Your work is vital. We are raising funds to support it.
Has anyone found a solution to automate and perform in the background the updating of Java and Flash with out using a administrator level login.
We are not on a domain, and I do not allow users to have administrator level access to the computers. We are currently using a couple of web sites that demand the most current Flash and Java and will not operate if they are even one level behind.
So any suggestions to automate this process that does not involve giving users administrator rights?
I wish I had a good answer for you (and for me.)
A combination of WSUS and System Center products is said to be able to do it although it requires significant preparation, and some products adapt better than others. (It's apparently best if the task can be wrapped in an MSI file)
Information on other approaches can be found at appdeploy.com
A lot can be done with group policies and scripts but again, it usually requires significant preparation, and a domain.
And there are some managed service provider (MSP) products that can do it, but the cost might be prohibitive.
I have traditionally tried to employ enterprise-style automation to small networks whenever possible. But in recent years that has become increasingly difficult. So for my typically 15-30 workstation clients I end up doing things manually but trying to streamline those steps as best I can.
I avoid Internet access and the presence of add-on junk like Java and Adobe products whenever possible. (Yes, many networks are still designed exclusively for running mission-critical applications.)
For those networks that do require a lot of attention, my work style has evolved over the last few years to meet the challenges:
First, I use multiple consoles. I like to work on two or three things at once so as to avoid the boredom of large downloads or slow installations.
Second, I rely more on remote access as a means to do updates or make certain kinds of repairs, generally using Windows built-in remote desktop feature. It's solid, secure and free. Most of the systems I work with have static IP addresses which simplifies access. I have a screen full of .rdp shortcuts with all the necessary addresses and credentials to get me into the remote workstations without having type in any numbers.
Finally, most of my clients have upgraded to Windows 7 Pro. I can make changes while logged in as a restricted user just by typing my password into the UAC box. No more logging in and out with different accounts or temporarily promoting a user account to admin and then dropping it back down.
Put all of that together and I can make updates to a lot of workstations in a hurry, from client locations or from home, with or without a domain. It isn't pretty but it's efficient.
Hope that helps, at least a little.
P.S. For anyone using remote desktop across the Internet for the first time, know that while the method itself is pretty secure, it does expose your network to attacks by malware that targets port 3389. Protect yourself by changing to unexpected port numbers and use really strong passwords.
I've been using Ninite Pro for a few weeks, on two different networks, and preliminarily find it to be an acceptable solution.
-It seems to be well behaved. No toolbars, SPAM, AIR , or other junk.
-It has effectively updated WinXP workstations in a Win2003 domain and Win7 workstations in a Win2008 domain.
-It also seems to work on workgroup (non-domain) workstations while a restricted user is logged in, as long as the computer is "visible" on the network and has a local admin level user account matching the name/password with which I'm logged into my console. The installations are quick and silent.
-After selecting programs to to be installed and the computers on which to install them, Ninite Pro displays which updates were successful, which were already up-to-date and which failed, and why.
-I have only used the utility to update Java, Reader and Flash Player, and I've only done it manually (weekly) because I prefer to view results in real time. There seem to be additional scripting and/or automation capabilities but I haven't tested them.
-The current price is a flat $20/mo, allowing you to manage up to about 200 workstations.
-There's a free trial period.
Thanks for the tip for ninite. I have only tried the free tool so far and it seems to do just what it says. For one off deployment the free tool does save time as it is one icon to click to get the standard tools installed or updated.
I will be giving the pro version a try as the background update is really a need.
With the pro version for remote updating you have to disable remote UAC on Win 7. How do you feel about that requirement compared to the benefit of the consistent updates?
I've only used Ninite Pro once on the system that has the Win7 workstations. My console and login were both part of the domain and the updates didn't invoke the UAC prompts.
I'm going to be experimenting with that same network this weekend, with a workgroup (non-domain) console, and will see what I get.
As for UAC in general, I have been leaving it turned on and haven't had too many conflicts. Still a challenge though, as is the 64-bit version of Win7.
P.S. As a side note, the world seems to be crawling with Managed Service Provider (MSP) utilities right now. They're adding new features, dropping prices and fighting for market share. And they're providing all sorts of high-pressure, cloud-related sales tactics; some good - some pretty sleazy. Although it appears that I'll be using Ninite Pro for the near future, I'll continue to look for the same feature to appear in other low-cost, more comprensive utility suites.
I reran app updates on the Win2008/Win7 network and everything worked smoothly, no UAC pop-ups or other obstacles. I guess that being on a domain really does have its advantages.
I also tried updating domain workstations from a non-domain, portable workstation. No luck at all. Too much security, despite my setting up compatible, local user accounts.
But I still haven't tried it in a purely workgroup environment. Maybe next weekend.
Dave, regarding the remote computers you wish to update, are they running the home or pro version of Win7?
It appears that Adobe is now providing a silent auto-update for its Flash Player.
No mention of whether or not it's compatible with restricted user accoounts.
Perhaps these will help:
I use Secunia Personal Software Inspector (PSI) on home computers. In that scenario I have Admin rights, so I'm not sure how it will work on a pc without Admin rights but it's worth a try. www.secunia.com. We use the corporate version of their product (CSI) on a domain. Works great.
Greetings my dearMy name is Basilia Jackson a lady from U.S, i saw your profile and become interested in knowing you please contact me in my email address as a friend firstname.lastname@example.org
Close this window