Script to Disable Flash Auto Update

johnnasset
Contributor

I'm sure this is around but does anybody have command or script to disable auto-updates for Flash? As you can expect, people freak when they see updated notifications and I'd like to just eliminate the prompts to update and push the updates out centrally.

22 REPLIES 22

Berrier
Contributor

This is what I use. It sets the values in /Library/Application Support/Macromedia/mms.cfg so that the flash updater Never checks. Here are the various Option Settings:

Allow Adobe to install updates

  • AutoUpdateDisable=1
  • SilentAutoUpdateEnable=0

Notify me to install updates

  • AutoUpdateDisable=0
  • SilentAutoUpdateEnable=0

Never check for updates

  • AutoUpdateDisable=1
  • SilentAutoUpdateEnable=0
#!/bin/bash
## Make sure script is run by root
if [[ $EUID -ne 0 ]]; then
    echo "Script must be run as root" 1>&2
    exit 1
fi

## Conf file that controls Update Settings
CONF="/Library/Application Support/Macromedia/mms.cfg"

## Set Updates to "Never Check"

cat > "${CONF}" << EOF
AutoUpdateDisable=1
SilentAutoUpdateEnable=0
EOF

mojo21221
Contributor II

Dude Much thanks!!!! My flash install/update is super sweet now. Smart group to determine if the Mac has the latest version of flash. Rich Trouton's scripted install set to before and this set to after just to make sure the install completes before the settings push. Thanks again!

dpertschi
Valued Contributor

What I'm seeing is, on a newly imaged machine and fresh install of 13.0.0.201; the expected Macromedia folder does not exist. It only appears after the first time you make an edit in the GUI.

dan-snelson
Valued Contributor II

I'm going to try using something along these lines:

#!/bin/bash
# Configure Adobe Flash to *not* update
#
# Dan K. Snelson, 7-Nov-2014
#
# Inspired by Lance Berrier
# https://jamfnation.jamfsoftware.com/viewProfile.html?userID=12774

directory="/Library/Application Support/Macromedia/"
file="/Library/Application Support/Macromedia/mms.cfg"

if [ -f "$file" ] ; then

    # Flash Player is installed, has been launched and mms.cfg exists
    # let's configure it to not update

    echo "AutoUpdateDisable=1" > $file
    echo "SilentAutoUpdateEnable=0" >> $file

    RESULT="Configured"

else

    # mms.cfg doesn't exsist

    mkdir "${directory}"

    echo "AutoUpdateDisable=1" > $file
    echo "SilentAutoUpdateEnable=0" >> $file

    RESULT="Created and configured"

fi

echo "<result>$RESULT</result>"

--
Dan

dan-snelson
Valued Contributor II

We'll try using this extension attribute to identify machines which have Flash updates enabled:

#!/bin/sh

#
# by Dan K. Snelson 6-Nov-2014
# checks for Adobe Flash Update Settings
# inspired by: https://jamfnation.jamfsoftware.com/discussion.html?id=10340
# AutoUpdateDisable=0 means updates are enabled
# AutoUpdateDisable=1 means updates are disabled

if [ -f "/Library/Application Support/Macromedia/mms.cfg" ] ; then
    SETTING=$( grep 'AutoUpdateDisable' /Library/Application Support/Macromedia/mms.cfg | awk -F= '{ print $2 }' )
else
    SETTING="Not installed."
fi

echo "<result>$SETTING</result>"

--
Dan

chrisjuno
New Contributor

Dan, Thanks for the script. I ran into an issue with machines where the mms.cfg file already existed and had some variation of the settings in it. So, I modified your script. Basically if the file exists it does a find and replace for the settings.

