Microsoft has given us WSUS to manage their patches, but it doesn't help with the current vector of attacks. Flash and Java are widely exploited to pwn your machines. In this article, we'll look at deploying Flash via an AD GPO.

Pros

• You already have the AD, use it

Cons

• Can't schedule installs, installs automatically happen on next restart
• Can't see results of install without looking at the client's event logs.

Go here and fill out the form to request Flash Player Redistributable, an offline installer that you can quickly deploy to multiple computers. After an e-mail authentication round, Adobe will e-mail you the link to download the redistributable apps. One is for IE only, the other is for other browsers. DO NOT share the link.

Copy the installers to a share point that the machines can access. For simplicity, I created an apps\flashplayer folder inside my sysvol\domain folder. Make sure your permissions are set on the file, so that authenticated users can read/execute

I have my computers broken down into OU's, so create a new GPO on your OU. I named my GPO "Flash Player 11.5". You can also do multiple installs per GPO, so a "Microsoft", "Adobe", "Other" may be more appropriate.

Edit your GPO and go into Computer Configuration > Policies > Software Settings > Software Installation and create a new package. Be sure to browse to \\domain.name\sysvol\domain\apps\flashplayer and select your MSI file. Repeat adding a new package for the other MSI file.

Once the clients update their policy, Flash will be installed on the next restart.