Deploying Java and Adobe Reader via Group Policy

Java:

Firstly download the latest Java Windows offline installer here.

Run the installer, and wait for the Welcome screen to appear. Next, navigate to the following directory, where USER_NAME is the name of the logged on user, and jre_VERSION is the name of the version of Java that you have just extracted:

C:\Users\USER_NAME\AppData\LocalLow\Sun\Java\jre_VERSION

In this folder you will find an msi file and a data.cab file. Copy the jre_VERSION folder to you network deployment point, and then add the msi file path to a new package in the software installation section of the Group Policy Object (GPO) that you wish to deploy Java to.

 

Adobe Reader:

Simple Method:

Download the most recent MSI file from ftp://ftp.adobe.com/pub/adobe/reader/win and deploy that to a new package in the software installation section of the GPO that you wish to deploy to e.g. AdbeRdr11000_en_US.msi. Note that Adobe only issue MSI files for the major releases e.g. 11.0.00.

Complex Method

This method includes how to patch the MSI file of the major release outlined in the simple method to include all the latest security patches. Firstly download the MSI file for the major release which you want to patch and place it in a folder on your computer e.g. C:\ADOBEREADER

Next download the .exe file for the update version which you want to patch to e.g. 11.0.01 from ftp://ftp.adobe.com/pub/adobe/reader/win and extract the contents using the following command, where _VERSION is the version number of the file you downloaded:

AdbeRdr_VERSION_en_US.exe -nos_ne

e.g. AdbeRdr1101_en_US.exe -nos_ne

This will extract the contents of the .exe file to a subfolder in the C:\ProgramData\Adobe\Setup folder. Copy the .MSP file contained in this folder to the C:\ADOBEREADER folder you created earlier. From the command prompt navigate to the C:\ADOBEREADER folder and run the following command where MSI_VERSION is the version of the MSI file that you are updating and PATCH_VERSION is the version of the patch that you are applying :

msiexec /a AdbeRdr_MSI_VERSION_en_US.msi /p AdbeRdr_PATCH_VERSION.msp

e.g. msiexec /a AdbeRdr11000_en_US.msi /p AdbeUpd11001.msp

Click through the steps of the installer, and then click finish. Your .msi file has now been patched

Finally, copy your new patched msi file to your network deployment point and create a new package in the software installation section of the GPO which you wish to deploy Adobe Reader to.

References:

How do I deploy Java using Active Directory across a network?

How to extract an MSI file from the EXE for Adobe Reader

Advertisements

Manually installing updates on VMware vSphere 5.x using esxcli

I recently had a situation where i needed to manually update a VMware vSphere 5.0 U1 host rather than using update manager in vCenter. To do this I performed the following steps:

Firstly, put the host into maintenance mode, by either shutting down or moving VMs off the host first, and then right clicking the host and choosing ‘Enter Maintenance Mode’.

Next, temporarily enable SSH on the host. To do this you need to start the SSH service, which can be found under ‘Configuration’, then ‘Security Profile’. Once on the ‘Security Profile’ screen, click properties under ‘Services’

Modify the SSH service properties under 'Security Profile'

Modify the SSH service properties under ‘Security Profile’

On the Service Properties screen highlight the SSH service and click the ‘Options’ button:

Start the SSH service on your ESXi 5 host

Start the SSH service on your ESXi 5 host

Click ‘Start’ to start the SSH service. On the ‘Options’ screen you can also choose whether to have the SSH service start and stop automatically with the host. This may be more convenient, but is not a great idea from a security perspective, so it is better to start and stop the service manually when you need it.

warning

Note that when the SSH service is running a warning logo will appear against your host in vCenter to alert administrators to this fact. Once SSH is running you will need to use WinSCP to upload the patch you wish to install to one of the datastores on your host. If you don’t already have it installed on your workstation download and install WinSCP. Then log in to your host using WinSCP and and creating a folder on one of your datastores called ‘Patches’. Next, download the relevant patch from the VMware downloads web page, and then copy the patch to the newly created ‘Patches’ folder on your host.

Create a folder and upload patches using WinSCP

Create a folder and upload patches using WinSCP

Close WinSCP, and fire up an SSH session to your host using Putty. Log in, and then run the following command where YOUR_DATASTORE is the name of the datastore where you stored the patches, and PATCH_NAME.zip is the name of the patch that you want to install

esxcli software vib install -d /vmfs/volumes/YOUR_DATASTORE/Patches/PATCH_NAME.zip

PLEASE NOTE: If your host is installed using custom drivers for either your storage controller or network cards you need to use the ‘update’ command rather than the ‘install’ command to prevent your custom drivers being overwritten. Failure to do this may temporarily cause you problems on your first reboot after installing the patch. On the second reboot of your host the patch will be uninstalled revert to your originally installed VMware version. For more info see here. This was relevant in my case as I was using a custom install of ESXi 5.0 U1 with an Adaptec 6805E RAID card.

esxcli software vib update -d /vmfs/volumes/YOUR_DATASTORE/Patches/PATCH_NAME.zip

Here is a screenshot of the update process before:

Running the esxcli software vib update command

Running the esxcli software vib update command

And after. Note that using the update command will show you which VIBs have been updated, which have been removed, and which have been skipped:

Patch installation result

Patch installation result

Once the patch is installed simply issue the reboot command to reboot the host

reboot

Once your host has rebooted verify the new version number in vCenter. Your update is complete.

References:

esxcli software command reference