Hi all,

I am deploying Google Chrome for enterprise to my Server 2012 R2 VDI desktop and I want to ensure autoupdate is disabled. I have had to add a Powershell script as a Custom Action to disable the Google Update Service which is installed and started by the installer. Even with this disabled and when I run Google Chrome for the first time it seems to have updated and as soon as it's updated to the latest version it seems my master_preferences file is ignored. Has anyone seen this? Where with newer versions of Google Chrome the Master_Preferences file is ignored?

What else can i do to ensure Automatic updates do not occur?

My Master Preferences file looks like this

{
"homepage" : "http://www.bbc.co.uk",
"show_home_button" : true,
"homepage_is_newtabpage" : false,
"browser" :
    {
        "show_home_button" : true,
        "check_default_browser" : false,
        "window_placement": {
        "bottom": 1000,
        "left": 10,
        "maximized": false,
        "right": 904,
        "top": 10,
        "work_area_bottom": 1010,
        "work_area_left": 0,
        "work_area_right": 1680,
        "work_area_top": 0
    }
},
 "bookmark_bar" :
{
"show_on_all_tabs" : true
},
"distribution" :
{
"skip_first_run_ui" : true,
"show_welcome_page" : false,
"import_search_engine" : false,
"import_history" : false,
"do_not_create_any_shortcuts" : true,
"do_not_launch_chrome" : true,
"do_not_register_for_update_launch": true,
"suppress_first_run_default_browser_prompt": true,
"make_chrome_default" : false,
"msi": true,
"system_level": true,
"do_not_create_desktop_shortcut" : true,
"do_not_create_taskbar_shortcut" : true,
"create_all_shortcuts" : false
}
}

Thanks,
Mark
2 Comments   [ + ] Show Comments

Comments

  • There are policy templates for google chrome and google update, adm and admx, that allows you to disable auto-updates. You can see https://www.chromium.org/administrators/turning-off-auto-updates for more information.

    Enzio
  • Our business is currently using the ADMX with updates turned off - this works for us. Is there any other AD that might override your AD template for Chrome, or maybe the Chrome ADM/ADMX was not placed in the AD tree where All Workstation Devices can see it?
    By the way Mark, are you trying to inject a Master Preferences file or are you using the BuildInstallCommand with installerdata=[MASTER_PREFERENCES] and putting all your Encoded JSON into MASTER_PRFEFERENCES in the property table?
Please log in to comment

Answers

0
This might be old information - I haven't packaged Chrome for a while - but when I did I used this site as a guide.

There are additional GPO settings that need to be considered and either deployed through GPO or as a registry configuration within your package.

Dunnpy

Answered 04/08/2016 by: dunnpy
Red Belt

Please log in to comment
0
Have you tried some of the options in the ADM
http://woshub.com/how-to-configure-google-chrome-via-group-policies/

http://www.ghacks.net/2013/07/10/turn-off-google-chrome-automatic-updates-on-windows-using-group-policy/
Answered 04/08/2016 by: ken2015
Senior White Belt

Please log in to comment
0
Hi guys,

Yes, I've tried the GPO settings to disable Auto update and also tried adding these registry keys to the transform.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update:
  • Dword: AutoUpdateCheckPeriodMinutesValue: 0
  • Dword: DisableAutoUpdateChecksCheckboxValueValue: 1
  • Dword: UpdateDefaultValue: 0
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Google\Update:
  • Dword: AutoUpdateCheckPeriodMinutesValue: 0
  • Dword: DisableAutoUpdateChecksCheckboxValueValue: 1
  • Dword: UpdateDefaultValue: 0

The issue I'm getting is that as soon as the package is installed the "executable" which is wrapped inside the msi and actually installs google chrome, calls the GoogleUpdate.exe which then runs an update if your version is out of date. This is the update I am struggling to disable. The only way I have been able to get close so far is by renaming the Update folder in "C:\Program Files (x86)\Google\Update". If this is renamed then Google Chrome can't run updates. However, when I try to rename this programmatically i am getting an access denied on the folder. Possibly becuase the GoogleUpdate.exe is running at the time I tried to rename it. So, I closed that process and tried once more and it was successful (manually). As soon as I try it programmatically again it fails.

I know capturing a vendor msi but in this case I feel it's the only way I'm going to be able to confidently install Google Chrome without it updating.

If anyone has anymore suggestions please feel free to comment, for now I'm doing what we're not supposed to and capturing the vendor msi.

Answered 04/12/2016 by: mark_holland21
Fourth Degree Green Belt

Please log in to comment
0
Hi all,

Ok, so I managed to get it working without performing a setup capture on the vendor msi.
However, it did need a lot of tweaking to get it to work how i wanted it.

Ultimately, i needed to kill the GoogleUpdate.exe process as soon as possible after install and then delete the GoogleUpdate.exe using a Custom Action VBScript.

With this exe gone AutoUpdate can't take place. I have also applied the GPO's for post install update attempts but the removal of this exe seems to have been the only way to get this to work how i wanted it to.

Mark
Answered 04/13/2016 by: mark_holland21
Fourth Degree Green Belt

Please log in to comment
Answer this question or Comment on this question for clarity