We have Chrome deployed in multiple incremental versions throughout our organization, but *mostly* one main production version. We deploy updates to our org through Kace monthly on the 3rd Thursday of the month. 

Our patch subscription includes: "All Types/Google Inc./Critical,Recommended". With these settings, we get a package added to the catalog called "LM17-nnnn", and they are active. The notes present this as a patch, with some requisites that the targeted clients meet. 

We run a detect weekly on all clients. Our patching schedule targets device smart labels focused on all clients within specific networks. We enable the checkbox "All Patches". We run the job, lots of stuff is patched. Chrome never is. You can see in the catalog image that the majority of clients have Chrome 60 installer deployed. We want to figure out a way to easily keep Chrome on the latest version available in the catalog at the time of patching. 

How do I begin to troubleshoot this? Is there something special/specific about managing Chrome? I feel like I'm missing something small that should be obvious but isn't intuitive to me. I am thinking this might be because 62 is a full major version number different than what is installed on most clients? (Do we have to do a full uninstall and reinstall of each new major version, 'cause for apps like Chrome that come out with new major versions every month or so, I am not sure how to meet our goal efficiently at the moment...)

Thanks in advance!
1 Comment   [ - ] Hide Comment


  • Nobody has a business case that includes managing updates to the leading browser? Quest support basically said "We don't know how or why the k1000 is downloading these files from Google, or why it's including them in the security patching catalog. That's on Google. If you have to reinstall it, it'll need to be done manually with each release as it comes out."
Please log in to comment

Answer this question or Comment on this question for clarity



We deploy Chrome Enterprise with a MI and patch it monthly through the K1000.

We deploy Chrome with a base version using a custom inventory rule in the software item to check for an existing Chrome.exe. This prevents the K1000 reinstalling the older version once it gets patched.

We use separate deploy patch schedules for Critical Windows/ Chrome and Adobe products but have a general detect that picks up all products in one go.

If you don't need to control the update window, it is also possible to deploy Chrome so that it updates itself using elevated privileges, if you users don't have the rights to install it themselves.

Answered 10/25/2017 by: AndyH
Senior White Belt

Please log in to comment