I recently posted an article on using Microsoft System Center Essentials with Shavlik SCUPdates to patch 3rd party software. I’m now a few weeks into using SCE and SCUPdates and I have to say I’ve come across one very annoying issue where sometimes multiple versions of a program/update are deployed to a system when in fact a single, or perhaps a patch and a roll-up, would suffice. Sometimes even a fully patched client may ‘decide’ that it requires a previous patch, when in fact it doesn’t.
The example I use here is based on the Adobe Flash ActiveX plugin. The changes are applied on an update file basis (i.e. you’ll need to deploy and customise for each update – generally just a change of version numbers in the rule field – shown below). I’m using Microsoft System Center Updates Publisher to make these alterations.
This example basically checks the registry of the client system to see if flash player is installed on the system with version number 10.1.82.76 or higher. If a version does exist then SCE will assume the client system has the relevant patches and won’t attempt to install this update.
The process is as simple as this:
1. Open System Center Updates Publisher
2. Locate the update (in this case flash ActiveX plugin)
3. Double click on the update and click on the next button until you reach the ‘Define installed rules’ window
4. Click on the + button to add a new rule (you may even be able to fine tune the default rule if you wish)
n.b the rule I create here is basically checking a string value in the specified reg key to compare version numbers. Rules aren’t limited to checking reg keys as many more options such as file names, dates, paths and even WMI can be used.
5. Select ‘Create Basic Rule’
6. Enter the following in the registry path field: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallAdobe Flash Player PluginDisplayVersion
7. Check the box to use 32-bit registry (this is assuming you are)
8. Select ‘Greater than or equal to’ from the comparison field
9. In the version field enter the version number of the product for which this rule is being created, i.e. 10.1.82.76
Save all changes and then publish this update so that it can be deployed using SCE.
When a system is scanned you’ll now notice that only clients without the current patch (or previous patches) will be prompted to install the update. Any issues you may have previously had with a fully updated client stating that an older patch was required should now be obsolete.