msiexec /p <path to msp> /a <same network location as above\AcroRead.msi>

                                                                   

                                                                  Then we need to create a blank setup.ini file for the Customization Wizard


                                                                  Create setup.ini file in the network location

                                                                   

                                                                  Run the CW and make your modifications, which generates the MST file needed for the transform.  When done, install using:

                                                                   

                                                                  msiexec /i <network path to msi> TRANSFORMS=<network path to mst> /qn /L*v %systemdrive%\adobe_install.log

                                                                   

                                                                  You don't have to use the /L*v switch of course, up to you.  AGAIN, Adobe, update your complete installation or provide clear instruction on how to do this!

                                                                  • 30. Re: Deploy AcroReader v9.1.1 with Customization Wizard 9
                                                                    xxpluckyxx

                                                                    Funny thing, I figured out the same thing (ake the .cab file being there is what messes it up, as with it being there, it attempts to use that instead of the extracted directories).  You just did it with much more detail and with proof, instead of my 'I bet it's this'!