Issue 512627 in chromium: Regression: Chrome 44 ignoring Google Update Policy Configuration

[chro...@googlecode.com]

Status: Unconfirmed
Owner: ----
Labels: Cr-Enterprise Pri-2 Via-Wizard Type-Bug OS-Windows

New issue 512627 by wyd...@gmail.com: Regression: Chrome 44 ignoring Google
Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/44.0.2403.89 Safari/537.36

Steps to reproduce the problem:
1. Configure Google Update via policy to allow "Automatic silent updates
only" for Chrome
2. Check on the Chrome 44 About page. It should state. "Manual updates are
disabled by the administrator, automatic updates are enabled"
3. It doesn't however, Chrome seems to be in the default configuration,
where manual updates are enabled.

What is the expected behavior?
Google Chrome obeys the Google Update Policy Configuration and reports
that "Manual updates are disabled by the administrator, automatic updates
are enabled"

What went wrong?
Chrome 44 appears to be ignoring the Google Update Policy Configuration for
Chrome and manual updates remain enabled.

Did this work before? Yes Chrome 43

Chrome version: 44.0.2403.89 Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 18.0 r0

Even setting the Google Update policy for Chrome to "Updates Disabled"
makes no difference. The Chrome About page still suggests that manual
updates are enabled.

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

[chro...@googlecode.com]

Comment #1 on issue 512627 by henri...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Hey, we having the same issue.
We used to disabled automatic update because of external apps dependency.
The policy no longer apply.

[chro...@googlecode.com]

Comment #2 on issue 512627 by gottscha...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Having the same issue here, tested on Windows 7 x86 and x64 + Windows 8.1
x64.

[chro...@googlecode.com]

Comment #3 on issue 512627 by christop...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

We also have this problem.

[chro...@googlecode.com]

Comment #4 on issue 512627 by xerm...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Same problem here, looking for a solution.

[chro...@googlecode.com]

Updates:
Labels: -Pri-2 Pri-1 Cr-Internals-Installer Enterprise-Triaged

Comment #5 on issue 512627 by mnis...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Passing over to the installer folks and raising priority as this is
potentially a serious regression.

[chro...@googlecode.com]

Comment #7 on issue 512627 by lorelei....@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

We also are seeing this.. its ignoring it when on Chrome 43 and auto
updating now to 44

[chro...@googlecode.com]

Comment #8 on issue 512627 by dcdra...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

We are having the same problem, potentially impacting hundreds of thousands
of endpoints.

[chro...@googlecode.com]

Comment #10 on issue 512627 by lorelei....@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

ESsentially we have the policy set to NOT auto upgrade, registry setting
confirmed =0, and we installed chrome 43.. if you close the browser window
and then launch again it automatically updated to chrome 44

[chro...@googlecode.com]

Comment #9 on issue 512627 by lorelei....@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

ESsentially we have the policy set to NOT auto upgrade, registry setting
confirmed =0, and we installed chrome 43.. if you close the browser window
and then launch again it automatically updated to chrome 44

[chro...@googlecode.com]

Comment #11 on issue 512627 by dcdra...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

We are having the same issue, potentially impacting hundreds of thousands
of endpoints. Thanks for raising the priority!

[chro...@googlecode.com]

Comment #12 on issue 512627 by david.dr...@heatsoftware.com: Regression:

Chrome 44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

We are having the same issue, potentially impacting hundreds of thousands

of endpoints. Thanks for raising the priority.

Sorry about the earlier spammed email notices, I had trouble getting logged
in to send this from my work account :(

[chro...@googlecode.com]

Comment #13 on issue 512627 by msimprov...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

+Restrict-AddIssueComment-EditIssue?

[chro...@googlecode.com]

Comment #14 on issue 512627 by gan...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Are these machines joined to a domain?

[chro...@googlecode.com]

Comment #19 on issue 512627 by wyd...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

#17 Gan

So what do you want me to do here, download the Chrome 44 business MSI,
install it while running Sawbuck and see if the installer reckons my domain
joined machine is NOT domain joined?

Can you provide your full e-mail address please so I can send you the
trace? Thanks.

FYI we have silent automatic updates enabled for Chrome, so for me this is
not a recreation of the conditions.

[chro...@googlecode.com]

Updates:
Cc: dska...@chromium.org

Comment #20 on issue 512627 by dska...@google.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

(No comment was entered for this change.)

[chro...@googlecode.com]

Comment #24 on issue 512627 by gan...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Re #17, please get the log when navigating to chrome://chrome. Thank you.

