The latest round of adobe patches are a pain for IT staff to implement. If you allow automatic updates then many machines updating the full reader installer from Adobe is likely to knock out your wan or Internet links. Too much traffic.
Manually running around and installing the update is also a pain for IT and consumes a lot of man hours. So I love to make script packs for them to automate things.
To use these scripts you need to do several prep things.
- Download and put nmap binaries for windows in the folder you will run the scripts from.
- You will need to install the winpcap driver for the nmap scans to work.
- Download psexec from the Microsoft Sysinternals site and put it in the script folder too.
- Download the adobe reader installer and put it on a network share.
- Create a toss off domain user account that simply can map to the network share of the acrobat. I put it in a subfolder of that share called acro93 for the version I am installing. Because if you have your domain setup reasonably well you want only authenticated users to connect to shares etc. You will delete this account once done.
Next come the scripts. We have the master script we call acrobat.bat. This script pushes a second bat file into each target host. You need to put your target hosts into a text file in a format that would be accepted by nmap. A subnet, indvidiual ips, hostnames your pc can resolve.
First edit the pushed bat file. Put in the path to the share and the domain, username and password for the account from steps 4 and 5 above. Note we check for the existence of the adobe folder so we don’t just install acrobat to more machines than have it. With adobe creating such flawed product we don’t want to install it on machines that don’t already have it.
The users will see this particular bat file run because it seemed to me acrobat did not want to install if the session was not in interactive mode. We do use acrobat installer flags to make the install as quiet as possible and to NOT force a reboot so we do not upset the user base.
IF EXIST “C:\Program Files\Adobe” (
net use m: \\serverip\AdobeReader /USER:domain\username password
echo Updating Acrobat
AdbeRdr930_en_US.exe /sAll /sPB /rs /msi /qb!
net use m: /delete
) ELSE (
I generally run the main script file under a command line using run as to run it as an administrator account on all target machines. This saves passing the password and username into the script. The script can react oddly to special characters that are often used in good strong passwords protecting such admin accounts.
nmap -sP -iL %1 -oG scanadb.txt
find “Status: Up” scanadb.txt > adbtemp.txt
for /F “eol=- tokens=2″ %%i in (adbtemp.txt) do psexec \\%%i -c -d -i -f acroinst.bat
So there you go. Good luck and Happy Patching!