Difference between revisions of "Google Chrome"
(Oops, half the page got lost by mistake) |
m (→Update policy override policy: Improve description) |
||
Line 51: | Line 51: | ||
==== Update policy override policy ==== | ==== Update policy override policy ==== | ||
− | Prevent updates for specific application(s), using the "Update policy override" policy for that specific application, as defined by its <AppID>: | + | Prevent updates for specific application(s), using the "Update policy override" policy for that specific application (in our case the specific version of Chrome), as defined by its <AppID>: |
HKLM\SOFTWARE\Policies\Google\Update\Update<AppID>=REG_DWORD:0 | HKLM\SOFTWARE\Policies\Google\Update\Update<AppID>=REG_DWORD:0 |
Revision as of 14:22, 7 November 2013
Chrome is a web browser from Google. You can download the current stable version in an MSI installer, Chrome for Business, from http://www.google.com/chrome/eula.html?msi=true&platform=win or http://www.google.com/intl/en/chrome/business/browser/.
From Wikipedia: "In December 2010 Google announced that to make it easier for businesses to use Chrome they would provide an official Chrome MSI package. For business use it is helpful to have full-fledged MSI packages that can be customized via transform files (.mst) - but the MSI provided with Chrome is only a very limited MSI wrapper fitted around the normal installer, and many businesses find that this arrangement does not meet their needs. The normal downloaded Chrome installer puts the browser in the user's local app data directory and provides invisible background updates, but the MSI package will allow installation at the system level, providing system administrators control over the update process — it was formerly possible only when Chrome was installed using Google Pack. Google also created group policy objects to fine tune the behavior of Chrome in the business environment, for example setting automatic updates interval, disable auto-updates, a home page and to workaround their basic Windows design flaws and bugs if it comes to roaming profiles support, etc. Until version 24 the software is known not to be ready for enterprise deployments with roaming profiles or Terminal Server/Citrix environments."
Contents
[hide]Google Chrome 21
The Google Chrome installer (chrome_installer.exe) installs per-user. To install it system-wide (into the %PROGRAMFILES% directory), use Chrome for Business (GoogleChromeStandaloneEnterprise.msi).
Chrome shows an unrelated product version in Uninstall Programs, so the package definition checks only that it is present and then checks the actual version against chrome.exe.
Chrome can be updated while it's running, but the changes won't happen until the running process is closed.
<package
id="chrome"
name="Chrome"
revision="%version%"
reboot="false">
<variable name="version" value="21.0.1180.83" />
<variable architecture="x86" name="progfiles" value="%PROGRAMFILES%" />
<variable architecture="x64" name="progfiles" value="%PROGRAMFILES(X86)%" />
<check
type="uninstall"
condition="exists"
path="Google Chrome" />
<check
type="file"
condition="versionequalto"
path="%progfiles%\Google\Chrome\Application\chrome.exe"
value="%version%" />
<install cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChromeStandaloneEnterprise.msi"' />
<upgrade cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChromeStandaloneEnterprise.msi"' />
<remove cmd='msiexec /qn /x {24669440-71E7-3195-B311-D88EC4078099}' />
</package>
Disable Automatic Updates
See Auto-updates and Google Update for Enterprise.
