the ongoing struggle: man vs machine
Adobe Flash Player 11 Deployment via Group Policy
08/06/2012Posted by on
As of version 11, adobe have released both 32bit and 64bit versions of flash player. This will be a relief to many as IE 64-bit will now be supported.
Now we will need to deploy Flash 11 via GPO. Our goals are
- Deploy 32bit and 64bit Flash Player using a single GPO. The version I am deploying is 220.127.116.11.
- This GPO will be dedicated to flash player deployment, so title it appropriately.
- Prior versions of flash player will be removed before the new version is installed.
Step 1 – Sign the Enterprise Distribution Agreement and Obtain the Appropriate Files
Adobe require you to register to redistribute the software. Registration only takes a couple of minutes, however it can take up to 3 business days to be approved.
Once approved, and email will be sent with download links for the enterprise distribution files. Make sure that you download both 32bit and 64bit msi files.
I ended up with the following files
Step 2 – Define the Strategy
Unlike some of the other software that I deploy, I am not going to modify the msi file with orca, nor create a transform file. This is because prior versions of the package have been known to break if modified.
Flash 11 comes in both 32 and 64 bit variants.
The 32bit variant is only designed for 32bit operating systems. It is not to be installed on 64bit operating systems.
The 64bit variant is only designed for 64bit operating systems. This package includes both 32 and 64 bit versions of flash, to allow 32 bit browsers to operate with flash support on a 64bit operating system. This package must not be installed
As we are going to be managing both 32 and 64bit clients we will need to be careful about the group policy options that we set to prevent the wrong install from occurring.
Step 3 – Setup Shared Directory.
You probably already have a network share for software deployment. If you don’t, you will need to create a share that allows the everyone group read access. Only Administrators should have higher permissions to this share.
Step 4 – Group Policy Work
If you have not deployed flash player previously, you will need to follow the below steps in their entirety to create a new GPO. If you have deployed flash player previously, and need to upgrade to a new version, treat the below as refresher, and make sure you read the upgrading section at the end of the post.
a. Create a new Group Policy Object For Flash Player by opening the Group Policy Management Console, Right-clicking on the OU you want the policy linked to, and selecting “Create and Link a GPO here”.
b. Enter a name for the GPO. Do not include version numbers in the name, as you will use this same GPO to deploy upgrades.
c. Right-click the newly created GPO and select edit. The Group Policy Object Editor Opens.
d. Under Computer Configuration>Software Settings>Software installation, Right click on the blank right-hand window and select New>Package.
e. Select the 32-bit package. I like to ensure that a UNC path to the package is used, but it is up to you.
f. Select the “Assigned” option and click OK. The new package will appear.
g. Right-Click the package and select Properties.
h. Change the name of the package to distinguish that it is 32bit. I used “Adobe Flash Player ActiveX 18.104.22.168 x32 – Deployed”
i. Click the Deployment Tab>Advanced and uncheck the option “Make this 32-bit X86 application available to Win64 machines”. We have a different package for the 64bit operating systems.
j. On the same screen, I usually check “Ignore language when deploying this package”. This prevents differences between US English and Australian English from preventing the install from occurring, but this is a personal preference.
k. Ignore the upgrades tab for now as this is the first deployment. When you deploy future versions of Flash you will need this tab. Upgrades will be covered at the end of this post. Click OK on the Advanced Deployment Options Window and the Main Properties Window.
l. Congratulations, you are now deploying Flash Player 32bit.
Repeat the above process from step 4 part d for the 64bit package with the following changes.
Make sure you name the package to distinguish that it’s 64bit
Do not check the option to “Make this 32-bit X86 application available to Win64 machines”. It will not be available.
On the upgrades tab, the 32bit version may be listed. Group Policy has incorrectly assumed that we wish to upgrade the 32bit package with the 64bit package. This is not the case. Remove any entries on the upgrade tab.
Congratulations, you are now deploying the 64bit package.
Note: Group Policy is intelligent enough to not deploy the 64bit package to 32bit machines.
How to Disable Adobe Flash Auto Update settings (Optional)
Auto Update is a great idea for home users, but can cause problems or annoyance for enterprises.
In enterprise networks, your everyday users should not be Administrators of their local machines. Administrator privileges are required to install flash player updates. Flash will helpfully advise your users that an update is available, and prompt them to install it. Users will be unable to install the update and may be regularly prompted regarding it.
This is annoying to your users, and you will quickly begin to see helpdesk requests to update flash. The better solution is to deploy updates through Group Policy, once you have tested the update in your environment. Consequently, you will want to disable the auto update messages.
Adobe have provided a method to achieve this. What you need to do is place a configuration file on each machine that tells Flash to disable automatic updates.
The required location for this file are:.
%systemroot%\System32\Macromed\Flash – 32-Bit version of Flash
%systemroot%\SysWOW64\Macromed\Flash – 64 Bit version of Flash 11
The file needs to be placed in both locations for 64bit installs, as both variants are installed.
The file is a simple text file with a line that reads
I save this file with the file name mms.cfg in the same folder I used to store the msi files. I can then use Group Policy Preferences (Server 2008) or a startup script to copy the file to the correct destination locations.
When it comes time to update the flash player to a new version, add the new package as above, to the same GPO. On the upgrading tab, remove any entries already in the list, then click add.
Select which version/s you with to be upgraded by the new package. Be very careful that new 32bit packages upgrade the old 32bit packages, and new 64bit packages upgrade the old 64bit packages.
Remember to set the appropriate group policy options for the new packages, just as you did for the old packages.
Flash Player Configure Auto Update
Please Feel free to comment, ask questions or point out inaccuracies in the information. Through your assistance, I can try to make this post as helpful as possible.