#!/bin/bash
# Configure Adobe Flash to *not* update
#
# Modified by Chris Jackson, 3-Mar-2016
# Original by Dan K. Snelson, 7-Nov-2014
#
# Inspired by Lance Berrier
# https://jamfnation.jamfsoftware.com/viewProfile.html?userID=12774

directory="/Library/Application Support/Macromedia/"
file="/Library/Application Support/Macromedia/mms.cfg"

if [ -f "$file" ] ; then

    # Flash Player is installed, has been launched and mms.cfg exists
    # let's configure it to not update

    grep -q -r "AutoUpdateDisable" "$file" && sed -i '' 's/AutoUpdateDisable=0|AutoUpdateDisable=1/AutoUpdateDisable=1/g' "$file" || echo 'AutoUpdateDisable=1' >> "$file"
    grep -q -r "SilentAutoUpdateEnable" "$file" && sed -i '' 's/SilentAutoUpdateEnable=0|SilentAutoUpdateEnable=1/SilentAutoUpdateEnable=0/g' "$file" || echo "SilentAutoUpdateEnable=0" >> "$file"
    grep -q -r "DisableAnalytics" "$file" && sed -i '' 's/DisableAnalytics=0|DisableAnalytics=1/DisableAnalytics=1/g' "$file" || echo "DisableAnalytics=1" >> "$file"

    RESULT="Configured"

else

    # mms.cfg doesn't exsist

    mkdir "${directory}"

    echo "AutoUpdateDisable=1" >> "$file"
    echo "SilentAutoUpdateEnable=0" >> "$file"

    RESULT="Created and configured"

fi

echo "<result>$RESULT</result>"

dan-snelson
Valued Contributor II

Thanks @chrisjuno!

Here's a more robust EA:

#!/bin/sh

# Extension Attribute to check for the state of Adobe Flash Update Settings
# 
# by Dan K. Snelson 6-Nov-2014, 22-Apr-2016
# 
# Inspired by: https://jamfnation.jamfsoftware.com/discussion.html?id=10340
# and by: https://jamfnation.jamfsoftware.com/discussion.html?id=10340#responseChild113904



testDirectory="/Library/Internet Plug-Ins/Flash Player.plugin" # Flash Player plug-in
if [ -d "${testDirectory}" ]; then
    # Flash Player.plugin exists; check its setting
    testFile="/Library/Application Support/Macromedia/mms.cfg" # Preference
    if [ -f "${testFile}" ] ; then
        # Read preference settings 
        AutoUpdateDisable=$( /usr/bin/grep 'AutoUpdateDisable' /Library/Application Support/Macromedia/mms.cfg | /usr/bin/awk -F= '{ print $2 }' )
        SilentAutoUpdateEnable=$( /usr/bin/grep 'SilentAutoUpdateEnable' /Library/Application Support/Macromedia/mms.cfg | /usr/bin/awk -F= '{ print $2 }' )

        case ${AutoUpdateDisable}:${SilentAutoUpdateEnable} in
            1:0)    result="Never" ;;         # AutoUpdateDisable=1 and SilentAutoUpdateEnable=0
            0:0)    result="Notify" ;;        # AutoUpdateDisable=0 and SilentAutoUpdateEnable=0
            0:1)    result="Allow" ;;     # AutoUpdateDisable=0 and SilentAutoUpdateEnable=1
        esac
    else
        result="Notify (default)"
    fi
else
    result="Not installed"
fi

echo "<result>${result}</result>"

--
Dan

chrisjuno
New Contributor

Awesome! Great work @dan.snelson!

donmontalvo
Esteemed Contributor II

I posted this to the Adobe forum, but figured I'd post here as well.

Anyone know if there is a supported method to grey out the two Update buttons in the Adobe Flash Player preference pane?