Windows Registry
Update policy override policy
Prevent updates for specific application(s), using the "Update policy override" policy for that specific application (in our case the specific version of Chrome), as defined by its <AppID>:
HKLM\SOFTWARE\Policies\Google\Update\Update<AppID>=REG_DWORD:0
For example:
HKLM\SOFTWARE\Policies\Google\Update\Update{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}=REG_DWORD:0
Update policy override default policy
Prevent any application that uses Google Update from being automatically updated:
HKLM\SOFTWARE\Policies\Google\Update\UpdateDefault=REG_DWORD:0
WPKG
Update policy override policy
<package id="google-chrome-pol-no.update"
name="Google Chrome (Policy) - Disable updates"
revision="1"
reboot="false"
priority="1">
<depends package-id="google-chrome"/>
<variable name="PKG_KEY" value="HKLM\SOFTWARE\Policies\Google\Update"/>
<variable name="PKG_VALUE" value="Update{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}"/>
<variable name="PKG_DATA" value="0"/>
<check type="registry" condition="equals" path="%PKG_KEY%\%PKG_VALUE%" value="%PKG_DATA%" />
<install cmd='reg add %PKG_KEY% /v %PKG_VALUE% /d %PKG_DATA% /t REG_DWORD /f'/>
<upgrade include="install" />
<remove cmd='reg delete %PKG_KEY% /v %PKG_VALUE% /f'/>
</package>
Note for Remote Desktop Services
Windows Server 2008 R2 has a new feature called Windows Installer RDS Compatibility. This feature is enabled by default when using Remote Desktop Services and will cause some MSI installers to hang. When run through WPKG the install process will appear to never finish. When run with the same parameters from a command-line you'll see a Windows Installer dialog that asks you to wait and a progress bar that repeatedly completes and restarts. To successfully install Chrome on an RDS server you need to configure it using either:
Windows Registry
Create a key to disable this feature:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\TSMSI\Enable=DWORD:0
The keys TSAppSrv and TSMSI probably won't exist and need to be created.
Windows GUI
Start → control panel → install application on remote desktop → Browse to the MSI file listed above.
Start → Run → MMC.exe addin → Group Policy ObjectEditor \Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility – Turn off Windows Installer RDS Compatibility
Turn back on after you're done.
It is possible for this not to work if you changed the policy while it was installing saying "please wait..."; also, make sure users didn't install Chrome into their Windows profile (you can only see their Chrome in their own Add/Remove Programs).
Automated Updates of Chrome's WPKG Files
This is a VBScript we run on our WPKG server that downloads the current Chrome MSI, renames it according to the Chrome release number, and updates the package XML files accordingly. This greatly simplifies rolling out new versions of Chrome: we watch the Google Chrome Releases RSS feed, and anytime we see a stable channel update, we run our VBScript. It's been working since April, for Chrome releases 18 through 21.
update-chrome.vbs
' update-chrome.vbs -- stored in %SOFTWARE%\google-chrome
Option Explicit
Dim objFSO, objFile, strFileProperties, objShell, strChromePath, strChromeURL
Dim strVersion, objResult, strChromeFilename, objOleFile, arrComments
Dim strTemplateFilename, ForReading, ForWriting, strText
Dim strNewText
strChromePath = "L:\wpkg\software\google-chrome\"
strChromeFilename = "GoogleChromeStandaloneEnterprise.msi"
strTemplateFilename = "google-chrome-template.xml"
strChromeURL = "https://dl.google.com/edgedl/chrome/install/" & _
strChromeFilename
Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objOleFile = CreateObject("DSOFile.OleDocumentProperties")
objShell.CurrentDirectory = strChromePath
' wget downloaded from http://users.ugent.be/~bpuype/wget/
objResult = objShell.Run("wget --no-check-certificate " & strChromeURL, _
1, True)
If objFSO.FileExists(strChromePath & strChromeFilename) Then
' Grab version number. Requires Office installation, or DSOFile.dll
' from http://support.microsoft.com/kb/224351
objOleFile.Open(strChromePath & strChromeFilename)
arrComments = Split(objOleFile.SummaryProperties.Comments, " ", 2)
strVersion = arrComments(0)
objOleFile.Close
' Make a copy of the file
Set objFile = objFSO.GetFile(strChromePath & strChromeFilename)
objFile.Copy strChromePath & "GoogleChromeStandaloneEnterprise-" & _
strVersion & ".msi", True
' Delete the original file
objFile.Delete True
' Update package definitions
updateXML strTemplateFilename, _
"..\..\packages\google-chrome.xml" ' legacy tree
updateXML strTemplateFilename, _
"..\..\dev\packages\google-chrome.xml" ' dev tree
updateXML strTemplateFilename, _
"..\..\stable\packages\google-chrome.xml" ' stable tree
Else
MsgBox "Selected file does not exist!"
End If
Sub updateXML(strTemplateFilename, strPackageFilename)
' Update package definition
ForReading = 1
ForWriting = 2
Set objFile = objFSO.OpenTextFile(strTemplateFilename, ForReading)
strText = objFile.ReadAll
objFile.Close
strNewText = Replace(strText, "__VERSION__", strVersion)
Set objFile = objFSO.OpenTextFile(strPackageFilename, ForWriting)
objFile.WriteLine strNewText
objFile.Close
End Sub
google-chrome-template.xml
<!--
Thie file generated from %SOFTWARE%\google-chrome\update-chrome.vbs and google-chrome-template.xml
Manual edits to packages\google-chrome.xml will be overwritten.
