Patch Management Solution

Is it possible to change the command line options for an Adobe patch?  We do not want desktop icons or auto update enabled after these generic installs of Adobe products. 

I'm getting ready to use managed software deliveries rather than patch management simply because they don't operate like we want them too.  Plus, we can upgrade to the latest version rather than just patching an older version to slightly newer older version.

Hi mike,

To modify Command Line of the update, first You have to create policy from the bulletin, that contains this update. Go to Patch Remediation Center, locate the Bulletin, select Right Click -> Distribute. 

After policy has been created, find it usually in Policies -> Software -> Patch Management -> Software Update Policies -> Windows, and open Advanced tab of the policy.

In the Advanced tab,You can click on Command Line link of any update and modify it.

Regards,

Sergei

Hello,

I've found this a problem too. For example, we have Adobe Reader 9.4.7 deployed with our Windows 7 image using a transform file MST with the following options:

  - Installation options: Make Reader the default viewer if both Acrobat and Reader are installed
  - Installation options: Disable Caching of installer files on local hard drive
  - Installation options: Run installation Unattended
  - Installation options: Suppress reboot
  - Shortcuts: Eliminar el shortcut del escritorio
  - EULA: Suppress display of EULA
  - Online: Disable all updates
  - Online: When launching PDF en IE, prompt with Open/Save dialog
  - Online: In Adobe Reader, disable Help > Purchase Adobe Acrobat
  - Online: Display PDF in browser = Disable & Lock
  - Online: Disable only Create Adobe PDF using Acrobat.com (se necesita AIR)
  - Comments/Forms: Auto-Complete Off
  - Comments/Forms: Prevent users from modyfing this setting in Edit>Preferences>Forms

But, after deploying APSB12-01 (is a full installation of version 5.0 for Reader and an incremental one for Acrobat) I've seen the icon in the desktop and I suppose that all thins configured in the transform are gone because it uninstall our version and installs the new one instead of upgrading.

So, my question is how can I use our Transform in the command line for the patch? Yes, I know I can modify it and add something like TRANSFORMS=MyTransform.mst but, where do I need to put the transform?

Can I browse to "..\Patch Management\Packages\Updates\APSB12-01\{592b2e45-6ebb-4902-8eea-b5da08046267}" directory (where AdbeRdr950_en_US.exe is) and put the transform here?

I suppose yes but probably this GUID will change with a change in the policy for the bulletin ...

What's the best manner of doing this patch? Or must we use Software Solution for deploying always the latest and customized version of Adobe Reader/Acrobat?

Thanks.

PS: How can I force the processing and installation of a bulletin in a client?

Hello,

I am not sure if old MST file will be applicable, but You can try to create new MST file for AdbeRdr950_en_US.exe using Adobe Customization Wizard 9:

1. Copy staged AdbeRdr950_en_US.exe from "..\Patch Management\Packages\Updates\APSB12-01\{592b2e45-6ebb-4902-8eea-b5da08046267}" directory to any temp directory

2. Extract msi from AdbeRdr950_en_US.exe using the following command line: "<full path to copied AdbeRdr950_en_US.exe> -nos_o"<name_of_folder_created_for_extracted_files>" -nos_ne" (for example: "C:\FolderForExe\AdbeRdr950_en_US.exe" -nos_o"Extracted" -nos_ne) – Please note that whitespace is not missing in -nos_o"Extracted"

3. Open extracted AcroRead.msi in Adobe Customization Wizard 9 (File>Open Package..>Select extracted MSI file) and configure settings.

4. Generate new MST file (Transform>Generate Transform)

5. Copy created MST file to folder associated with software update package on NS(In Your case it is "..\Patch Management\Packages\Updates\APSB12-01\{592b2e45-6ebb-4902-8eea-b5da08046267}")

6. Modify Command Line in created policy for package AdbeRdr950_en_US.exe from APSB12-01
You will need to add  -nos_o"./" after AdbeRdr950_en_US.exe in order to extract msi during installation. also it will be needed to add switch TRANSFORMS="transform.mst"

Your command line should look like AdbeRdr950_en_US.exe -nos_o"./" /sAll /msi /norestart ALLUSERS=1 TRANSFORMS="transform.mst" EULA_ACCEPT=YES , where transform.mst is generated MST file from step 4.

Regards,
Roman

Hi Roman,

I'll try your solution. Yes I suppossed too that I need to recreate the MST but my worry was that the GUID after APSB12-01 directory change a lot of times ... so I need to copy the MST again and again.

In my test installation the simple patch update from our 9.4.7 to 9.5.0 using Patch Management installed a fresh copy (I can see the icon in the desktop, the auto update is activated, etc.).

As today my test workstation has an update available (9.5.1) from Adobe I'll test it. The only "good thing" is that a normal user can update Adobe Reader because the updater service is running as a system service so when the user clicks the Adobe updater icon it does nothing else than tell the service to download and install.

I'll write here with my tests.

Thanks.

Hello,

I've downloaded 9.5.0 package and used ACW to generate the MST with my options. Then I've copied the MST to the right package directory and I've modified the installation line to a custom one with your parameters.

After that, I've uninstalled 9.5.1 from my test workstation and installed manually 9.4.7 as before the patch. I've started the assessment task in my workstation so I suppose that in brief the 9.5 will be installed again but, this time, with the MST and my options ;-)

While waiting ... I'm thinking in the 9.5.1 patch. As is not a full installer but a MSP, in the past I used to modify setup.ini to include the patch and put the file in the same distribution point.

With Patch Management, what must I do? Wait for everyone being in 9.5.0 and then apply a new policy for 9.5.1? Or can I have the 2 policies running? I say this because if a workstation is deployed with the 9.4.7 version it must be upgraded to 9.5.0 before the 9.5.1 so both of them must be there (as 9.5.1 can't upgrade 9.4.7).

How this workflow is treated using Patch Management? (sorry if this is known question but I'm new to PM)

Thanks.

Hello,

It worked. Patch Management upgraded my 9.4.7 to 9.5.0 using a full installation modified by the MST and the new installation line.

Thanks Roman.

PS: Now, I would like to know what to do with the incremental 9.5.1 update ?

Hi ManelR,

Yes, You can create 2 policies or include both updates in one policy:
- with EXE installer for v9.5.0 and customized MST file
- with MSP file for v9.5.1
In this case:
Adobe reader v9.5.0 EXE installer will be rolled out to machines where it is applicable (i.e. where Adobe Reader 9.4.7 is installed)
New Adobe Reader v9.5.1 MSP file  will be rolled out to machines where it is applicable (i.e. where Adobe Reader 9.5.0 is installed)

As I know all Your custom settings should be saved during upgrading Adobe Reader via MSP installer (as it is incremental installer), so it is not necessary to modify default command line.

As soon as Adobe Reader 9.5.0 will be installed on any machine, Adobe Reader Update 9.5.1 will be applied to this machine if it is included to target list of created policy

Thanks,

Roman