Adobe is well known for it’s security vulnerabilities and it’s therefore very important to included their updates in your Patch Tuesday schedule.
I asked on Twitter what automated tools people where using to patch, and the replies where Choco, PDQ Deploy, NinitePro and Adobe Updater.
I started out my testing using Adobe Reader DC 2015.007.20033.02 and then patching it with the MSP file provided by Adobe. By accident I stumbled upon this link which contains both the updated installer and the patch file. The release notes can be found here for the Continuous Track.
So as part of my Patch Tuesday routine I find the latest versions of Google Chrome, Mozilla Firefox, Office 365 and Adobe Reader and then simple update my installer scripts with new $URL and $Version.
Updated 13/09/2018
Thanks to my Powershell mentor Bronson Magnan we now have an evergreen automatic download of the latest Adobe Reader version. Community Rocks.
Updated 07/03/2019
During one of my recent Consulting Services we discovered that many applications didn’t install as expected. After some troubleshooting we discovered that “someone” had enabled a logon prompt to get internet access. The work around issue following these instructions.
With that in mind and the case that the Adobe FTP site is VERY UNSTABLE (see comments below) we came up with a backup solution to install latest known version from the local repository in case the internet connection or site is down. The script below have been updated to reflect these changes.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
# Bronson Magnan - https://twitter.com/CIT_Bronson - This will download the Adobe Stuff $ftp = "ftp://ftp.adobe.com/pub/adobe/reader/win/AcrobatDC/" # We have to use .NET to read a directory listing from FTP, it is different than downloading a file. # Original C# code at https://docs.microsoft.com/en-us/dotnet/framework/network-programming/how-to-list-directory-contents-with-ftp $request = [System.Net.FtpWebRequest]::Create($ftp); $request.Credentials = [System.Net.NetworkCredential]::new("anonymous", "password"); $request.Method = [System.Net.WebRequestMethods+Ftp]::ListDirectoryDetails; [System.Net.FtpWebResponse]$response = [System.Net.FtpWebResponse]$request.GetResponse(); [System.IO.Stream]$responseStream = $response.GetResponseStream(); [System.IO.StreamReader]$reader = [System.IO.StreamReader]::new($responseStream); $DirList = $reader.ReadToEnd() $reader.Close() $response.close() # Split into Lines, currently it is one big string. $DirByLine = $DirList.split("`n") # Get the token containing the folder name. $folders = @() foreach ($line in $DirByLine ) { $endtoken = ($line.split(' '))[-1] #filter out non version folder names if ($endtoken -match "[0-9]") { $folders += $endtoken } } # Sort the folders by newest first, and select the first 1, and remove the newline whitespace at the end. $currentfolder = ($folders | sort -Descending | select -First 1).trim() # PowerShell Wrapper for MDT, Standalone and Chocolatey Installation - (C)2015 xenappblog.com # Example 1: Start-Process "XenDesktopServerSetup.exe" -ArgumentList $unattendedArgs -Wait -Passthru # Example 2 Powershell: Start-Process powershell.exe -ExecutionPolicy bypass -file $Destination # Example 3 EXE (Always use ' '): # $UnattendedArgs='/qn' # (Start-Process "$PackageName.$InstallerType" $UnattendedArgs -Wait -Passthru).ExitCode # Example 4 MSI (Always use " "): # $UnattendedArgs = "/i $PackageName.$InstallerType ALLUSERS=1 /qn /liewa $LogApp" # (Start-Process msiexec.exe -ArgumentList $UnattendedArgs -Wait -Passthru).ExitCode Clear-Host Write-Verbose "Setting Arguments" -Verbose $StartDTM = (Get-Date) $Vendor = "Adobe" $Product = "Reader DC" $PackageName = "AcroRdrDC" $Version = "$currentfolder" $InstallerType = "exe" $Source = "$PackageName" + "." + "$InstallerType" $LogPS = "${env:SystemRoot}" + "\Temp\$Vendor $Product $Version PS Wrapper.log" $LogApp = "${env:SystemRoot}" + "\Temp\$PackageName.log" $Destination = "${env:ChocoRepository}" + "\$Vendor\$Product\$Version\$packageName.$installerType" $UnattendedArgs = '/sAll /msi /norestart /quiet ALLUSERS=1 EULA_ACCEPT=YES' $ProgressPreference = 'SilentlyContinue' Start-Transcript $LogPS | Out-Null Write-Verbose "Checking Internet Connection" -Verbose If (!(Test-Connection -ComputerName www.google.com -Count 1 -quiet)) { Write-Verbose "Internet Connection is Down" -Verbose } Else { Write-Verbose "Internet Connection is Up" -Verbose } Write-Verbose "Writing Version Number to File" -Verbose if (!$Version) { $Version = Get-Content -Path ".\Version.txt" } Else { $Version | Out-File -FilePath ".\Version.txt" -Force } if( -Not (Test-Path -Path $Version ) ) { New-Item -ItemType directory -Path $Version | Out-Null $Version | Out-File -FilePath ".\Version.txt" -Force } CD $Version If (!(Test-Path -Path $Source)) { Write-Verbose "Downloading $Vendor $Product $Version" -Verbose $EXEDownload = "$($ftp)$($currentfolder)`/AcroRdrDC$($currentfolder)_en_US.exe" $filename = ($EXEDownload.split("/"))[-1] wget -uri $EXEDownload -outfile $Source } Else { Write-Verbose "File Exists. Skipping Download." -Verbose } Write-Verbose "Starting Installation of $Vendor $Product $Version" -Verbose (Start-Process "$Source" $UnattendedArgs -Wait -Passthru).ExitCode Write-Verbose "Customization" -Verbose Unregister-ScheduledTask -TaskName "Adobe Acrobat Update Task" -Confirm:$false Set-Service AdobeARMservice -StartupType Disabled Write-Verbose "Stop logging" -Verbose $EndDTM = (Get-Date) Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose Stop-Transcript | Out-Null |
That’s it. If in doubt you can always use the built in Adobe Updater (as Administrator) to check the status.