-->
<packages>
<package
id="google-chrome"
name="Google Chrome"
revision="%version%"
reboot="false">
<variable name="version" value="__VERSION__" />
<variable architecture="x86" name="progfiles" value="%PROGRAMFILES%" />
<variable architecture="x64" name="progfiles" value="%PROGRAMFILES(X86)%" />
<check
type="uninstall"
condition="exists"
path="Google Chrome" />
<check
type="file"
condition="versionequalto"
path="%progfiles%\Google\Chrome\Application\chrome.exe"
value="%version%" />
<install cmd="taskkill /F /IM chrome.exe">
<exit code="any" />
</install>
<install cmd='msiexec /qn /norestart /i "%SOFTWARE%\google-chrome\GoogleChromeStandaloneEnterprise-%version%.msi"' />
<upgrade include='install' />
<remove cmd="taskkill /F /IM chrome.exe">
<exit code="any" />
</remove>
<remove cmd='msiexec /qn /x "%SOFTWARE%\google-chrome\GoogleChromeStandaloneEnterprise-%version%.msi"' />
</package>
</packages>
--Mwr 17:05, 10 August 2012 (CEST)
update-chrome-xml.sh
Just to get an idea how this can be done using bash scripting if your wpkg share is on linux using samba, here is my script which checks if there is a newer version of google chrome. Only then it copies the msi file and creates new xml file from template. It substitutes the __VERSION__ and __MSIKEY__ strings, which are extracted from the msi file. Seems like a quick hack to get the strings out of the MSI file, at least it works at the moment.
#!/bin/bash
# source: http://wpkg.org/Google_Chrome#Automated_Updates_of_Chrome.27s_WPKG_Files
#
MAINPATH=/srv/share/install
TMPPATH=$MAINPATH/temp
DESTPATH=$MAINPATH/packages/GoogleChrome
TEMPLATE=$MAINPATH/packages/Templates/googlechrome.xml
FILENAME=googlechrome.xml
TEMPFILE=$TMPPATH/$FILENAME
DESTFILE=$MAINPATH/packages/$FILENAME
DLFILE=GoogleChromeStandaloneEnterprise
DLSOURCE=https://dl.google.com/edgedl/chrome/install/$DLFILE.msi
cd $TMPPATH
rm $DLFILE.msi
/usr/bin/wget --no-check-certificate $DLSOURCE
RAWSTRINGS=`/usr/bin/strings $DLFILE.msi | /bin/grep -EC3 "^Installer$" | tr "\n" " " `
for k in ${RAWSTRINGS} ; do
unset SUBSTRING1; unset SUBSTRING2 ;
SUBSTRING1=`expr match "$k" '\([[:digit:].]\{12,16\}\)' `
if [ -n "${SUBSTRING1}" ] ; then
GCVERSION="$SUBSTRING1";
break
fi
done
for k in ${RAWSTRINGS} ; do
SUBSTRING2=`expr match "$k" '{\([[:alnum:]-]\{36\}\)}' `
if [ -n "$SUBSTRING2" ] ; then
GCMSIKEY=$SUBSTRING2;
break
fi
done
echo Version: $GCVERSION
echo Key: $GCMSIKEY
if [ -z "$GCVERSION" ] ; then
echo no version found
exit 2
fi
# create xml file from template
sed -e "s/__VERSION__/${GCVERSION}/" <$TEMPLATE | sed -e "s/__MSIKEY__/${GCMSIKEY}/" >$TEMPFILE
diff -wB $TEMPLATE $TEMPFILE >/dev/null
if [ $? -eq 0 ] ; then
# version not changed
echo string error
exit 1
fi
diff -wB $TEMPFILE $DESTFILE >/dev/null
if [ $? -eq 0 ] ; then
# no difference
echo not newer
rm $DLFILE.msi
exit 0
fi
echo copying files
mv $DLFILE.msi $DESTPATH/$DLFILE-$GCVERSION.msi
cp $TEMPFILE $DESTFILE
--Ftrojahn 12:09, 08 October 2013 (CEST)
Older Versions
Google Chrome 18
Chrome shows an unrelated product version in Uninstall Programs, so the package definition checks only that it is present and then checks the actual version against chrome.exe.
