Auto-install updates, with no user interaction?

Due to problems with malware, we can't really trust everyone to be logged on with administrator privileges all the time as it used to be with Windows 2000 and XP. Consequently the installed software can not be modified by staff anymore.
This doesn't affect Windows Updates since those can be configured to install automatically on a schedule without any user interaction or privilege elevation.
Java for Windows however does not detect when a logged in user does not have administrative rights, so it offers updates to everyone who logs on, including people who can not and will not ever be able to install the updates.
One "solution" is to turn off the update checking so that people aren't hassled by useless update notifications, but then this means Windows desktops will gradually fall further and further out of date, opening them up to attack by malware that exploits unpatched bugs in older Java versions.
The proper solution that I really want, is for Java to be capable of auto-update and self-install without any user interaction or privilege elevation at all. However so far I have not found a solution for this.
A hack may be possible using Windows group policy, the Windows Server task scheduler, and a java website screenscraper.
Nightly:
* Screenscrape Java.com for a newer client version
* If new one is found, download, put in global read-access share
* Using a database of machines known to be running Java, flag each candidate that's using an older version
* Wake-on-LAN the machines needing the update
* Schedule a remote install of the update with Administrative privileges
* If update successful, clear flag for that machine in central database
* shut down again for the night.
OR
Java programmers could implement an auto-install mechanism of their own, that can run by itself without user interaction at system startup, shutdown, or on a timed schedule set by the administrator through registry entries (and therefore configurable via group policy applied to desktops).
==========
How are other network administrators handling managed business desktops that need periodic, automatic, and non-interactive Java updates?

We use Altiris Software Delivery solution to deploy our Java updates but you could also use similar solutions such as Microsoft System Center Configuration Manager.
The problem is that these are both options that cost money and require investment and training.
Altiris allows you to create a collection based on the text string held in the Add/Remove Programs list (as well as other fields) - so you can easily create a collection of computers that do not have the required version of Java.
You can then create a software delivery task to silently install Java with admin rights and target it towards the collection that needs updating.
The collection updates dynamically. As the computers get Java they drop out of the collection and are no longer targetted for upgrade. This used to work well for me - as I could update about 500 machines in about 2-3 days.
The problem is that the Java installer doesn't work consistently as you mentioned since JRE 6u25 - the installer doesn't always behave as expected and the switches to do silent installs keep changing. You also have a problem if you try to update Java and the person has their web browser open... Yes, I do my updates during working hours as well.
In a constantly changing environment in terms of security - you'd think Oracle would have sorted the deployment options out by now?

Similar Messages

  • Deployment with minimal user interaction

    We are interested in deploying iPads to users in our company, but we want to do so with minimal user interaction. From what I can tell the best way to do this would be to sync our iPads with one computer and have that computer's iTunes manage the applications that can be installed on all device.
    What features would our users not have access to without having direct access to iTunes on their own computer (e.g., data backup)?
    Why would doing this not be a good idea?
    If after the initial setup we would like to install another application, must we physically obtain the device(s) again to install the application?

    halabaluba wrote:
    We are interested in deploying iPads to users in our company, but we want to do so with minimal user interaction. From what I can tell the best way to do this would be to sync our iPads with one computer and have that computer's iTunes manage the applications that can be installed on all device.
    What features would our users not have access to without having direct access to iTunes on their own computer (e.g., data backup)?
    Why would doing this not be a good idea?
    If after the initial setup we would like to install another application, must we physically obtain the device(s) again to install the application?
    Who will own the iPads?
    Will you allow them to take the iPads home?
    If they take the iPads home and sync them at home (they will) then anything you installed from your central computer is GONE. The only thing that will stick is the setting you deployed using the “configuration utility”.

  • WSUS throwing 13002, "Client computers are installing updates with a higher than 25 percent failure rate. This is not normal."

