Update management for Adobe Acrobat Reader

Solution 1:

I install Adobe Reader via Group Policy and software assignment. I've been applying MSP-based patches to my Adobe Reader installation points and then instructing client computers to reinstall via the "Redeploy..." functionality in Group Policy. I don't particularly like doing things this way, but it's the least labor-intensive method I can see.

This recent Adobe Reader patch (9.1.2) is MSP-based, so I'm able to deploy it in my usual manner. If Adobe decides to start distributing EXE-based patches, then I've got a problem and have to begin writing scripts. (Hopefully they'll stick to a Windows Installer based patching regime from here on out. We'll see...)

If they do go to EXE-based updates, I'll write scripts to deploy them silently via computer startup scripts. (If you've got the money to pony-up for Microsoft's System Center Configuration Manager, you can use the built-in System Center Update Publisher to deploy these types of updates.)

Having the client computers download patches themselves via the built-in updater functionality in Adobe Reader is useless to me. I need to be able to centrally control the deployment of updates such that I can test the update prior to deployment. Users don't have "Administrator" rights on their computers and can't install any updates themselves anyway. I disable the updater as a transform to the MSI for Adobe Reader.


I've never used a third-party patch management tool, so I can't comment. Patch management tools that claim to automate the patching process have always given me a bit of pause. Tools that do "snapshotting" aren't actually capturing the logic in an installer, and could do the wrong thing under circumstances different than when the snapshot was taken. Tools that "silently install" patches often require the same amount of work that I'd put into writing a script to install the patch anyway. As such, I'm dubious of the effectiveness and reliablity of "patch management" tools over using software assignment, "Redeploy...", and hand-written scripts to deploy patches.

Solution 2:

This article was very useful to me in deploying Adobe Acrobat Reader:

Deploying Adobe Reader 9 for Windows.

There are two sections which could be interesting for you. This one:

What To Do About Adobe Updater

Reader 9 continues to include the Adobe Updater application which has been updated to version 6. While I haven’t seen it misbehave for some time and it no longer drops an Updater folder in your Documents folder, you might still want to disable it.

There are a few ways to do this. You can disable Updater by running it (click Help / Check for Updates) then click the Preferences link. You will then see the Preferences dialog, where you can choose to disable Updater.

and the following section

Updating Reader

Updating Adobe Reader can be a bit of a challenge, especially for smaller environments using only Group Policy Software Installation. For Reader 8, Adobe released updates as a complete download of the installer rather than patches. I recommend updating using the full installer as updates for version 9 are released.

If you would really prefer to use the Updater to keep Reader current, you could use the following command in a task using Windows Task Scheduler:

 "%CommonProgramFiles%\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=1
 -AU_DISPLAY_LANG=en_US -AU_LAUNCH_APPID=reader9rdr-en_US

Solution 3:

Adobe supply a tool to customise the MSI installation of Acrobat, the Adobe Customization Wizard. What we do is to deploy Acrobat/Reader through Group Policy, having first used this tool to customise the MSI to disable all updating, update prompts, etc.

Having done this, we can roll out updated to Acrobat via GP as they're released.

Sadly no, I don't know of any centralised tool that will do this. The above approach will at least let you manage the updates, and stop users complaining about the Adobe Updated popups!