A common issue that administrators face when managing the software update process involves situations in which:
- An application was originally installed with customized settings;
- The vendor releases an update to the application in the form of an installation that installs a completely new version of the application rather than just incrementally updating just those files that are affected by a security vulnerability or bug
In such cases, the update packages created by application vendors often are not sophisticated enough to preserve the customizations that were made when the application was originally installed.
For example, an adminstrator may roll out Adobe Reader 9.4.0 using the .MSI provided by the vendor together with an .MST transform file that customizes the application's settings (e.g. turning off the auto-update feature). If the administrator later uses the Patch Management Solution to update computers to Adobe Reader 9.5.0 using the update package provided by the vendor, customizations to the application settings will be overwritten (e.g. the auto-update feature will be turned on after Adobe Reader 9.5.0 is installed). This is because:
- Adobe packaged the update to Reader 9.5.0 as an MSI that installs a completely new version of the application rather than releasing an MSP patch that just makes incremental updates to the application; and
- The MSI for Reader 9.5.0 is not intelligent enough to preserve the configuration settings for previously installed versions of the software
In order to preserve such customizations of this nature, it may be necessary for administrators to do such things as creating a custom command line to install the update and adding additional files (e.g. a transform file) to the update package. For more details on the above example, please see article TECH201229 in the Knowledgebase: http://www.symantec.com/business/support/index?page=content&id=TECH201229
Please note that this KB article is only intended to serve as an example illustrating how one particular setting for one specific application can be preserved when distributing an update that installs a completely new version of an applciation.
The method for preserving customizations will differ from one application to the next and may depend on the particular customization that was made when originally installing the application. It may be possible to preserve some customizations by simply making changes to the command line used to install an update without having to add additional files to the update package. For example, some packages are constructed in such a way that it is possible to automate acceptance of the End User License Agreement via the command line used to install the application, so that the EULA does not get displayed the first time that an end user opens the application.
Because the customizations that each organization makes to application settings are likely to differ, it is not feasible for Symantec to provide an "out of the box" solution to situations of this nature. In order to ensure that software updates do not overwrite customizations to application settings, administrators need to be cognizant of the customizations that were made when originally installing applications in their environment, understand how such customizations are made (e.g. via command line or transform file), and be aware of how the Patch Management Solution can be configured to ensure that such customizations are preserved when installing software updates.
This may seem like a lot of work, but this burden can be significantly reduced if those in this community will pool their efforts by sharing their knowledge and expertise with one another. I strongly encourage each of you to use this group to share your experiences with respect to such things as:
- Specific updates that install a completely new version of an application and overwrite customizations to application settings; and
- The methods used to make changes to application settings that are commonly customized (e.g. turning off the auto-update feature or the display of the EULA)