    Hello,
    Within the past two months our WSUS Server started throwing error 13002, "Client computers are installing updates with a higher than 25 percent failure rate.  This is not normal."  We currently have 252 computers with errors in WSUS,
    and 33 updates with errors.  We have never had issues up until two months ago.  If you keep rebooting the machine, and keep running updates, they eventually all install.  I believe I will see the machines with errors go away as the weekly scheduled
    WSUS install runs over and over, and the machines reboot.
    - We run IE8 in our environment and sometimes IE9.
    - We have 300 clients, all running Windows 7 SP1 x64.
    - Our WSUS server is running on Server 2008 R2.  The WSUS build number is 3.2.7600.262.
    - We created an alternate WSUS 4.0 server on Server 2012, and redownloaded all updates.  We put one client on it and it is showing errors on 3 updates, KB890830, KB931125, and KB2917500.
    - Clients are throwing errors 800F0902, 80242016, and 80070005.
    - I've noticed something with the C:\Windows\SoftwareDistribution\Download folder on the clients.  When an update runs and fails, there is a "Install" folder created inside this folder.  If you try to open it after the failure you get
    "Access Denied"  If you reboot the machine, the install folder goes away.  (I assume this is a temp folder created to run updates).  I've checked the permissions on this folder on various machines and all seems normal.  I think
    this is the root of the problem, and why we need to keep rebooting to get all of the updates to run.  
    - I tried deleting the Software Distribution folder on a client after stopping the update service, then restarting the update service.  The folder redownloads but the client still throws errors.
    - I've gone through our Group Policies looking for anything that can cause this and found nothing.  We've created a test OU blocking inheritance, and only applying a WSUS policy in it to make it get the updates internally.  I then rebuilt multiple
    machines using Dell KACE, and still had failures.
    - We run SEP 11 and 12 on our clients.  I've tried removing the AV, making sure the firewall was off, etc.  It still throws errors.
    - I've spoken with our network team, and installed wireshark on a few clients looking for network errors and found nothing.
    - I've tried various Dell KACE scripted installs on test machines (erasing and rebuilding the machines from scratch), after which I run Windows Updates from WSUS.  They have thrown errors.
    - I've rebuilt a machine using Dell KACE, undomained it, then ran updates externally from WSUS going to Microsoft's site, and I'm still getting errors.
    - I've tried removing all software from the Dell KACE build to where it is just installing the OS and I'm still getting errors.
    - I tried taking a plain Windows 7 x64 DVD and installing that on a test machine, then without domaining it and without installing any other software, running updates from Microsofts update site.  This seems to work, althrough it does throw some errors
    but I believe those are related to having to reboot your machine in order to complete the updates (I can't remember that error code at the moment).
    Has anyone else been experiencing this?  Any suggestions as to how I can fix this?

    Hi,
    Error 800f0902
    Please try the method in this thread:
    Error
    Code: 800f0902
    Error 80242016
    If you receive Windows Update error 80242016 while checking for updates, it might be caused by a connection interruption between your computer and the Windows Update servers.
    80070005
    Usually means access denied
    Since it worked perfectly for a while, did you make any change on the server? Any applications new installed on clients?

  • Dialog with no user interaction

    Hi all,
    I would like to use the one button dialog that would just showing a message without requiring any user interaction.  With the dialog, I only want to display a message for the user. I want the program to continue running without needing user interaction.  I just want to let the user know that something happened.  I don't need to user to do anything.  How do I do that? 
    Yik
    Kudos and Accepted as Solution are welcome!
    Solved!
    Go to Solution.

    A more common approach is to use a "Status log" (just a string on the UI that gives the user some idea what is going on.)
    Here is a construct I often use (place the control "Status" on the UI, Add a control to the referance to "Status" wire the Connector pane.)  This type of action engine (see Ben's excellant nugget) lets you send update messages to the user from anywhere in the application instance space without leaving pop-ups all over the screen.
    And should you wish, you can add cases to Show, blink, unblink, highlight, move or Hide the indicator so it peeks out and dances
    Jeff