Chrome can be updated while it's running, but the changes won't happen until the running process is closed.
<package
id="chrome"
name="Chrome"
revision="%version%"
reboot="false">
<variable name="version" value="18.0.1025.162" />
<variable architecture="x86" name="progfiles" value="%PROGRAMFILES%" />
<variable architecture="x64" name="progfiles" value="%PROGRAMFILES(X86)%" />
<check
type="uninstall"
condition="exists"
path="Google Chrome" />
<check
type="file"
condition="versionequalto"
path="%progfiles%\Google\Chrome\Application\chrome.exe"
value="%version%" />
<install cmd="taskkill /F /IM chrome.exe">
<exit code="any" />
</install>
<install cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChromeStandaloneEnterprise-%version%.msi"' />
<upgrade cmd="taskkill /F /IM chrome.exe">
<exit code="any" />
</upgrade>
<upgrade cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChromeStandaloneEnterprise-%version%.msi"' />
<remove cmd="taskkill /F /IM chrome.exe">
<exit code="any" />
</remove>
<remove cmd='msiexec /qn /x {E59AB510-8AEA-36BC-91D5-B25791AD224F}' />
</package>
Google Chrome 16
Chrome shows an unrelated product version in Uninstall Programs, so the package definition checks only that it is present and then checks the actual version against chrome.exe.
Chrome can be updated while it's running, but the changes won't happen until the running process is closed.
Note that Windows Server 2008 R2 has a new feature called Windows Installer RDS Compatibility. This feature is enabled by default when using Remote Desktop Services and will cause some MSI installers to hang. When run through WPKG the install process will appear to never finish. When run with the same parameters from a command-line you'll see a Windows Installer dialog that asks you to wait and a progress bar that repeatedly completes and restarts. To successfully install Chrome on an RDS server you need to a registry key to disable this feature: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\TSMSI, add a DWORD called Enable set to zero. The keys TSAppSrv and TSMSI probably won't exist and need to be created.
<package
id="chrome"
name="Chrome"
revision="%version%"
reboot="false">
<variable name="version" value="16.0.912.77" />
<variable architecture="x86" name="progfiles" value="%PROGRAMFILES%" />
<variable architecture="x64" name="progfiles" value="%PROGRAMFILES(X86)%" />
<check
type="uninstall"
condition="exists"
path="Google Chrome" />
<check
type="file"
condition="versionequalto"
path="%progfiles%\Google\Chrome\Application\chrome.exe"
value="%version%" />
<install cmd="taskkill /F /IM chrome.exe">
<exit code="any" />
</install>
<install cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChromeStandaloneEnterprise-%version%.msi"' />
<upgrade cmd="taskkill /F /IM chrome.exe">
<exit code="any" />
</upgrade>
<upgrade cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChromeStandaloneEnterprise-%version%.msi"' />
<remove cmd="taskkill /F /IM chrome.exe">
<exit code="any" />
</remove>
<remove cmd='msiexec /qn /x {368673BE-F66E-3BB4-832C-8EAF0B4AF939}' />
</package>
Google Chrome 15
This is a silent installer and uninstaller for Google Chrome with support for 32-bit and 64-bit systems.
<package id="chrome" name="Google Chrome" revision="%version%" priority="20" reboot="false">
<variable name="version" value="15.0.874.120" />
<check type="uninstall" condition="exists" path="Google Chrome" />
<check type="logical" condition="or">
<check type="file" condition="exists" path="%PROGRAMFILES%\Google\Chrome\Application\11.0.696.57\nacl64.exe" />
<check type="file" condition="exists" path="%PROGRAMFILES(x86)%\Google\Chrome\Application\11.0.696.57\nacl64.exe" />
</check>
<install cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChromeStandaloneEnterprise.msi"' />
<upgrade cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChromeStandaloneEnterprise.msi"' />
<remove cmd="msiexec /qn /x {54DF35BD-4A36-35DA-B029-A0C083C88614}" />
</package>
Google Chrome 11
This is a silent installer and uninstaller for Google Chrome with support for 32-bit and 64-bit systems.