[chro...@googlecode.com]

Comment #25 on issue 512627 by wyd...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

See attached

Attachments:
About Chrome.csv 3.8 KB

[chro...@googlecode.com]

Comment #40 on issue 512627 by schim...@schimkat.dk: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

This is a very bad news. Back to completly removeing
the %Programfiles%\Google\Update folder. :-|

[chro...@googlecode.com]

Comment #41 on issue 512627 by andreas....@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Same issue here. Machines are joined to a domain. Internet connection is
only available via proxy.

Google Update policy is deployed via registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update]
"DisableAutoUpdateChecksCheckboxValue"=dword:00000001
"AutoUpdateCheckPeriodMinutes"=dword:00000000
"Install{8A69D345-D564-463C-AFF1-A69D9E530F96}"=dword:00000001
"Update{8A69D345-D564-463C-AFF1-A69D9E530F96}"=dword:00000000
"Install{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}"=dword:00000001
"Update{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}"=dword:00000000

[chro...@googlecode.com]

Comment #46 on issue 512627 by wyd...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

I just noticed that 44.0.2403.107 is now out. On my home machine where I
have no Omaha polices enabled (but run Chrome for business) I went to
chrome://chrome in Chrome 44.0.2403.89 to run a manual update, but it
failed to come back with .107!

Are we absolutely sure that damage has not been done to the update
procedure, be it manual or automatic in Chrome 44.0.2403.89 for business?
I really hope not, otherwise I'm going to have 100,000 clients "trapped" on
Chrome 44.0.2403.89!

[chro...@googlecode.com]

Comment #47 on issue 512627 by wyd...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

I see others are reporting the update is not working now too
http://googlechromereleases.blogspot.co.uk/2015/07/stable-channel-update_24.html

[chro...@googlecode.com]

Comment #48 on issue 512627 by gan...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Re #46, could you please capture a log by following the instructions in
#17? Thank you!

[chro...@googlecode.com]

Comment #49 on issue 512627 by wyd...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Ganesh, ok but can you get me a .89 MSI installer please (x64) as I've just
installed .107 via the latest MSI installer. Thanks.

[chro...@googlecode.com]

Comment #50 on issue 512627 by ewald.li...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Manually updated to 44.0.2403.107, issue not applying update policy
persists. Other policies are applied correctly.

Policy settings:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update]

"Install{8A69D345-D564-463C-AFF1-A69D9E530F96}"=dword:00000000
"Update{8A69D345-D564-463C-AFF1-A69D9E530F96}"=dword:00000000
"InstallDefault"=dword:00000000
"UpdateDefault"=dword:00000000
"AutoUpdateCheckPeriodMinutes"=dword:00000000
"DisableAutoUpdateChecksCheckboxValue"=dword:00000001
"Install{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}"=dword:00000000
"Install{4EA16AC7-FD5A-47C3-875B-DBF4A2008C20}"=dword:00000000
"Install{8BA986DA-5100-405E-AA35-86F34A02ACBF}"=dword:00000000
"Install{C4D65027-B96A-49A5-B13C-4E7FAFD2FB7B}"=dword:00000000
"Update{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}"=dword:00000000
"Update{4EA16AC7-FD5A-47C3-875B-DBF4A2008C20}"=dword:00000000
"Update{8BA986DA-5100-405E-AA35-86F34A02ACBF}"=dword:00000000
"Update{C4D65027-B96A-49A5-B13C-4E7FAFD2FB7B}"=dword:00000000

[chro...@googlecode.com]

Comment #51 on issue 512627 by andreas....@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Re #43 Error message is:

Update failed (error: 7)An error occurred while checking for updates: Es
konnte keine Verbindung zum Internet hergestellt werden. Falls Sie eine
Firewall verwenden, setzen Sie bitte "GoogleUpdate.exe" auf die Whitelist.
(error code 7: 0x80072efe -- system level).

Sawbuck log is attached.

Attachments:
Sawbuck_Omaha.log 10.8 KB

[chro...@googlecode.com]

Comment #52 on issue 512627 by martin.s...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

AD joined machines here. Behaviour from the \Policies\... reg key as
expected up to last iteration of V43. Install of either flavour of V44
results in auto-update being activated.

[chro...@googlecode.com]

Comment #53 on issue 512627 by Sebastia...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

I can confirm that the issue still exists in 44.0.2403.107 like Ewald said
in #50.