5e00e300935045d3a580556190ef2134

--
https://donmontalvo.com

donmontalvo
Esteemed Contributor II

Adobe posted a response:

I've been trying to find a reference to the directive to not push settings.sol in our documentation, but I'm not finding it the administrator guides (I only went back a few versions). That said, it sounds like reasonable guidance. I was just curious about any context that might definitively clue me in to the reasoning at the time. While you could probably configure a player instance the way that you want it, then push out a settings.sol by default, I don't believe that's a use-case that we've explicitly designed for, and could be problematic over the long term, should we need to change the implementation in the future. Historically, decisions to support clever solutions have come back to haunt us as painful engineering constraints and intractable legacy problems. Should we find ourselves in a position where changing the handling of settings.sol is necessary to solve an engineering issue, having multiple supported paths for enterprise client configurations could force us into a painful stance where we have to make a hard break with compatibility, which we try diligently to avoid. My guess is that this has already happened in the past, which led to the original guidance, or it's a very real concern for a particular domain expert at a given point in time. It is an internal configuration file, and with a codebase that's been in active development since 1997 and the number of places inside the player that it intersects with, it's plausible that we've made design assumptions along the way about it's availability and integrity. At the very least, it would be difficult to definitively assert the inverse. The supported path for configuring client behavior in an enterprise environment is to distribute a customized mms.cfg to your clients. There's a comprehensive list of directives in the system administrator's guide, here: Adobe Flash Player Administration Guide for Flash Player | Adobe Developer Connection As a general rule, mms.cfg directives take precedence over user settings, so even if the relevant panels are available, users shouldn't be able to override your settings. For any high-risk scenarios, it would probably be worth double-checking that assumption for peace of mind, but it should hold true and we'd be happy to help if bugs bubble up through that evaluation. If you're running into a scenario that you can't solve with the current set of directives, we'd definitely like to know about it. We invest a lot of time and effort into making life easier for network administrators, and when it's feasible, we're happy to try and provide additional pain relief.
--
https://donmontalvo.com

Petrie
New Contributor

A good way of greying out the flash menu all together in system preferences would be:
Go to profile manager on your apple server - Device Group-settings-OSX-restrictions-preferences

Click "enable selected items" and only click the boxes for the items in system preferences that you want the user to have access too.

Any Items that are not selected are automatically grayed out.

This does usually grey out all non-apple system preferences as well so other preferences like Java may also be automatically greyed out.

Hope this helps.

skinford
Contributor

I know that some of these scripts currently work in 2017 Adobe Flash 27.0.0.130? But how do you disable "Never Check for updates?" Is there supposed to be a visual on the Flash Player preferences pane with that setting selected after running the script? I'm not seeing it, or does Adobe just use the mms.cfg file and not change the preference pane visually?

My apologies when I refreshed the preferences pane by closing down System Preferences the "Never Check for Updates" was checked.

Thank you all for the great updates and for sharing all of your knowledge.

Have a great day my friends!

jj_isd728
New Contributor II

Thank you @dan.snelson, @chrisjuno and @Berrier for your posts.
I was able to take all your work and combine it to a check and change.
May not be super pretty, but works in my testing environment.
I have it part of a policy linked to the script and checked once a day.
@johnnasset, hopefully this works for you as well.

#!/bin/sh

# Extension Attribute to check for the state of Adobe Flash Update Settings
# 
# Modified and Combined by Jeffro@isd728 28-Feb-2018
#
# Inspriation and Adoptions from Dan K. Snelson 06-Nov-2014, 22-Apr-2016, by chrisjuno 03-Mar-2016, by Berrier 17-Apr-2014
# Inspired by: https://jamfnation.jamfsoftware.com/discussion.html?id=10340
# and by: https://jamfnation.jamfsoftware.com/discussion.html?id=10340#responseChild113904

function flashUpdateStatus()
{
flashDirectory="/Library/Internet Plug-Ins/Flash Player.plugin" # Flash Player plug-in
if [ -d "${flashDirectory}" ]; then
    # Flash Player.plugin exists; check its setting
    flashFile="/Library/Application Support/Macromedia/mms.cfg" # Preference
    if [ -f "${flashFile}" ] ; then
        # Read preference settings 
        AutoUpdateDisable=$( /usr/bin/grep 'AutoUpdateDisable' /Library/Application Support/Macromedia/mms.cfg | /usr/bin/awk -F= '{ print $2 }' )
        SilentAutoUpdateEnable=$( /usr/bin/grep 'SilentAutoUpdateEnable' /Library/Application Support/Macromedia/mms.cfg | /usr/bin/awk -F= '{ print $2 }' )

