In this post i am going to go over how to disable Adobe Flash Player Automatic Updates with a CI item and Baseline. In a follow up post i will walk through the steps to Deploy and maintain Flash Player Patches via System Center 2012 Configuration Manager and System Center Updates Publisher 2011. By leveraging Compliance Settings in ConfigMgr we can easily track compliance and remediation of the Adobe Flash Player Automatic Updates mms.cfg file across the enterprise. Every admin has his own way of getting this out to the enterprise and each has its trade offs. Personally i feel this is the simplest way to achieve this and retain flexibility of how i deploy Flash Player.
At the end of this post you can find "Disable Adobe Flash Player Automatic Updates.zip" file which can be used to import the CI and Baseline directly into your Compliance Settings Node of the Console.
Guidance on how to configure Adobe Flash Player Auto Updater can be found at: http://helpx.adobe.com/flash-player/kb/administration-configure-auto-update-notification.html
1) Open the ConfigMgr Console and Expand Assets and Compliance --> Compliance Settings --> Configuration Items and select “Create Configuration Item” from the ribbon.
2) In the Create Configuration item wizard fill out the Name, Description and assign an appropriate category and select next.
3) On the Supported Platforms screen select any OS level you would like this CI to be evaluated against and select Next.
4) On the settings screen select New.
5) In the Create Settings screen supply a Name, Description, Set the Setting Type = “Script” and the Data Type = “Boolean”.
6) Select Add Script under Discovery Script.
7) In the Edit Discovery Script screen select VBScript and paste in the code at the end of this article and select ok.
8) Select Add Script under Remediation Script.
9) In the Edit Remediation Script screen select VBScript and paste in the code at the end of this article and select ok.
10) Click on the Compliance Rules tab and select New.
11) On the Create Rule screen enter a Name, Description, select warning for the noncompliance severity for reports and ensure to check the box marked “Run the specified remediation script when this setting is noncompliant” and select OK.
12) Select OK to apply the settings.
13) Select Next on the Settings screen.
14) On the Compliance Rules screen select Next.
15) Select Next on the Summary screen.
16) Select Close on the Completion screen.
17) Select Configuration Baselines from the left pane.
18) Supply a Name, Description and assign an appropriate category for the Configuration Baseline.
19) Select Add --> Configuration Items to add Configuration Data to the Baseline.
20) Select add and then choose the CI that was just created and select OK.
21) Select OK to save your Configuration Baseline.
22) Right Click the newly create Baseline and select Deploy.
23) Select Remediate noncompliant rules when supported and configure your schedule to fit your needs.
24) Select Browse to choose your desired collection to deploy to. Select Device Collections from the drop down menu and choose your desired collections and select OK.
25) Select OK to save changes.
26) On your client system you can see that the Baseline has been applied but has not evaluated yet.
27) You can also see that the mms.cfg file does not exist.
28) Click Evaluate and you will now see that the Baseline is Compliant.
29) You will also see that the folder structure has been created and the mms.cfg file with AutoUpdateDisable=1 is created inside the folder structure.
Discovery Script:
Dim sFilePath, oWindir
Set oShell = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Set oArch = oShell.Environment("System")
oWindir = oShell.ExpandEnvironmentStrings("%WINDIR%")
Select Case LCase(oArch("PROCESSOR_ARCHITECTURE"))
Case "x86"
' x86
sFilePath = oWindir & "\System32\Macromed\Flash\"
Case "amd64"
' amd64
sFilePath = oWindir & "\SysWOW64\Macromed\Flash\"
Case Else
' other
Wscript.quit(1)
End Select
If fso.FileExists(sFilePath & "mms.cfg") Then
Wscript.echo "TRUE"
'Wscript.echo "File Exists! " & sFilePath & "mms.cfg"
Else
Wscript.echo "FALSE"
'Wscript.echo "Cant Find File! " & sFilePath & "mms.cfg"
End If
Remediation Script:Dim sFilePath, oWindir
Set oShell = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Set oArch = oShell.Environment("System")
oWindir = oShell.ExpandEnvironmentStrings("%WINDIR%")
Select Case LCase(oArch("PROCESSOR_ARCHITECTURE"))
Case "x86"
' x86
If NOT fso.FolderExists(oWindir & "\System32\Macromed") Then
fso.CreateFolder(oWindir & "\System32\Macromed")
End If
If NOT fso.FolderExists(oWindir & "\System32\Macromed\Flash") Then
fso.CreateFolder(oWindir & "\System32\Macromed\Flash")
End If
sFilePath = oWindir & "\System32\Macromed\Flash\"
Case "amd64"
' amd64
If NOT fso.FolderExists(oWindir & "\SysWOW64\Macromed") Then
fso.CreateFolder(oWindir & "\SysWOW64\Macromed")
End If
If NOT fso.FolderExists(oWindir & "\SysWOW64\Macromed\Flash") Then
fso.CreateFolder(oWindir & "\SysWOW64\Macromed\Flash")
End If
sFilePath = oWindir & "\SysWOW64\Macromed\Flash\"
Case Else
' other
Wscript.quit(1)
End Select
If NOT fso.FileExists(sFilePath & "mms.cfg") Then
Set strm = CreateObject("ADODB.Stream")
With strm
.Open
.CharSet = "UTF-8"
.WriteText "AutoUpdateDisable=1"
.SaveToFile (sFilePath & "mms.cfg"), 1
.Close
End With
'Wscript.echo "Creating File! " & sFilePath & "mms.cfg"
Else
'Wscript.echo "File Exists! " & sFilePath & "mms.cfg"
End If Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified
in theTerms of Use.