Hey, i'd like some opinions on best approach on upgrading software you've distributed through Users GPOs whereby the users can install the software themselves through the Add/Remove Programs applet in control panel?

I'd let a few of our users install Foxit Reader aswell as distributing normal Adobe Reader via computer policy as some of them needed the feature to view PDFs in the browser to work some other PDF software. i'd disabled that feature in adobe due to security worries. Lately there's been more scaremongering with adobe reader and foxit reader so i want to make sure my alternative us fully up to date for those hanful of bods that have needed it, without telling them to uninstall it and re-install it if possible.

I could just get them to upgrade within the package itself but then i have concerns about the uninstaller on our server not being as up to date as the actual version of foxit reader.

thanks [:D]
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
The most effective form of version control for user-based GPO deployments is to make heavy use of the "Uninstall when this policy falls out of scope" option. With this enabled, your out of date version will fall off the moment a user that had installed it logs in. Installs of the correct version can be handled with a new GPO installed in the same manner that the original one was deployed. This should work in either a published or assigned application scenario.

You'll no doubt end up getting some service desk calls if you're going the published route, but as long as you have some sort of scheduled restart mechanism in place, this strategy will at least keep you up to date in terms of security vulnerabilities.
Answered 04/08/2010 by: Jsaylor
Second Degree Blue Belt

Please log in to comment
0
Thanks dude, sounds pretty much like how i expected then. Thought perhaps there maybe a way of upgrading in place or something like the computer GPOs.

Thanks again !
Answered 04/09/2010 by: squeakstar
Orange Senior Belt

Please log in to comment
0
I've replied here before to the effect that using the 'Upgrade' tab in GPOs has, in general, been more trouble than it's worth, even for packages which upgrade smoothly from the command line. Thus I have tended to use the 'out of scope' method. For larger packages, it's a pain because apps have to be uninstalled and then re-installed in their entirety but hey, this is GP, where the word 'policy' is synonomous with 'pain'...
Answered 04/09/2010 by: VBScab
Red Belt

Please log in to comment
0
oh yeah - i fully support not "upgrading" literally - but hoped the upgrading would remove and put in place the new version without any assistance from end user. Looks like GPOs just aren't clever enough [:(]
Answered 04/09/2010 by: squeakstar
Orange Senior Belt

Please log in to comment
Answer this question or Comment on this question for clarity