I'm a system engineer in public Cloud Platform Company. I'm responsible for technical application design and the implementation of these applications in the cloud. We hav…
I'm a system engineer in public Cloud Platform Company. I'm responsible for technical application design and the implementation of these applications in the cloud. We have implemented Mozilla Firefox as an alternate browser next to Internet Explorer 11 on Windows 2008 with Citrix XenApp 6.5 servers, the users don't have administrator rights.
I'm running into an issue regarding the automatic updates. In a normal implementation of Firefox without any special configurations all users could initiate an update which would fail because their lack of administrator rights, providing them with a popup to manually initiate the update.
I was hoping the Mozilla Maintenance Service would provide us with the solution, the only problem with this setup is that users initiates the download of the update in de APPDATA of Firefox in a variable profile per user. When downloaded it tries to execute the update file but we have an environment where we block executables through the use of AppLocker. Normally I would unblock this executable but seeing everyone can download it within their variable Firefox profile I cannot unblock this. At the end the Mozilla Maintenance Service never gets the update file to process it with its SYSTEM privileges rendering it useless in this implementation.
My solution so far is to disable the Maintenance Service during installation through a config.ini. I’ve disabled the automatic updates with the use of a customconfig.js and a Mozilla.cfg. This prevents users from initiating an update and therefore preventing the update failure window. At this moment I have an update procedure in place which semi-automatically updates Mozilla Firefox. I have scripted the installation/upgrade of Mozilla Firefox with PowerShell to look for a new executable in a folder on our network. It will check the Mozilla registry entry “DisplayVersionName” with the version in the executable name and silently install if it’s a new version. This involves a manual intervention to check if there’s a new version, we luckily found https://lists.mozilla.org/listinfo/announce, and put the new executable on the location. I would rather have this automated.
Can someone maybe provide me with a better solution or am I missing something regarding the Mozilla Maintenance Service, or automatic updates function? Does that solution provide a rollback procedure?