Software Deployment

unfortunately the version number that is attached to the exe does not show a version number i can relate back to the patches applied.

i can see multiple places that the package did the install i just have no way of verifying the compliance (which is why i was looking for a log file of some sort). as i am applying 10 sequential security patches at once i have to be able to prove they have all been applied properly.

i just haven't found anything yet to do that.

Really? I find it hard to believe that Adobe patches binaries but doesn't change the version information. How would it know that files had been patched?

EDIT:
Perhaps what you're saying is that you can't tell from the information you have in the patch what version is being applied? In that case, the simplest route is to apply each patch in turn, grabbing the version information each time.

since the file doesn't change you can alway check the registry
HKCR\Installer\Products\guid number\version
after each patch it change the version number.
also if that doesn't work you can get the patch list under the guid number\Patches\Patches it's a multi string but you can get your information.

unless i am way off my logic i would figure if i am applying patches up to 8.2.4 then my version in help, about should show 8.2.4. it still shows me 8.1.3 even though i have applied all the patches (one by one) up to 8.2.4. when i look in the registry it does not show all the patches applied. it still looks like it is 8.1.3

is it possible that my .msi file is crap and therefore even though it looks like everything is working ok, it really is not?

ORIGINAL: michelle
i have created a package to push all the adobe security patches. does anyone know where to look to validate that the system has all the patches applied?


Hi Michelle,
what exactly do you do?
Create a new MSI-Package which contains only the patches?
Create an admin install and applying all the patches to it?
Regards, Nick

my version in help, about should show 8.2.4Since vendors have some weird and wonderful ways of populating that dialog box's text, I always ignore 'Help/About', preferring instead to check the version information of files.

i have done some extensive testing on this since last post. if i run the msp file on my test machine (one by one) the system is updated with the latest patches (shows the correct version in help, about).

so this leads me to the fact that there is something very wrong with the automated run.

how i am running this is as follows...

- customized my program through the adobe customization wizard...saved the mst and msi file (all files are in the same directory)
- made sure the setup.ini file is correct (specified the patch file...ran this one by one for each msp file)
- run the package with setup.exe

this process is what is not working.

is there a way to combine all the msp's into one msi?

is there a way to combine all the msp's into one msi?

yes there is. The basic idea is to make an administrative install point (AIP) for the main msi, using the msiexec.exe /a <msi path> command line.
You should then apply the patches to this base installation point using msiexec.exe /p <path to patch file> /a <path to AIP msi>

However, since we're talking Adobe Reader installers here, I expect this to be a very painfull process in this case. Some pieces of advise in this respect I can give you are

1) sometimes the AIP and patch installs will act differently when run silently, than when run with full UI, so try playing with /qb /qn parameters if you have problems
2) some patches just DO NOT install cleanly ontop of an MSI
3) if I google 'patching an AIP' , the first result I get is about someone having trouble with adobe patches, should tell you something...

All this aside, this IS the theoretical (and best practice) way to handle patches to an MSI installer

Hope this helps

PJ

As far as I understand it, most of the issues with Adobe patches revolve around the fact that you cannot apply interim patches with regular ones. IIRC, they are numbered with even and odd numbers (I can't recall which way round, though). That is to say, you can't patch with (say) 9.3.2 having applied 9.3.1: you must go straight to 9.3.2. It's all written up on the Adobe site.

thanks PJ. i will give that a try.

this has been extremely frustrating to say the least

and don't forget to create a log file while running msiexec /a . you will know for sure whether your patches were successful

once you have installed your adobe package + the updates go to control panel- add remove programs and tick the box show updates

also have a look at the event viewer for to see if your patches were applied/ installed suceesfully

thanks for the reply. the control panel doesn't show me adobe updates. i looked in the event viewer and while it does show that a package went to the machine i don't see any other info.

do you know if there is a log file that gets written? i have searched for one but can't find one associated.

Isn't the simplest way to check the main executable for the app (or whichever file{s} got patched) and check the version information?

There are only two ways you'll only see logs for WI installs: if one was specified on the command line using the '/L' switch, or if the MSI Logging policy was enabled.