Adobe Flash 11.2 Background Updates from an Internal Server

One major problem with Adobe Flash Player is that the software often has vulnerability which allow code to take control of a users system. The issue is gets worse by the fact most enterprise environments wont allow their users to have Administrator user rights to reduce the amount of viruses, malware and spyware installed thus not allowing the same users to install the latest version of Adobe Flash Player and leaving them with outdated versions which are vulnerable.

After GOOGLING to try and find a workable restitution I found http://helpx.adobe.com/flash-player/kb/administration-configure-auto-update-notification.html which talked about a new option in Adobe Flash Player called SilentAutoUpdate. This new option allows System administrators to push settings to Adobe Flash Player by creating a text file called mms.cfg in the users C:\Windows\System32\Macromed\Flash for Windows 32bit or C:\Windows\SysWOW64\Macromed\Flash for Windows 64bit. I’m not going to go into to much detail but I at my work I could use Group Policy to copy this file I’ve created to all my users computer to allow SilentAutoUpdate. SilentAutoUpdate works by a task in the systems Task Scheduler being created and running once a day. This task starts a service called  AdobeFlashPlayerUpdateSvc. The service program is located in the same location as the mms.cfg file called FlashPlayerUpdateService.exe. The FlashPlayerUpdateService.exe reads the mms.cfg file. To enable the SilentAutoUpdate option to log add SilentAutoUpdateVerboseLogging=1 into the mms.cfg file.

The only issue I have with the SilentAutoUpdate option is that the software must have direct access to the internet via ports 443 and 80. In some enterprise environments such as mine must access the internet via a proxy which causes the SilentAutoUpdate to fail to update.

1 way around the SilentAutoUpdate not working via a web proxy is to create an internal mirror. This can be done by following the instructions on the http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flash_player_11_2_admin_guide.pdf pages 17-19. Once creating a local mirror you can add the option SilentAutoUpdateServerDomain=server.domain.com to your mms.cfg file which tells your FlashPlayerUpdateService access the update files via your web server rather than the internet directly.

My MMS.CFG file for testing looks like this but once working I would remove the VerboseLoging option to reduce the log file size. The settings below turn off gui updates and enable silent updates:

AutoUpdateDisable=0
SilentAutoUpdateEnable=1
SilentAutoUpdateServerDomain=firewall.cloudportal.local
SilentAutoUpdateVerboseLogging=1

Then my other issue was how to I keep my mirror synced with Adobes so I created a Shell Script to do it for me in a daily cron job. The script creates the folder structure, uses wget to download the files and logs everything it does. Save the text below as adobe-flash-background-updates.sh and ensure the paths are correct before running. To run the script run the command sudo sh ./adobe-flash-background-updates.sh once you know to the script is working for you add it to cron.

#!/bin/sh

########## INTOMATION ABOUT SCRIPT ##########

# This Script Titled adobe-flash-background-updates and was written by Tyrone Wyatt of www.cloudportal.org.
# This Script is open to use by everyone and is not under any licence.
# See flash_player_11_2_admin_guide.pdf for more infomation on how this script is required to function.

########## SCRIPT CONFIG ##########

# The TITLE option is the scripts name
TITLE=adobe-flash-background-updates

# The LOG option is the log file.
LOG=/var/log/$TITLE.log

# The SOURCE option is the mirror on which you would like to download the flash files from.
SOURCE=http://fpdownload2.macromedia.com

# The DESTINATION option is where you would like your downloaded files to go so they are accessable by your web service.
DESTINATION=/var/www

# The VERSION option is the current major version of Flash Player (for Flash Player 11.2, the major version is 11).
VERSION=11

########## SCRIPT CORE ##########

touch $LOG

echo “Welcome to $TITLE Script!”
echo “=O====== $(date) ========” >> $LOG 2>&1

if [ -d $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml ];
then
echo ‘Skipping destination folder structure creation.’
else
echo ‘Creating destination folder structure.’
sudo mkdir -v $DESTINATION/pub/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/ >> $LOG 2>&1
fi

echo ‘Downloading files…’
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/xml/version.xml -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml/version.xml >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_ax_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_ax_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_pl_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_pl_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_ax_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_ax_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_pl_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_pl_sgn.z >> $LOG 2>&1

echo “Script complete! See log file for more infomation $LOG”
echo “=X====== $(date) ========” >> $LOG 2>&1

echo ‘ ‘ >> $LOG 2>&1

########## END OF SCRIPT ##########

I have been testing the script and am pleased to see it works well. The log file that the script creates looks much like the flashinstall.log for ease of reading.

If you require more infomation as I sometimes cut corners on documenting then you should read these other usful pages

14 thoughts on “Adobe Flash 11.2 Background Updates from an Internal Server

    • Currently Adobe have only created this feature for Adobe Flash Player but I’m hoping that Adobe does implement this feature for both Adobe Reader and Shockwave.