  • Re-image computer with no user interaction at all - SCCM 2012

    I have searched many posts and havent found a clear solution for my question.
    Basically, I have OSD task sequence ready to go on my SCCM 2012 R2. It is fine to run it as "Available".
    If I deploy the OSD through Software Center as "Required" and "ASAP", then I login the client, the client will run OSD task sequence sometime after about 30Min-1 hour later, not sure. And there will be no user interaction needed. However
    this means I need remotely log into each computer to let OSD happen.
    If I deploy the same TASK Sequence as "Required" and "ASAP" through "PXE", it will first ask PXE Password(Which I set in DP->PXE Panel), then I need hit "Next" again to start the assigned OSD, which means I need
    physically go to each computer to do this. (EDIT: If needed, I can remove PXE password and add VB scripts in other Task Sequence, however I want to know if I still need press NEXT to start the OSD).
    The clients are not AMT enabled but Lan Wake up enabled and also can be set to LAN WAKE UP Enabled with boot from LAN. I can wake up/shutdown the whole collection with command if needed. 
    Is there a way that I can Re-image one collection of Computers without any interaction on client side?  
    The other question is how long to wait for OSD when it is set to "ASAP"?
    RockyOZ

    Guess I just answered question myself. With PXE Password removed, the OSD runs without user interaction. Thanks. I will add the password in task sequences instead.
    RockyOZ

  • ARD 3.1 does install update with each launch

    Is this normal? If not, how do I stop this activity?

    It will do this if you have logged in with a user which is not an admin user. It doesn't have the priveleges to complete the update process.

  • Installing a program witout user interaction

    Hi
    Is it possible to build a installation that runs in the background, means no interaction from the PC user?
    The senario is, we got at lot of test PCs at different locations and it would be nice if we could push at new version of a program to the PCs and doing it in the background so the operator don't notice it.
    regards Bjarne

    Thank you
    I have made a program with the AppBuilder(LV2012) and want a silent installation.
    The link was helpfull (if I use LV6) but it need an update to include LV2012
    I have posted a comment for that.
    Regards Bjarne

  • My MBP  won't install anything. This is a recent occurence, previously it has installed updates with no problems.

    Whether its an update from Apple or software to use a hard drive. It gets most of the way there and finishes with 'installation has failed'. Are there any scans I can do to try work out why this is occurring?

    If you have more than one user account, these instructions must be carried out as an administrator.
    Launch the Console application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Console in the icon grid.
    Select
    /var/log ▹ install.log
    from the hierarchical list on the left. If you don't see that list, select
    View ▹ Show Log List
    from the menu bar. Then select the messages from the last installation or update attempt, starting from the time when you initiated it. If you're not sure when that was, start over and note the time. Copy them to the Clipboard by pressing the key combination command-C. Paste into a reply to this message (command-V).
    If there are runs of repeated messages, post only one example of each. Don’t post many repetitions of the same message.
    When posting a log extract, be selective. Don't post more than is requested.
    Please do not indiscriminately dump thousands of lines from the log into this discussion.
    Important: Some private information, such as your name, may appear in the log. Edit it out by search-and-replace in a text editor before posting.

  • Can't open mail after installing update with 10.6.8 says my mail is out of date

    Please help - new to Macs and I installed automatic update of 10.6.8 - 4 days ago and now I can't open up mail  - it says "You can't use this version of Mail with this version of Mac OS X. You tried to open Mail version 4.5 (1084/1085) in Applications/ Mail.
    So I went to  Applications, says this message again. So I   used my discs that  came with the computer adn installed again  Applications - no luck.
    I had luckily  backed up 2 days before this update - so went to Time Machine - did restore - now good still - can't  open mail. CLick on Iconand get same messgae .
    Please help. Thank you

    rainbowmum wrote:
    Thank you for the very clear basic instructions—helpful for a newbie.…Also my first screen shot !! I see that it does not have .App next to it
    Most likely because you have Finder's preferences->Advanced->Show all filename extensions unchecked. Check it, log out, and back in and all the apps should display the .app extension.
    Now, back to your problem. If you installed the Security Update 2012-004, it failed to update Mail to 4.6; thus, your problem. Manually DL it from http://support.apple.com/kb/DL1586 and reinstall it.

