Like many IT departments, I push out updates to applications like Adobe Reader, Flash, Java, etc. for a multitude of reasons. First off, it’s the only way to guarantee the updates get installed. Sure, there are end users that will be responsible and make sure the updates get installed. But, if I have control of when things are being update, I know what is updated and when it happens. Second, we have applications that are dependent on 3rd party apps. If updates get installed before we have a chance to test the update, I could have lots of people that need the update removed and the old version installed. Last and certainly not least, the biggest reason I update these apps is because my end users don’t have Admin rights on their computers.
When the majority of users I supported were on Windows XP Professional, this was never a problem. However, the addition of User Account Control (UAC) in Windows Vista and 7, causes many applications to prompt the user to install product updates. With XP, these apps typically didn’t try to run at all. With UAC, the app checks for updates, and as soon as the user clicks through the dialog, they get this:
A big fat UAC prompt for Admin credentials… that they don’t have. On top of that, I usually end up getting a support ticket or Help Desk call that I have to track down.
So, how do we handle this issue? The good news is that most applications have an option to disable updates. This options usually translates into a Registry entry or a file on the filesystem that we can modify with a Group Policy Object (GPO) so that the end user is never prompted to install the update.
DISCLAIMER: Disabling the update notifications or the updater itself doesn’t mean you don’t need to install updates. I can’t stress enough that you need to be updating all of the software on the computers you manage. Third-party apps are updated on a regular basis just like Windows and Office and should be updated in a timely manner. Failure to do so could (and most likely will) open your systems to attack. If you don’t have a system in place for updating third-party applications, it probably isn’t a good idea to disable the updater that is built into the application.
As I encounter apps, I’ll add them to this series. Don’t see one listed here? Comment below and I’ll add it as quickly as possible!