Software Management Group

Good morning,

We've just discovered something that's very strange and I'm curious if anyone else has had this happen.   We recently started using Patch Management for Google Chrome back in August.  Since then, the process has been the same as it always has until we realized that the old policies are gone.

While investigating, it looks like every single Google Chrome patch is named "GoogleChromeStandaloneEnterprise.msi"

Is it possible that these patches are being destroyed because the name of the software resource is identical?

Thanks

PSG

Hi,

We have not introduced the Chrome in Patch Management. But what I spotted duding evaluation is regardless of the Chrome version scheduled to patch it always installed the latest version.

Example 1

Chrome 31 installed on client. Deployed Chrome 35 via PM. The version installed on agent was the latest one at the time that is Chrome 37. The expected version installed on client was 35, not 37.

Example 2

Chrome 35 installed on the client. Deployed Chrome 36 via Patch Management. The version installed on agent was the latest one at the time that is Chrome 37. The expected version installed on client was 36 not 37.

My conclusion was. Regardless of the bulletin included in the policy it always installs the latest version of Chrome browser. Since we have not gone for Chrome in the production I never reported it to the Symantec.

Not sure where the problem is. Is  it metadata in PM import or it is Google's download servers ?

I did not observe disappearing policies though.

regards,

Tomasz

chrome will attempt to patch itself unless you disable this (we do through GPO).

We have deployed Chrome 34x but would like to use Patch Management to perform the upgrades. The command line in "patch" is a full silent install and does not upgrade the existing application. What is required in order to user Patch Management to keep the version update?

did you push out Chrome Enterprise version or just regular standalone?  I've noticed users who downloaded Chrome themselves who weren't admins (so install doesn't go into Program files), don't get upgraded by patch.

If we uninstall and reinstall using the enterprise installer, then they stay up to day.

We deployed the Enterprise version via Software Management. We have, however, disabled the autoupdate from Chrome via Group Policy. The intent is that we will be responsible to manage the versions rather than let Google do it whenever they choose. I expected that since Chrome is part of Patch Management that we could use PM to upgrade. It appears that it is only good for installing a fresh version. It also appears that we would have to use a software policy to uninstall the current version before the new would go in.

This different from the MS updates. Java is made to run over the top of earlier versions so that is not a problem. Unless I am missing something, we cannot use PM to update existing Chrome installations. Can someone shed some light on this?

We update Chrome via PM, disabling auto update at GPO.

Did you check your Chrome PM policy, the advanced tab, is it green or red?

If red, it's disabled because you have PM set to disable superseded updates.  This happens often for me in Chrome... new ones come out few times a week sometimes it seems.

Right now I'm pushing Chrome 113 with CMS 7.5.  If you're trying to push out older version than that, it won't ever go out unless you change that PM setting to not disable superseded updates.

I tested 113 yesterday and it was green but the task failed. It looks like 114 came out overnight so 113 is now red. I have staged a new policy for 114 but the command line is the same. I will test it.

While we did install the Enterprise version, I will try installing an earlier PM version and see if there is a difference in what we got from Google and Symantec's version.

Is the command line for a clean install the same as for an upgrade?

Sorry i was misunderstanding the task was running but failing.

If the client is downloading it - look in this folder for the msi (sort by date and look in the newest folders for it) and run it manually on a computer that it failed on (not silently).  Maybe it will give you a clue why it's failing?

C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery

It looks like there is a problem with the Group Policy. I moved the computer to another OU that does not have the Google Update policies and the PM task ran successfully. I need to figure out what is wrong.

So it looks like the PM process does work and the fault is with my GPO policy. Thanks for responding.

Greg, 

Are you using the default ADM template from Google?