Putting on my PDQ Deploy advocate hat again. The OP can solve the bandwidth issues and the control issues and the update issue for 500 bucks. This thread and the prior work on all those GPO’s and the ongoing work every month costs his org more than that.
From: [email protected] [mailto:[email protected]] On Behalf Of Richard Stovall Sent: Monday, November 16, 2015 11:06 AM To: [email protected] Subject: Re: [NTSysADM] Blocking Java, Google, Adobe automagic updaters <DA> Totally understood. This does not appear to be that sort of environment. If I read the thread correctly, things appear to be working well for the OP with auto-updating enabled, except for Internet bandwidth saturation at inopportune times. Purposefully disabling updates to vulnerable applications that are not bound to specific versions without a plan to immediately assume a managed plan to patch them is not wise at best. At worst it's potentially career limiting. </> On Mon, Nov 16, 2015 at 10:23 AM, Mark Liechty <[email protected]<mailto:[email protected]>> wrote: On Nov 16, 2015, at 6:33 AM, Richard Stovall <[email protected]<mailto:[email protected]>> wrote: > > Understood. I totally get that there are valid reasons to retain old > versions of Java for some very specific use cases. But Reader/Acrobat? > Chrome? And heaven forbid, Flash? > ######### I worked with a medical device company a few years ago that was very specific about the Adobe Reader version. They have very complex QA around any changes to the processes of any kind. Rules come from the FDA, Legal Department and lots of other strangeness that It cannot, and should not, control. It seems that at one point the PDF documents that were generated by some other process did not display properly when looked at by the newest version ##.### of Adobe but were perfect when using version YY.YYY since opening these documents was required for each device as it came from assembly (had testing results) we could not use the latest versions. Added to that ANY change at any point in the process required a complete end-to-end revalidation\certification that was a very detailed process. So we stayed with the old versions and moved on. My last contact was 5 years later and they still had not been able to change. What they had worked and there was no motivation to upgrade for the sake of being “new and shiny”
