best practice to upgrade user installed GPO packages ?
Hey, i'd like some opinions on best approach on upgrading software you've distributed through Users GPOs whereby the users can install the software themselves through the Add/Remove Programs applet in control panel?
I'd let a few of our users install Foxit Reader aswell as distributing normal Adobe Reader via computer policy as some of them needed the feature to view PDFs in the browser to work some other PDF software. i'd disabled that feature in adobe due to security worries. Lately there's been more scaremongering with adobe reader and foxit reader so i want to make sure my alternative us fully up to date for those hanful of bods that have needed it, without telling them to uninstall it and re-install it if possible.
I could just get them to upgrade within the package itself but then i have concerns about the uninstaller on our server not being as up to date as the actual version of foxit reader.
thanks [:D]
I'd let a few of our users install Foxit Reader aswell as distributing normal Adobe Reader via computer policy as some of them needed the feature to view PDFs in the browser to work some other PDF software. i'd disabled that feature in adobe due to security worries. Lately there's been more scaremongering with adobe reader and foxit reader so i want to make sure my alternative us fully up to date for those hanful of bods that have needed it, without telling them to uninstall it and re-install it if possible.
I could just get them to upgrade within the package itself but then i have concerns about the uninstaller on our server not being as up to date as the actual version of foxit reader.
thanks [:D]
0 Comments
[ + ] Show comments
Answers (4)
Please log in to answer
Posted by:
Jsaylor
14 years ago
The most effective form of version control for user-based GPO deployments is to make heavy use of the "Uninstall when this policy falls out of scope" option. With this enabled, your out of date version will fall off the moment a user that had installed it logs in. Installs of the correct version can be handled with a new GPO installed in the same manner that the original one was deployed. This should work in either a published or assigned application scenario.
You'll no doubt end up getting some service desk calls if you're going the published route, but as long as you have some sort of scheduled restart mechanism in place, this strategy will at least keep you up to date in terms of security vulnerabilities.
You'll no doubt end up getting some service desk calls if you're going the published route, but as long as you have some sort of scheduled restart mechanism in place, this strategy will at least keep you up to date in terms of security vulnerabilities.
Posted by:
squeakstar
14 years ago
Thanks dude, sounds pretty much like how i expected then. Thought perhaps there maybe a way of upgrading in place or something like the computer GPOs.
Thanks again !
Thanks again !
Posted by:
anonymous_9363
14 years ago
I've replied here before to the effect that using the 'Upgrade' tab in GPOs has, in general, been more trouble than it's worth, even for packages which upgrade smoothly from the command line. Thus I have tended to use the 'out of scope' method. For larger packages, it's a pain because apps have to be uninstalled and then re-installed in their entirety but hey, this is GP, where the word 'policy' is synonomous with 'pain'...
Posted by:
squeakstar
14 years ago
oh yeah - i fully support not "upgrading" literally - but hoped the upgrading would remove and put in place the new version without any assistance from end user. Looks like GPOs just aren't clever enough [:(]
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.