  • How to properly install updates with kernel changes on MBP w/ SSD

    I downloaded and installed Yosemite security update 2015 003, and on reboot it would have a progress bar of the updating which would not complete and would show the prohibited sign (circle with a line through it).
    I tried the following:
    I held the power button to shut it down and perform a hard restart, the problem would not go away.
    Tried clearing the PRAM, but since it was in the middle of the update reboot, it was busy and would not properly clear the PRAM. No chimes.
    I tried holding option to select the boot drive manually, but that did not work either.  I could not even get to the boot drive selection screen. Just the continued seeing prohibited sign.
    I was able to plug in my external hard drive and boot from that after multiple tries to use Disk Utility to restore my backup partition onto the internal SSD. Luckily, I frequently backup, so I didn't lose any data by being forced to wipe my SSD and restore my backup.
    This is on a 13" MBP 7,1 (Mid 2010) with an aftermarket Intel SSD and 8GB of aftermarket RAM. Had TRIM enabler installed and on when downloading and installing the update. Is that the cause? After researching this and coming up with no solution, I discovered this security update seems to change the kernel. Is this kernel change conflicting with TRIM enabler? What causes this hanging problem when attempting to update? I have done multiple "Computer must restart to install changes" updates on this SSD in the past without this problem happening.

    I don't know enough to explain it. I've read that you need to disable TRIM before upgrading to Yosemite. And disable it before doing updates. Updating may not always cause problems, but you never know till it happens. Enabling TRIM disables Apple's security measures built in and this may be why a Security Update affected it.
    Here is one article on TRIM with Yosemite:
    https://www.cindori.org/trim-enabler-and-yosemite/

  • Getting audit error message while installing oracle with different user

    Hi All,
    I was trying to install oracle 10.2.0.4 on Sun OS.
    my oracle binaries owner was like you can "ABC"
    i was trying to create another database from user like "DEF" using the same oracle binaries.
    MY DBF user is members os same dba group from where ABC belongs
    I got some audit error.
    plz help if any body faced this problem in the past.

    anubhavsingh wrote:
    Hi All,
    I was trying to install oracle 10.2.0.4 on Sun OS.
    my oracle binaries owner was like you can "ABC"
    Why not "oracle" as the owning user account? That is the universal standard.
    i was trying to create another database from user like "DEF" using the same oracle binaries.
    Why a different user? And how were you trying to create the database? DBCA? sqlplus with a CREATE DATABASE script?
    MY DBF user is members os same dba group from where ABC belongs
    I got some audit error.
    Too bad you didn't think reporting the actual error might be helpful.
    plz help if any body faced this problem in the past.

  • Auto-installing McAfee with Flash?  Shame on you, Adobe.

    As a longtime Adobe product user (Photoshop 3 through today, After Effects, Premiere and now CC subscriber) I was extremely disappointed and appalled when Adobe Flash Update installed McAfee without asking me.  I was so surprised, I went back to reinstall on another machine to see if I had missed a pre-checked box.  Guess what - no option to skip the McAfee on this update.
    I have seen (and unchecked) the McAfee box in the past.  This time, it didn't ask.
    This is not how reputable software companies do business Adobe.  I expect better form you!
    There should never be software that is installed by default, just as "options" that many people avoid for secuirty reasons (like the check box for keep me signed in) should NEVER be checked by default.
    If you want to stop developing Flash, or charge for it, fine.  But do not place programs on  my computer that I did not ask for.
    Shame on you, Adobe.  Shame on you.

    As already pointed out there is nothing we can do here to help you but
    if you were after alternatives or what economists call substitute
    products then clearly Microsoft is the best.  They have almost
    everything Adobe has and their products are relatively less expensive
    than Adobe's.
    Whether you like these alternatives is a different story altogether but
    alternatives they are and there are others out there if you look for
    them.  Search for Open Source products (free products) and you will be
    surprised what you get.
    Good luck.

