1 Reply Latest reply on Jun 20, 2017 3:18 AM by michael.odriscoll

    Chrome Updating - Enterprise

    MorTech Rookie

           Hello Everyone,


      I'm currently working on a strategy on updating Google Chrome in our enterprise.  We currently have around 6000 devices and Chrome and IE are the 2 browsers we support for our enterprise applications.  With that said, we turn off Auto Updates to Chrome so we can test it before rolling it out to all of our devices.  These updates are turned off through a couple of commands that disable the google update services. 


      sc config "gupdatem" start= disabled


      sc config "gupdate" start= disabled


      The Chrome update process is as followed:


      1. Chrome Installation starts

      2. If a user is in Chrome, a new_chrome.exe is created and when the browser is closed the google update service will make the proper renames of the executable(s).

      3.  Since we have Google Update services turned off, that rename never takes place, which leaves them using an older version of the application until the next update.


      We reached out to Google and they gave us a solution:


      Issue - The setup.exe tries to replace chrome.exe during install, instead of aborting with an error code if the exe is already in use, it uses its own logic to dump a 'new_chrome.exe' beside the in use chrome.exe.  When the user drops the instances of chrome.exe and re-opens, the logic between chrome.exe and googleupdate.exe see this new_chrome.exe and attempt to overwrite the chrome.exe with new_chrome.exe. Using the credentials of the non-administrator who just fired it, causing the UAC prompt.


      Solution/workaround -


      Using command script

      1. Install the MSI

      2. Delete any old_chrome.exe if it exists.

      3. If new_chrome.exe exists, rename chrome.exe to old_chrome.exe (yes, you can rename an in use exe file)

      4. Rename new_chrome.exe to chrome.exe

      5. Using movefile.exe from pstoolkit, schedule a rename of new_chrome.exe to chrome.exe and a deletion of old_chrome.exe


      The problem with Google's solution is that, after renaming the chrome.exe to old_chrome.exe, users are unable to go to another website.  Links from within the website work, but you're not able to type another website in the browser until you close and re-open.


      I was hoping on suggestions or possibly other solutions on what other businesses are doing to update their Chrome.  We can't be the only company that's has the auto updating turned off.


      Any thoughts or suggestions would be greatly appreciated.