KACE K1000 attempts to re-deploy Firefox that has been patched
I'm looking for feedback on the best way to handle deploying software that is also patched via KACE.
Example of patching issue:
A new workstation 'PC1' has the 'SOE - Standard' label added.
A distribution package for 'Mozilla Firefox 45.0.2 ESR' exists and has the 'SOE - Standard' label associated to it.
'Mozilla Firefox 45.0.2 ESR' is deployed to 'PC1' as it has the 'SOE - Standard' label associated to it.
The following day 'PC1' has Firefox update to 'Mozilla Firefox 45.1.0 ESR' due to KACE patching.
Next time 'PC1' is inventoried it detects 'Mozilla Firefox 45.0.2 ESR' is missing and re-installs the older version.
*Repeat cycle of patching and downgrading*
So to combat this I have a smart label assigned to the distribution package 'Mozilla Firefox 45.0.2 ESR':
Device Smart Label: Distribution - Firefox 45
Label Names = SOE - Standard AND
Software Titles does not contain 'Mozilla Firefox 45' OR
Label Names = 'Software - Mozilla Firefox 45' AND
Software Titles does not contain 'Mozilla Firefox 45'
If the PC then has the the label (SOE - Standard or Software - Mozilla Firefox 45 ) AND does not have a version of Firefox 45 already installed then the label will apply and the software will install otherwise it will not apply and patches are then handled by KACE without issue.
Is this the best way or handling this? KACE labels are not the most user friendly.
Cheers.
Answers (2)
I ran into this with MS Office 2019, systems kept trying to re-install the MI whenever the product was patched because the version number changed from the package associated with the MI.
I ended up creating a Custom Software Inventory object for Microsoft Office 2019 64-Bit without the version, which I list at the end of this reply. Using this entry, Only 64-Bit systems that don't have MS Office 2019 64-Bit would process the MI. I link this MI to a very simple smart label which picks up all systems except those which are exempt for MS Office 2019. I've had issues trying to track and troubleshoot deployments that have MI's which drop the systems once the package is installed.
This also has the benefit that I could at glance view within the MI deployment how many systems had MS Office 2019 vs those that did not. I can also use the same target labels for future MS Office related deployments.
RegistryValueEquals(HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlus2019Volume - en-us,DisplayName,Microsoft Office Professional Plus 2019 - en-us)
