3 Replies Latest reply on Oct 16, 2017 12:32 PM by Hugues

    Chrome Updating - Enterprise

    MorTech Rookie

           Hello Everyone,

       

      I'm currently working on a strategy on updating Google Chrome in our enterprise.  We currently have around 6000 devices and Chrome and IE are the 2 browsers we support for our enterprise applications.  With that said, we turn off Auto Updates to Chrome so we can test it before rolling it out to all of our devices.  These updates are turned off through a couple of commands that disable the google update services. 

       

      sc config "gupdatem" start= disabled

       

      sc config "gupdate" start= disabled

       

      The Chrome update process is as followed:

       

      1. Chrome Installation starts

      2. If a user is in Chrome, a new_chrome.exe is created and when the browser is closed the google update service will make the proper renames of the executable(s).

      3.  Since we have Google Update services turned off, that rename never takes place, which leaves them using an older version of the application until the next update.

       

      We reached out to Google and they gave us a solution:

      ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      Issue - The setup.exe tries to replace chrome.exe during install, instead of aborting with an error code if the exe is already in use, it uses its own logic to dump a 'new_chrome.exe' beside the in use chrome.exe.  When the user drops the instances of chrome.exe and re-opens, the logic between chrome.exe and googleupdate.exe see this new_chrome.exe and attempt to overwrite the chrome.exe with new_chrome.exe. Using the credentials of the non-administrator who just fired it, causing the UAC prompt.

       

      Solution/workaround -

       

      Using command script

      1. Install the MSI

      2. Delete any old_chrome.exe if it exists.

      3. If new_chrome.exe exists, rename chrome.exe to old_chrome.exe (yes, you can rename an in use exe file)

      4. Rename new_chrome.exe to chrome.exe

      5. Using movefile.exe from pstoolkit, schedule a rename of new_chrome.exe to chrome.exe and a deletion of old_chrome.exe

      ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      The problem with Google's solution is that, after renaming the chrome.exe to old_chrome.exe, users are unable to go to another website.  Links from within the website work, but you're not able to type another website in the browser until you close and re-open.

       

      I was hoping on suggestions or possibly other solutions on what other businesses are doing to update their Chrome.  We can't be the only company that's has the auto updating turned off.

       

      Any thoughts or suggestions would be greatly appreciated.

       

      Thanks,

      Jamie

        • 1. Re: Chrome Updating - Enterprise
          michael.odriscoll SupportEmployee

          Hi Jamie,

           

          Thanks for posting to the Community.

           

          Please share any further updates here. It might be worth searching our Advice Center

           

          Michael

          • 2. Re: Chrome Updating - Enterprise
            Hugues Rookie

            Hello,

             

            We have applied a GPO that disables Google Update which works fine because the user is not able to update Google Chrome

             

            The GPOs are:

                 HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Google \ Update

            • AutoUpdateCheckPeriodMinutes   REG_DWORD 0  ( Auto-update check period override = Disabled)
            • InstallDefault REG_DWORD 0  (Allow installation default = Disable )
            • UpdateDefault REG_DWORD 0  (Update policy override default = Enabled)

             

            When the update is deployed (WSUS/SCCM) , during the installation, the update deletes the entire key from:

                 ... Google \ Update

             

            So if there is a new version available on Google Update, then it is installed, because the GPOs have been deleted by the update.

             

            We tested it several times with the same result. If we run a gpupdate / force then the keys are reapplied.

             

            I am convinced that we are not the only ones to have this problem and I am wondering what solution companies have applied to counter this issue.

             

            Thank you for your help

            • 3. Re: Chrome Updating - Enterprise
              Hugues Rookie

              Hello Jamie,

               

              You can control Google Update by GPO, if you have a Windows Domain.

               

              Let me know if you want the solution

               

              Regards