Again, very nice work! Keep these coming!
If you’re looking for more suggestions, we apps such as Notepad++, Zoom, Zoom Plugin for Outlook, Slack, and Java.
Thanks!
Thanks Chris, will look into Java first.
Not working for me today, getting a whole load of what looks like path errors (I’m not a powershell person, so not quite sure whats going wrong here)
https://pastebin.com/udYyF51f
Hi John, this is correct, they’ve stopped publishing the exe for the last 2 releases. So I’ll modify the script and use the available MSP file instead.
They added the EXE in the latest release, so now it will work.
I use a MST file to transform and add some options to the adobe installer.
Is there a way to incorporate that into your script?
I’m seeing
Method invocation failed because [System.Net.NetworkCredential] does not contain a method named ‘New’.
At line:9 char:1
Thoughts?
No need, it works as is, what OS and PowerShell version are you on?
Doesn’t seem to be working…
Powershell version: 5.1
Windows 10: 1803
Thanks, they just change the link, please try again
Powershell is blocked in our Environment:( Still Very Useful Post
Thank you
Awesome script. Looks like adobe hasnt pushed the lastest exe though. Any thoughts on how to get around this? Can the script look for the last version with an exe?
Thank you!
That’s the problem with the .exe vs .msi which they have .msp for. Please you the new Evergreen – https://github.com/aaronparker/Evergreen
Why use another program just to deal with the MSP file? I updated your script to work with MSP files, download here
https://pastebin.com/TwuDzCQc
This is awesome. Great job on the script. I tested this on a new Windows 10 install but it failed to install Adobe Reader DC.
I’m not a scripting person so this may be a dumb question. Is this only for updating Adobe Reader DC latest version “IF” it is already installed? I am only interested in using a script to download AND INSTALL a newer version. I already having a patching RMM so don’t necessarily need the absolute latest version.
I like the msp version of the script but that seems to only be for updating an existing installation of Adobe Rdr DC.
Thanks in advance.
This is both for new and update. Please share errors
At Adobe, ftproot = httproot. Once you’ve extrapolated the data from FTP to get the latest version, simply change ftp:// to http://. Example:
ftp://ftp.adobe.com/pub/adobe/reader/win/AcrobatDC/2000920063/AcroRdrDC2000920063_en_US.exe
Is the same as…
http://ftp.adobe.com/pub/adobe/reader/win/AcrobatDC/2000920063/AcroRdrDC2000920063_en_US.exe
Except that the HTTP link is much more stable and much faster.
Please submit ticket here > https://github.com/aaronparker/Evergreen
Change:
$EXEDownload = “$($ftp)$($currentfolder)
/AcroRdrDC$($currentfolder)_en_US.exe"
To:
$EXEDownload = "$($ftp.replace("ftp://","http://"))$($currentfolder)/AcroRdrDC$($currentfolder)_en_US.exe”
But sadly the ftp does not include the latest updates anymore…
Check Evergreen in the PowerShell gallery.
Where does this script downloads the setup temporarily?
The the script location with a sub folder with the Version number.
What is the purpose of slipping in a disable of the built-in automatic update at the end of the script? I’m just curious why you would want to disable it. It may not work every time as intended, but even if it works only sometimes, why remove one path to staying updated?
This is normally for Non Persistent VDI usage.
Is this script still supposed to work or is this for an older version of PS. it seems to choke on the [ throwing the missing expression error. Is there a newer version of this script?
Use Get-EvergreenApp – Name “Adobe*” to find the correct parameters.