/build/static/layout/Breadcrumb_cap_w.png

Google Chrome Enterprise 48.0.2564.109 updating unwantedly

Hi all,

I am deploying Google Chrome for enterprise to my Server 2012 R2 VDI desktop and I want to ensure autoupdate is disabled. I have had to add a Powershell script as a Custom Action to disable the Google Update Service which is installed and started by the installer. Even with this disabled and when I run Google Chrome for the first time it seems to have updated and as soon as it's updated to the latest version it seems my master_preferences file is ignored. Has anyone seen this? Where with newer versions of Google Chrome the Master_Preferences file is ignored?

What else can i do to ensure Automatic updates do not occur?

My Master Preferences file looks like this

{
"homepage" : "http://www.bbc.co.uk",
"show_home_button" : true,
"homepage_is_newtabpage" : false,
"browser" :
    {
        "show_home_button" : true,
        "check_default_browser" : false,
        "window_placement": {
        "bottom": 1000,
        "left": 10,
        "maximized": false,
        "right": 904,
        "top": 10,
        "work_area_bottom": 1010,
        "work_area_left": 0,
        "work_area_right": 1680,
        "work_area_top": 0
    }
},
 "bookmark_bar" :
{
"show_on_all_tabs" : true
},
"distribution" :
{
"skip_first_run_ui" : true,
"show_welcome_page" : false,
"import_search_engine" : false,
"import_history" : false,
"do_not_create_any_shortcuts" : true,
"do_not_launch_chrome" : true,
"do_not_register_for_update_launch": true,
"suppress_first_run_default_browser_prompt": true,
"make_chrome_default" : false,
"msi": true,
"system_level": true,
"do_not_create_desktop_shortcut" : true,
"do_not_create_taskbar_shortcut" : true,
"create_all_shortcuts" : false
}
}

Thanks,
Mark

2 Comments   [ + ] Show comments
  • There are policy templates for google chrome and google update, adm and admx, that allows you to disable auto-updates. You can see https://www.chromium.org/administrators/turning-off-auto-updates for more information.

    Enzio - enzio 8 years ago
  • Our business is currently using the ADMX with updates turned off - this works for us. Is there any other AD that might override your AD template for Chrome, or maybe the Chrome ADM/ADMX was not placed in the AD tree where All Workstation Devices can see it?
    By the way Mark, are you trying to inject a Master Preferences file or are you using the BuildInstallCommand with installerdata=[MASTER_PREFERENCES] and putting all your Encoded JSON into MASTER_PRFEFERENCES in the property table? - Tempril 8 years ago

Answers (4)

Posted by: dunnpy 8 years ago
Red Belt
0
This might be old information - I haven't packaged Chrome for a while - but when I did I used this site as a guide.

There are additional GPO settings that need to be considered and either deployed through GPO or as a registry configuration within your package.

Dunnpy

Posted by: ken2015 8 years ago
Senior White Belt
0
Have you tried some of the options in the ADM
http://woshub.com/how-to-configure-google-chrome-via-group-policies/

http://www.ghacks.net/2013/07/10/turn-off-google-chrome-automatic-updates-on-windows-using-group-policy/
Posted by: mark_holland21 8 years ago
Fourth Degree Green Belt
0
Hi guys,

Yes, I've tried the GPO settings to disable Auto update and also tried adding these registry keys to the transform.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update:
  • Dword: AutoUpdateCheckPeriodMinutesValue: 0
  • Dword: DisableAutoUpdateChecksCheckboxValueValue: 1
  • Dword: UpdateDefaultValue: 0
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Google\Update:
  • Dword: AutoUpdateCheckPeriodMinutesValue: 0
  • Dword: DisableAutoUpdateChecksCheckboxValueValue: 1
  • Dword: UpdateDefaultValue: 0

The issue I'm getting is that as soon as the package is installed the "executable" which is wrapped inside the msi and actually installs google chrome, calls the GoogleUpdate.exe which then runs an update if your version is out of date. This is the update I am struggling to disable. The only way I have been able to get close so far is by renaming the Update folder in "C:\Program Files (x86)\Google\Update". If this is renamed then Google Chrome can't run updates. However, when I try to rename this programmatically i am getting an access denied on the folder. Possibly becuase the GoogleUpdate.exe is running at the time I tried to rename it. So, I closed that process and tried once more and it was successful (manually). As soon as I try it programmatically again it fails.

I know capturing a vendor msi but in this case I feel it's the only way I'm going to be able to confidently install Google Chrome without it updating.

If anyone has anymore suggestions please feel free to comment, for now I'm doing what we're not supposed to and capturing the vendor msi.

Posted by: mark_holland21 8 years ago
Fourth Degree Green Belt
0
Hi all,

Ok, so I managed to get it working without performing a setup capture on the vendor msi.
However, it did need a lot of tweaking to get it to work how i wanted it.

Ultimately, i needed to kill the GoogleUpdate.exe process as soon as possible after install and then delete the GoogleUpdate.exe using a Custom Action VBScript.

With this exe gone AutoUpdate can't take place. I have also applied the GPO's for post install update attempts but the removal of this exe seems to have been the only way to get this to work how i wanted it to.

Mark
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