Software updates

steve_f

Here's a problem we have being having in work, maybe someone can help.

About 50 of our staff use accountancy software like Sage, Caseware etc.

We used to get software updates on CD, and we would have to run around and install them manually. Not ideal, but could be done by one person in a morning.

Now though, the software is checking their respective websites for updates, and trying to update them. Problem is that users don't have the rights to install these updates, so we have to do it for them. These updates are starting to come out every few weeks now, whereas the update CDs only came every 3 months. It's starting to keep us very busy!!!

I don't see how we can enable the user to install specific updates, while still preventing them from installing crapware all over their PCs.

Any ideas? much appreciated.

undomiel

I would look into disabling the programs from checking for updates. Then do a monthly cycle of running updates. Which hopefully could be scripted and make things a lot easier for you.

dynamik

Good question!

Claymoore

Dynamik posted a link to a thread where I talk about using Group Policy to disable or change the update settings on programs. Unfortunately, that won't help you actually install the updates and this is where it gets complicated.

If the program was originally installed as an .msi (either manually or through group policy) AND the vendor is nice enough to offer an .msp file as an update, you can do this rather easily. Either copy the .msi file to another location or create another administrative install point and then apply the .msp patch to the .msi. After the patch is applied you can redeploy the application or use the upgrade option in the software deployment gpo and deploy the patched msi as an upgrade to the previous version. You really should apply the patch on the file in a new location to prevent current users from getting errors when they launch the progam.

Standard Installer Command-Line Options (Windows)
Command-Line Options (Windows)

If the vendor did not supply an msi or an msp, things get considerably more complicated. If the program only updates a few files/folders or registry keys, you can open up permissions on those locations using .... wait for it .... group policy. Unfortuntely this relies on the developers doing things correctly in their install routine. If the installer checks to see if the user is a local administrator, opening up the permissions won't help and the install will fail. However, if the installer checks to see if the files/folders/keys are writable then this will work. Unless, of course, the program decides to update or write dlls to a protected area such as System32 which you won't want to open up.

If none of the above work you, you can try scripting the installation routine to run with 'runas' to elevate rights. It's not easy to script the password, but this might help:
how can I enter the 'runas' password automaticaly? - VBScript FAQ - Tek-Tips

With something like Sage where you may also have to update the pervasive sql client, you get to do all of this twice!

blargoe

If they don't NEED the updates, just block the update site.