I deployed Flash Player via a Software Installation policy. How to upgrade?
I have a Windows Server 2008 machine as my DC. Earlier this year I created a Software Installation GPO to deploy Adobe Flash Player plugin MSI. I assigned the policy to the computers, about half run Windows XP x86 and the other half Windows 7 x64. That all works like clockwork.
When I created the Software Installation Policy, I disabled the Flash Player plugin's automatic update feature by editing the MSI in Orca. I did this because I wanted all of my machines to run the exact same version of the plugin.
Now, some time has passed and a newer version of the Flash Player plugin has been released. It is time for me to push out the updated version of the plugin. I already have the new MSI, but I am lost on what to do next.
- I see the upgrades tab in the Software Installation GPO, but everything there reads like that would be used for add-ons to a larger master program and not for updates that are released over time.
- I have read that it is best to create a new Software Installation policy with the new MSI, revoke the old GPO, and assign the new GPO. I feel as though, over time, I will wind up with more revoked policies than active ones.
- I have also read that some people have had success by replacing the old MSI with the new MSI and simply telling the GPO to redeploy. This seems like a backdoor method that will only get me in to trouble.
In short, what is the correct, best-practice, or preferred way to roll out the new version via Group Policy?
Solution 1:
I've done this many times with Flash Player (and other software). What you want to do is:
Use ORCA to edit it with any customization that you want and save it as a transforms (or save it as a whole new MSI, whatever works for you).
Put that new MSI (and transforms) on your software deployment share.
Add this software (and transforms) to your existing policy. It will automatically detect it as an upgrade to your previous versions of Flash Player. You can add all versions in the same policy if that's how you've previously configured it (x86: plugin and ActiveX, x64: plugin and ActiveX) or you can continue with whatever GPO layout you already have. Just make sure that you're adding like-for-like in your policy and it will automatically detect these as upgrades.
If, for whatever reason, they aren't automatically detected as upgrades, you can set this yourself in the policy. This is the correct way to handle this situation.
There's really nothing special to this.
One thing that you should think about is instead of editing the MSI with ORCA every time there's a new version, you can create an mms.cfg file as outlined here with Flash Player preferences. This file will not be touched across upgrades, so you only need to push out this file once and then you can deploy a vanilla Flash Player installation. I've used Group Policy File Preferences with Item Level Targeting to put this in the correct place on x86 and x64 machines in a mixed environment.
Solution 2:
I believe the upgrade is the best-practise method for doing so. I have used this method quite extensively in the past without problems.
Add the new MSI as another Package in the Group Policy object, choosing the Advanced deployment method. It should be detected as an upgrade to the previously deployed Flash Player. If it's not you can add it to the updates tab manually.