In this post i am going to go over how to disable Adobe Flash Player Automatic Updates with a CI item and Baseline. In a follow up post i will walk through the steps to Deploy and maintain Flash Player Patches via System Center 2012 Configuration Manager and System Center Updates Publisher 2011. By leveraging Compliance Settings in ConfigMgr we can easily track compliance and remediation of the Adobe Flash Player Automatic Updates mms.cfg file across the enterprise. Every admin has his own way of getting this out to the enterprise and each has its trade offs. Personally i feel this is the simplest way to achieve this and retain flexibility of how i deploy Flash Player.
At the end of this post you can find "Disable Adobe Flash Player Automatic Updates.zip" file which can be used to import the CI and Baseline directly into your Compliance Settings Node of the Console.
Guidance on how to configure Adobe Flash Player Auto Updater can be found at: http://helpx.adobe.com/flash-player/kb/administration-configure-auto-update-notification.html
1) Open the ConfigMgr Console and Expand Assets and Compliance --> Compliance Settings --> Configuration Items and select “Create Configuration Item” from the ribbon.
Image may be NSFW.
Clik here to view.
2) In the Create Configuration item wizard fill out the Name, Description and assign an appropriate category and select next.
Image may be NSFW.
Clik here to view.
3) On the Supported Platforms screen select any OS level you would like this CI to be evaluated against and select Next.
Image may be NSFW.
Clik here to view.
4) On the settings screen select New.
Image may be NSFW.
Clik here to view.
5) In the Create Settings screen supply a Name, Description, Set the Setting Type = “Script” and the Data Type = “Boolean”.
Image may be NSFW.
Clik here to view.
6) Select Add Script under Discovery Script.
Image may be NSFW.
Clik here to view.
7) In the Edit Discovery Script screen select VBScript and paste in the code at the end of this article and select ok.
Image may be NSFW.
Clik here to view.
8) Select Add Script under Remediation Script.
Image may be NSFW.
Clik here to view.
9) In the Edit Remediation Script screen select VBScript and paste in the code at the end of this article and select ok.
Image may be NSFW.
Clik here to view.
10) Click on the Compliance Rules tab and select New.
Image may be NSFW.
Clik here to view.
11) On the Create Rule screen enter a Name, Description, select warning for the noncompliance severity for reports and ensure to check the box marked “Run the specified remediation script when this setting is noncompliant” and select OK.
Image may be NSFW.
Clik here to view.
12) Select OK to apply the settings.
Image may be NSFW.
Clik here to view.
13) Select Next on the Settings screen.
Image may be NSFW.
Clik here to view.
14) On the Compliance Rules screen select Next.
Image may be NSFW.
Clik here to view.
15) Select Next on the Summary screen.
Image may be NSFW.
Clik here to view.
16) Select Close on the Completion screen.
Image may be NSFW.
Clik here to view.
17) Select Configuration Baselines from the left pane.
Image may be NSFW.
Clik here to view.
18) Supply a Name, Description and assign an appropriate category for the Configuration Baseline.
Image may be NSFW.
Clik here to view.
19) Select Add --> Configuration Items to add Configuration Data to the Baseline.
Image may be NSFW.
Clik here to view.
20) Select add and then choose the CI that was just created and select OK.
Image may be NSFW.
Clik here to view.
21) Select OK to save your Configuration Baseline.
Image may be NSFW.
Clik here to view.
22) Right Click the newly create Baseline and select Deploy.
Image may be NSFW.
Clik here to view.
23) Select Remediate noncompliant rules when supported and configure your schedule to fit your needs.
Image may be NSFW.
Clik here to view.
24) Select Browse to choose your desired collection to deploy to. Select Device Collections from the drop down menu and choose your desired collections and select OK.
Image may be NSFW.
Clik here to view.
25) Select OK to save changes.
Image may be NSFW.
Clik here to view.
26) On your client system you can see that the Baseline has been applied but has not evaluated yet.
Image may be NSFW.
Clik here to view.
27) You can also see that the mms.cfg file does not exist.
Image may be NSFW.
Clik here to view.
28) Click Evaluate and you will now see that the Baseline is Compliant.
Image may be NSFW.
Clik here to view.
29) You will also see that the folder structure has been created and the mms.cfg file with AutoUpdateDisable=1 is created inside the folder structure.
Image may be NSFW.
Clik here to view.
Discovery Script:
Dim sFilePath, oWindir
Set oShell = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Set oArch = oShell.Environment("System")
oWindir = oShell.ExpandEnvironmentStrings("%WINDIR%")
Select Case LCase(oArch("PROCESSOR_ARCHITECTURE"))
Case "x86"
' x86
sFilePath = oWindir & "\System32\Macromed\Flash\"
Case "amd64"
' amd64
sFilePath = oWindir & "\SysWOW64\Macromed\Flash\"
Case Else
' other
Wscript.quit(1)
End Select
If fso.FileExists(sFilePath & "mms.cfg") Then
Wscript.echo "TRUE"
'Wscript.echo "File Exists! " & sFilePath & "mms.cfg"
Else
Wscript.echo "FALSE"
'Wscript.echo "Cant Find File! " & sFilePath & "mms.cfg"
End If
Remediation Script:Dim sFilePath, oWindir
Set oShell = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Set oArch = oShell.Environment("System")
oWindir = oShell.ExpandEnvironmentStrings("%WINDIR%")
Select Case LCase(oArch("PROCESSOR_ARCHITECTURE"))
Case "x86"
' x86
If NOT fso.FolderExists(oWindir & "\System32\Macromed") Then
fso.CreateFolder(oWindir & "\System32\Macromed")
End If
If NOT fso.FolderExists(oWindir & "\System32\Macromed\Flash") Then
fso.CreateFolder(oWindir & "\System32\Macromed\Flash")
End If
sFilePath = oWindir & "\System32\Macromed\Flash\"
Case "amd64"
' amd64
If NOT fso.FolderExists(oWindir & "\SysWOW64\Macromed") Then
fso.CreateFolder(oWindir & "\SysWOW64\Macromed")
End If
If NOT fso.FolderExists(oWindir & "\SysWOW64\Macromed\Flash") Then
fso.CreateFolder(oWindir & "\SysWOW64\Macromed\Flash")
End If
sFilePath = oWindir & "\SysWOW64\Macromed\Flash\"
Case Else
' other
Wscript.quit(1)
End Select
If NOT fso.FileExists(sFilePath & "mms.cfg") Then
Set strm = CreateObject("ADODB.Stream")
With strm
.Open
.CharSet = "UTF-8"
.WriteText "AutoUpdateDisable=1"
.SaveToFile (sFilePath & "mms.cfg"), 1
.Close
End With
'Wscript.echo "Creating File! " & sFilePath & "mms.cfg"
Else
'Wscript.echo "File Exists! " & sFilePath & "mms.cfg"
End If Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified
in theTerms of Use.
Clik here to view.