  1. Hello,

    Thanks for this usefull post, maybe it’s a silly question, but what kind of file do we have to host on our apache ? and where ?
    .msi or .exe, at the root of pub ? or in the majorversion folder ?
    Thanks a lot in advance, for the answers

    • Yes the /pub folder must be in the root of your site/virtual site.
      I have tested this with both IIS on Server 2003 R2 and Apache 2.2 on Ubuntu 12.04.
      The file extension they use is a .z
      The files must be within /pub/flashplayer/update/current/sau//xml/ and /pub/flashplayer/update/current/sau//install/

  2. I cannot get this to work. No errors, just no updates on clients.
    I’m using single slashes and it is isn’t working even though I can browse to the xml file from a browser on the client PC.
    Your post above has double slashes // is that correct?
    “The files must be within /pub/flashplayer/update/current/sau//xml/ and /pub/flashplayer/update/current/sau//install/”

    • Yes the double slash is a typo. This type of update method is no longer required if you upgrade to Windows 8/8.1 as Flash is updated via Windows update.

      • I’m trying to use this for Windows 7 PCs on a domain and it just doesn’t work, I don’t see any errors or logs or any way to troubleshoot what the problem is.
        I set up all the directories on a IIS7 Windows Server 20008 server and copied the mms.cfg file to a test Windows 7 laptop and then nothing happens.

  3. Hello, now that flashplayer version 12 is out, how do we handle this major upgrade?

    Hoping that someone have solved this.

    I tried to create pub\flashplayer\update\current\sau\12\install and pub\flashplayer\update\current\sau\12\xml on my IIS webserver, but my clients keep downloading version.xml from pub\flashplayer\update\current\sau\11\install.

    Do we have to make the major upgrade from 11 to 12 by other means(SCCM etc.)?

  4. We discovered our Windows 7 clients weren’t getting the latest Flash updates despite setting the mms.cfg file as adobe specify.

    Your post makes me think it is probably due to our proxy requiring authentication. I dismissed it at first because I thought if it works manually then surely it would be the same mechanism for automatic
    :/

    I’ll see if our proxy team can do anything about it, I really don’t want the hassle of setting up a mirror

  5. Thanks for the post. Here’s your script re-engineered for Powershell. Apologies if it doesn’t format well when I post.

    # Invoke-WebRequest cmd-let comes with PoSh v3 and higher
    # You may need to allow Powershell access through your proxy with this command
    # netsh winhttp import proxy source=ie

    ########## SCRIPT CONFIG ##########
    $logFile = “flashlog.log”
    $logPath = $env:TEMP + “\” + $logFile

    Function LogWrite{
    Param ([string]$logstring) Add-content $logPath -value “$(get-date -Format ‘hh:mm:ss’) $logstring”}

    If(Test-Path -Path $logPath){
    Remove-Item -Path $logPath -Force}

    ###########################################################################

    # The SOURCE option is the mirror on which you would like to download the flash files from.
    $SOURCE=”http://fpdownload2.macromedia.com”

    # The DESTINATION option is where you would like your downloaded files to go so they are accessable by your web service.
    $DESTINATION=”c:\inetpub\wwwroot”

    # The VERSION option is the current major version of Flash Player (for Flash Player 11.2, the major version is 11).
    $VERSION=”19″

    ########## SCRIPT CORE ##########

    LogWrite Get-Date

    If(Test-Path -Path $DESTINATION”\pub\flashplayer\update\current\sau\”$VERSION”xml”){
    LogWrite “Skipping destination folder structure creation”
    Else

    LogWrite “Creating destination folder structure”
    New-Item -ItemType directory -Path $DESTINATION”\pub\”
    New-Item -ItemType directory -Path $DESTINATION”\pub\update”
    New-Item -ItemType directory -Path $DESTINATION”\pub\update\current”
    New-Item -ItemType directory -Path $DESTINATION”\pub\update\current\sau”
    New-Item -ItemType directory -Path $DESTINATION”\pub\update\current\sau\”$VERSION
    New-Item -ItemType directory -Path $DESTINATION”\pub\update\current\sau\”$VERSION”/install/”
    New-Item -ItemType directory -Path $DESTINATION”\pub\update\current\sau\”$VERSION”/xml”
    }

    LogWrite “Downloading files…”

    Invoke-WebRequest $SOURCE/pub/flashplayer/update/current/sau/$VERSION/xml/version.xml -Outfile $DESTINATION\pub\flashplayer\update\current\sau\$VERSION\xml\version.xml >> $LOG 2>&1
    Invoke-WebRequest $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_ax_sgn.z -Outfile $DESTINATION\pub\flashplayer\update\current\sau\$VERSION\install\install_all_win_ax_sgn.z >> $LOG 2>&1
    Invoke-WebRequest $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_pl_sgn.z -OutFile $DESTINATION\pub\flashplayer\update\current\sau\$VERSION\install\install_all_win_pl_sgn.z >> $LOG 2>&1
    Invoke-WebRequest $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_ax_sgn.z -OutFile $DESTINATION\pub\flashplayer\update\current\sau\$VERSION\install\install_all_win_64_ax_sgn.z >> $LOG 2>&1
    Invoke-WebRequest $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_pl_sgn.z -OutFile $DESTINATION\pub\flashplayer\update\current\sau\$VERSION\install\install_all_win_64_pl_sgn.z >> $LOG 2>&1

    ########## END OF SCRIPT ##########

Leave a Reply to Tyrone Cancel reply

Your email address will not be published. Required fields are marked *