  • Installing itunes with multiple users

    I recently purchased a nano. However, there are three oher people in my house with an ipod. When I go to install the itunes under my windows username the installation wizard asks me if I would like to erase or clear itunes and completely uninstall. I am worried that all of the songs on the other three ipods will be erased. Does anyone know how to setup my ipod without starting over?

    This should help:
    iTunes: How to share music between different accounts on a single computer
    Note that when it says "publicly accessible location", it needs to be a place where everyone has read and write access. The most common such place is the Shared folder in the Users folder.

  • Mac app store not auto installing updates

    I've set my mac to install app updates automatically, but it just keeps saying that there is an available update but doesn't install it.
    Can anyone help me with getting my mac to install it automatically?

    did try that and it didn't work

  • Need backup solution with zero user interaction

    Good Day.
    I'm putting together a external/offsite backup solution for a client that runs OSX10 Server on a Mac Mini.
    Their data is on a Promise SAN, and they currently back up via software daily to an externally attached 4TB Drive.
    The big problem is that each day, a user comes in and removes "yesterday's" external drive to give it to the courier who stored it offsite, then they plug in the drive for "today's" backup. Neither the user nor the courier has access to log in to the server to unmount the external drive. Many times, this leaves the external drive in a corrupted state and unusable.
    I'm not allowed to give the user of the courier access to the server, and attempts to schedule or script the unmounting of the drives have been troublesome.
    I'd like to know if there's a solution out there, possibly an external chassis with removable drives or something similar that can be used to allow for easy removal of the drives to offsite storage that would not require an actual unmounting of the drive.
    All advice is appreciated.

    What software are you currently using to do backups?
    Not that it will help, but if you were backing up to an external optical drive e.g. DVD or Blu-Ray then they have a physical eject button which would tidily eject the media, unfortunately hard disks and even hard disk docks do not work the same way.
    Something that might help would be if whatever backup solution you used was able to work on a Mac that did not need to be logged in as a user, in other words that ran as a Unix style background process. This would mean that as no user is logged in the Finder would not be active and this would reduce but not eliminate the avenues for corruption.
    Again it will probably not help you but a different approach used by many is to backup over a WAN or Internet link to another site, with this approach your backup media is already offsite and you don't need to eject it to transport it. This does of course rely on a decent speed link in both directions so as to both allow backups and restores.
    Something else to consider, if you used a separate dedicated Mac for doing the backups rather than a server then you could consider giving the courier access to the backup machine without having to give access to a server. If you use encrypted disk images on the backup drive then even with access to the backup machine it maybe possible to still prevent their access to data on it.

Maybe you are looking for

  • Spaces ctrl-arrow and cmd-tab no longer works after screensaver is active

    MacBook 13", running 10.5.8 When the macbook boots up, these work fine, but once the screen saver comes on, none of these shortcut keys works any longer. Searched for this problem, and found a couple of suggested solutions, including removing the scr

  • Attach Forms With Comm Port in Oracle Forms

    I am trying to make connection of Oracle forms Builder with my device using comm port but i dnt know the complete procedure to attach the comm with oracle forms also i have no idea to convert asquii data to normal form.Please any one help me to attac

  • CS 5.5 Premiere Pro - Why no GPU acceleration to choose

    Normalyy there should be the possibility to choose two options of video rendering and playback when starting a new project. As I use a NVDIA GTX470 which is on the gpu accerleration list of graphic cards on adobe homepage I guess I should have the po

  • A lot of CALL_FUNCTION_OPEN_ERROR in production environment

    Hello We have a lot of CALL_FUNCTION_OPEN_ERROR in our production environment. An error occurred when executing a Remote Function Call. "Protocol error when communicating with SAPGUI." Status of connection.... "RFC DRV=GUI INPUT" Internal error code.

  • How to enter QuickTime Pro registration key in Windows 7?

    I purchased a registration key for QuickTime Pro, but I'm not sure where to enter it on my Windows 7 machine. I have found these directions: http://www.apple.com/quicktime/pro/unlock-win7.html But that's for another version of Windows (XP? Vista?). W