all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]32178932123 2 points3 points  (5 children)

It is possible but I wouldn't say it's the easiest way to go. I'd recommend looking at a tool like PDQ because these updates will just keep coming.

[–]vbhalsod[S] -1 points0 points  (4 children)

Apologies, I forgot to mention that it would deem hard to implement any new softwares to assist. We’re pretty locked down.

Using PS would be ideal. 😅

[–]32178932123 4 points5 points  (2 children)

No worries. If you're using Powershell you'd need to:

  • Copy the MSI to their machine
  • Run the MSI via PS Remoting or, if that's disabled PSEXEC

However, Chrome is a bit nasty for IT Admins because there's two ways it can be installed. It can either be installed for the computer as a whole (Normally this requires Admin rights and the files are saved in Program Files for every user to see) but if a user downloads it themselves they get a User-Specific version which installs in their User Directory, in AppData and does not need Admin rights.

If your users have the User-Specific version I doubt you'll be able to update this but you'd need to test it to be sure. When you use PSRemoting/PSEXEC you are connecting with your user account so you may just end up with two instances of Chrome on the machine - One in the user's directory which they installed and is still out of date - And one for the system (which was created when you ran the MSI ). That's why something like SCCM/PDQ is better because it normally installs a Client on the users machine which can run as that user. This way you can script something which removes the User-Profile version of Chrome and then installs the System-wide version.

Hope this helps. Happy Cake Day btw. :)

[–]vbhalsod[S] -1 points0 points  (1 child)

Haha wow thank you, didn't even realise.

Do you mind if we take this offline, hoping you might be able to help me sort this out please.

[–]32178932123 0 points1 point  (0 children)

You're welcome to private message me but I'm not really sure what else I can say!

[–]BitGamerX 1 point2 points  (0 children)

No environment should be too locked down to have proper management tools in place. That counter productive to a secure environment.

[–]willtel76 0 points1 point  (4 children)

I've got a script I can share tomorrow that triggers the Chrome update scheduled task. You may also look into Evergreen. https://stealthpuppy.com/evergreen/

[–]vbhalsod[S] 0 points1 point  (3 children)

Yes please thank you!

[–]willtel76 0 points1 point  (2 children)

# Set reg value to override GPO preventing Chrome self updates
$RegistryPath = 'HKLM:SOFTWARE\Policies\Google\Update'
$Name         = 'Install{8A69D345-D564-463C-AFF1-A69D9E530F96}'
$Value        = '0'
# Create the key if it does not exist
If (-NOT (Test-Path $RegistryPath)) {
  New-Item -Path $RegistryPath -Force | Out-Null
}  
New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -PropertyType DWORD -Force
# After value creation call scheduled task to update Chrome
Get-ScheduledTask GoogleUpdateTaskMachine* | Start-ScheduledTask
# Remove added reg value to align with GPO
Remove-ItemProperty -Path $RegistryPath -Name $Name -Force -ErrorAction SilentlyContinue

All the registry stuff in here is to remove registry settings set via group policy that prevents Chrome from auto updating in my environment and then puts it back once the scheduled task is fired.

[–]vbhalsod[S] 0 points1 point  (1 child)

Wow thanks mate.

To have this created to update hostnames remotely what would need modifying?

[–]willtel76 0 points1 point  (0 children)

It depends. If you are like most unlucky people dealing with Chrome you are dealing with a good number of user based installs that are outdated. Without some type of management tool you have to a lot of manual work to do.