        case ${AutoUpdateDisable}:${SilentAutoUpdateEnable} in
            1:0)    result="Never" ;;         # AutoUpdateDisable=1 and SilentAutoUpdateEnable=0
            0:0)    result="Notify" ;;        # AutoUpdateDisable=0 and SilentAutoUpdateEnable=0
            0:1)    result="Allow" ;;         # AutoUpdateDisable=0 and SilentAutoUpdateEnable=1
        esac
    else
        result="Notify - default"
    fi
else
    result="Not installed"
fi
}

flashUpdateStatus

echo ""
echo "<result>${result}</result>"
echo ""

if [ "${result}" != "Allow" ]; then
     if [ -f "${flashFile}" ] ; then
        # Flash Player is installed, has been launched and mms.cfg exists
        # let's configure it to Auto Update

        function AppleScript_CAT()
        {
            CAT_script=`cat > "${flashFile}" << EOF
AutoUpdateDisable=0
SilentAutoUpdateEnable=1
DisableAnalytics=1
EOF`
}
        AppleScript_CAT
    else
        # mms.cfg doesn't exsist
        mkdir "/Library/Application Support/Macromedia/"
        echo "AutoUpdateDisable=0" >> "$flashFile"
        echo "SilentAutoUpdateEnable=1" >> "$flashFile"
    fi

flashUpdateStatus

echo ""
echo "<result>${result}</result>"
echo ""
fi

exit 0

devlinford
New Contributor III

@jj.isd728,

@All!

This is brilliant...Thanks for sharing...and great collaboration here.

ukspvmalapati
New Contributor III

Thanks All. But this doesn't disable users to change the options. Is there a way to Grey out option to never check for updates.

donmontalvo
Esteemed Contributor II

@ukspvmalapati our script still works with 30.x. As the Adobe Engineer mentioned, this greys out the boxes.

This will overwrite the existing file, but then we manage that file and we know we want those three lines, so we're good.

#!/bin/bash

# Create folder path if it doesn't exist.
mkdir -p /Library/Application Support/Macromedia/ 2>/dev/null

# Disable auto updates
echo "AutoUpdateDisable=1" > /Library/Application Support/Macromedia/mms.cfg 2>/dev/null

# Disable silent autoupdates
echo "SilentAutoUpdateEnable=0" >> /Library/Application Support/Macromedia/mms.cfg 2>/dev/null

# Disable analytics
echo "DisableAnalytics=1" >> /Library/Application Support/Macromedia/mms.cfg 2>/dev/null

exit 0

Result:

# cat /Library/Application Support/Macromedia/mms.cfg
AutoUpdateDisable=1
SilentAutoUpdateEnable=0
DisableAnalytics=1
--
https://donmontalvo.com

ukspvmalapati
New Contributor III

@donmontalvo -- Thanks for replying. Here is the screen shot which shows, an Admin user can change the update settings.
Those radio buttons were not greyed out. Hope screenshot gives more details.
2501608a996a4168935efe05abe1adf4

jj_isd728
New Contributor II

@ukspvmalapati You can set it as a daily script or login script...?
The appearance of control is not a bad thing...

tim_porter
New Contributor

Does anyone have a "current" script to disable flash updates? The directory referred to below "/Library/Application Support/Macromedia" doesn't exist anymore on new versions of flash. It's in a completely different directory and now it looks like it's an .xml file, not a .cfg

Chuey
Contributor III

@tim.porter did you find anything out about this? I'm looking to suppress the notification to update in general.

ryan_martindale
New Contributor II

I took snapshots in Composer following these steps. Taking Snapshots with Composer will capture the plist file that is edited when making that change.

itupshot
Contributor II

@tim.porter It looks like the file is still at /Library/Application Support/Macromedia/, but it only appears if you actually change the setting from the System Preferences Flash Player PrefPane. The scripts shared in previous posts should still work, or you can create your own.