<?xml version="1.0" encoding="UTF-8"?>
<packages>
<package id="chrome" name="Google Chrome 11" revision="11.0.696.57" priority="20" reboot="false">
<check type="uninstall" condition="exists" path="Google Chrome" />
<check type="logical" condition="or">
<check type="file" condition="exists" path="%PROGRAMFILES%\Google\Chrome\Application\11.0.696.57\nacl64.exe" />
<check type="file" condition="exists" path="%PROGRAMFILES(x86)%\Google\Chrome\Application\11.0.696.57\nacl64.exe" />
</check>
<install cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChromeStandaloneEnterprise.msi"' />
<upgrade cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChromeStandaloneEnterprise.msi"' />
<remove cmd="msiexec /qn /x {54DF35BD-4A36-35DA-B029-A0C083C88614}" />
</package>
</packages>
Google Chrome 10
<?xml version="1.0" encoding="UTF-8"?>
<packages>
<package id="chrome" name="Google Chrome" revision="10.0.648.205" reboot="false" priority="2" >
<check type="uninstall" condition="exists" path="Google Chrome"/>
<check type="file" condition="exists" path="%PROGRAMFILES%\Google\Chrome\Application\10.0.648.205\nacl64.exe" />
<install cmd='%SOFTWARE%\chrome\chrome_installer.exe --system-level --do-not-launch-chrome'/>
<upgrade cmd='%SOFTWARE%\chrome\chrome_installer.exe --system-level --do-not-launch-chrome'/>
<remove cmd='%SOFTWARE%\chrome\chrome_installer.exe --uninstall --force-uninstall --system-level'/>
</package>
</packages>
Google Chrome 9
<?xml version="1.0" encoding="UTF-8"?>
<packages>
<package id="chrome" name="Google Chrome 9" revision="9.2.21854" reboot="false" priority="20">
<check type="uninstall" condition="exists" path="Google Chrome"/>
<check type="file" condition="exists" path="%PROGRAMFILES%\Google\Chrome\Application\9.0.597.94\nacl64.exe" />
<install cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChrome.msi"' />
<upgrade cmd='msiexec /qn /norestart /i "%SOFTWARE%\chrome\GoogleChrome.msi"' />
<remove cmd='msiexec /qn /x {54DF35BD-4A36-35DA-B029-A0C083C88614}' />
</package>
</packages>
Google Chrome 7.0
<?xml version="1.0" encoding="UTF-8"?>
<packages>
<package id="chrome" name="Google Chrome" revision="1" reboot="false" priority="2" >
<check type="uninstall" condition="exists" path="Google Chrome"/>
<check type="file" condition="exists" path="%PROGRAMFILES%\Google\Chrome\Application\7.0.517.41\nacl64.exe" />
<install cmd='%SOFTWARE%\chrome\chrome_installer.exe --system-level --do-not-launch-chrome'/>
<upgrade cmd='%SOFTWARE%\chrome\chrome_installer.exe --system-level --do-not-launch-chrome'/>
<remove cmd='%SOFTWARE%\chrome\chrome_installer.exe --uninstall --force-uninstall --system-level'/>
</package>
</packages>
Google Chrome 5.0
<?xml version="1.0" encoding="UTF-8"?>
<packages
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="../xsd/packages.xsd" >
<package id="chrome" name="Google Chrome" revision="1" reboot="false" priority="2" >
<check type="uninstall" condition="exists" path="Google Chrome"/>
<check type="file" condition="exists" path="%PROGRAMFILES%\Google\Chrome\Application\5.0.375.70\nacl64.exe" />
<install cmd='%SOFTWARE%\chrome\chrome_installer.exe --system-level --do-not-launch-chrome'/>
<upgrade cmd='%SOFTWARE%\chrome\chrome_installer.exe --system-level --do-not-launch-chrome'/>
<remove cmd='%SOFTWARE%\chrome\chrome_installer.exe --uninstall --force-uninstall --system-level'/>
</package>
</packages>