Latest posts by Kyle Beckman (see all)
- Managing shared mailboxes in Office 365 with PowerShell - Thu, May 5 2016
- Managing shared mailboxes in Office 365 with the GUI - Wed, May 4 2016
- Installing and configuring the Enhanced Mitigation Experience Toolkit (EMET) - Wed, Mar 16 2016
Updating third-party products is a huge hassle, right? Chrome, Firefox, Java, Reader, Flash . . . the list goes on and on. System Center Configuration Manager can automate the process, but you typically have to pay for an add-on unless you want to build out the packages yourself. The good news is that Adobe Flash now supports automatic silent updates.
Which Windows OS and browser are you running? ^
The Windows OS version and browser on your workstations will determine what configuration is necessary. If you’re running Windows 8 or 10 and only using Edge/Internet Explorer, there’s nothing else you need to do. Flash updates are handled as part of your normal Windows updates. If you’re running Google Chrome, your Flash updates will install as part of Chrome updates.
If you’re still running Windows 7 with Internet Explorer and/or Firefox (including on Windows 8/10), you’ll need to either manually install updates (which isn’t ideal) or configure the updater to install them for you.
Manual configuration ^
When installing Adobe Flash using the exe installer, you will be prompted to select your update preference. If you use the “Allow Adobe to install updates” option, the Flash updates will install automatically.
Adobe Flash Player exe installer prompting for update preference during install
If you go to the Task Scheduler, you can see that there is a new Adobe Flash Player Updater task that is scheduled to run daily. The task runs with System privileges. That means that even users without Administrator rights can have Flash updates installed silently without receiving prompts or requiring IT assistance.
Adobe Flash Player Updater task in Task Scheduler to install updates
If you selected “Notify me to install updates” for “Never check for updates,” you can go to the Control Panel and access the Flash Player Settings Manager. Click the Change Update Settings button, approve the User Account Control (UAC) prompt, and change the setting to “Allow Adobe to install updates.”
Enable automatic silent updates in the Flash Player Settings Manager
The Enterprise gotcha ^
The only problem with enabling Adobe Flash silent updates at install time is if you’re a large enough organization that you’re using a tool like the Microsoft Deployment Toolkit (MDT) for OS deployments or System Center Configuration Manager. Silent installs of Adobe Flash using the exe installer and installs using the MSI installer don’t enable silent updates and, instead, use the “Notify me to install updates” option. If you’re an organization that doesn’t give end users Admin rights, you probably don’t want your customers being prompted to install something . . . especially if they won’t be able to perform the install.
Default update setting for Adobe Flash using the MSI installer
Push out the configuration with Group Policy ^
Adobe Flash’s update configuration can be controlled with a text file named mms.cfg. To push the configuration out to a large number of systems, we can use Group Policy Preferences to copy the file from a network share to the local system.
First, we’ll need to create a text file named mms.cfg. In the text file, copy/paste the following text:
Next, save the file to a network share. For small files like this, I typically like to keep them in a folder in SYSVOL. Because the SYSVOL folder is replicated across all Domain Controllers (DCs), it ensures the client will always have access to the file. In my example, I’ll use \\domain\sysvol\domain\files\Adobe_Flash\mms.cfg.
In the Group Policy Management Console, edit a Group Policy Object (GPO) that applies to your computers. Go to Computer Configuration > Preferences > Windows Settings > Files. Right-click in the open white area on the right and choose New > File.
Create a new Files Group Policy preference
In the New File Properties, set the following settings:
- Action: Update
- Source File(s): \\domain\SYSVOL\domain\files\Adobe_Flash\mms.cfg
- Destination File:
- For x86/32-bit systems: C:\Windows\System32\Macromed\Flash\mms.cfg
- For x64/64-bit systems: C:\Windows\SysWOW64\Macromed\Flash\mms.cfg
- Attributes: Leave the defaults
New File Properties to copy mms.cfg to x86 Windows
New File Properties to copy mms.cfg to x64 Windows
You can use Item-level targeting to ensure that only x86 systems get the x86 configuration and x64 systems get the x64 configuration. To configure the Item-level targeting, go back into one of the New File Properties and go to the Common Tab. Click the check-box next to Item-level targeting and then the Targeting button.
Configure Item-level targeting for the file copy
Click New Item > Environment Variable. Use the following settings:
- Name: Processor Architecture
- For x86/32-bit systems: X86
- For x64/64-bit systems: AMD64
Don’t get hung up on the fact that it is asking for processor architecture; the Processor Architecture refers to whether the operating system is 32- or 64-bit. You can run 32-bit Windows on a 64-bit processor and Windows will report X86 for the Processor Architecture.
The next time Group Policy refreshes on the client systems, Adobe Flash will be configured to update automatically without user intervention.
Use Item-level targeting to target the file to an x64 system