This policy settings sucessfully disabled the update function prior to
version 44.*

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update]

;Auto-update check period override
"AutoUpdateCheckPeriodMinutes"=dword:00000000
;Update policy override: default
"UpdateDefault"=dword:00000000
;Update policy override: GoogleChrome
"Update{8A69D345-D564-463C-AFF1-A69D9E530F96}"=dword:00000000
;Update policy override: GoogleChromeBinaries
"Update{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}"=dword:00000000
;Update policy override: GoogleChromeCanaryBuild
"Update{4EA16AC7-FD5A-47C3-875B-DBF4A2008C20}"=dword:00000000
;Update policy override: GoogleChromeFrame
"Update{8BA986DA-5100-405E-AA35-86F34A02ACBF}"=dword:00000000

All machines are joined to a domain!

[chro...@googlecode.com]

Comment #54 on issue 512627 by gan...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Re: #50, are you joined to a domain? If not, please see #38.

[chro...@googlecode.com]

Comment #55 on issue 512627 by gan...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Re: #51, your issue is the same as #31, I see updatecheck
updatedisabled="true" in your request, so updates are indeed disabled, it
is an UX issue that we will fix.

[chro...@googlecode.com]

Comment #59 on issue 512627 by gan...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Re: post #57, if the machine is not joined to a domain, which I understand
to be your case, Chrome 43 installed via
43.0.2357.65_ChromeStandaloneSetup.exe will upgrade to the latest version
(Chrome 44 now) within a few minutes of install by default.

[chro...@googlecode.com]

Comment #60 on issue 512627 by lorelei....@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

#59. Ok great, so even with the policy registry setting disabled it will
still upgrade? So When did this change happen? Is this new with chrome
44?... as previously when on Chrome 42, installing Chrome42 kept the
machines at Chrome42 and did not autoupdate even when Chrome 43 was out.
Just trying to understand expected behavior

[chro...@googlecode.com]

Comment #61 on issue 512627 by gan...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Re post #58, I apologize, I meant post #50, not referring to you as #50.

Understand where you are coming from on these keys being writable by Admins
only. However, there are cases where unwanted software running as admin
deliberately sets these keys/values up to prevent Chrome from updating.

[chro...@googlecode.com]

Comment #62 on issue 512627 by gan...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Re post #60, yes, if the machine is not domain-joined, Chrome will update.
This change happened approximately around the Chrome 43 timeframe.

[chro...@googlecode.com]

Comment #63 on issue 512627 by ewald.li...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

RE post #61: It's OK, just bang your head a few times against the wall,
grab a coffee and read an episode of BOFH. You'll be fine then.

[chro...@googlecode.com]

Comment #64 on issue 512627 by martijn....@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Got the same issue as #53 with the same keys. All Citrix servers joined to
the domain. Still worked in 43, keys are ignored in 44.

[chro...@googlecode.com]

Comment #65 on issue 512627 by ewald.li...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

RE post #60: lorelei: instead of ChromeStandalone use the Chrome for Work
msi, you can find it here: https://www.google.com/work/chrome/browser/. The
policies you can use are here:
https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip

[chro...@googlecode.com]

Comment #71 on issue 512627 by martijn....@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

RE post 68, Yes a lot of ppl did that already (see above) including me but
that's the issue. It worked in 43, stopped working in 44. It's just
checking for new versions all the time now and trying to update which it
never did.

The ADM template just sets the registry key which you can do manually as
well.

[chro...@googlecode.com]

Comment #72 on issue 512627 by osman.ul...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

#52 and #58 both claim their machines are connected to the AD. We also have
AD connected desktops which are updating and ignoring our policy change.

[chro...@googlecode.com]

Comment #73 on issue 512627 by computer...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Regarding: "If there is an error in our enforcement logic (i.e. if we are
not honoring those policy settings for AD users), that is a bug and we will
treat it with urgency."

Using ADM templates to set the policy via AD Domain GPO is not functioning
for Google Chrome. The GPO sets the registry however Google Chrome
continues to check for updates, ignoring the GPO and registry settings.
There appears to be a error in the enforcement logic!

Thanks

[chro...@googlecode.com]

Comment #74 on issue 512627 by ewald.li...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

RE #70: Thanks for your clarification, but as a enterprise sysadmin I'd
like to make some remarks.

Updating and patch-management is indeed critical but within an enterprise
environment this should be embedded inside a enterprise wide infrastructure
and not to be left to applications. Image that 300+ applications all update
themselves with there own schedules. Users would get crazy and soon a
lynchmob will be formed. Controlled and predictable update time-windows are
business critical and therefor a controlled update mechanism is one of the
key features we test applications for.

AUTO-updating in an enterprise environment is a no-go, controlled updating
a big yes. The update policies provide the controlled update mechanism,
forcing auto-update on enterprises will effectively kill Chrome inside
enterprise environments. To be clear on definitions, by auto-updating I
mean the mechanism of applications updating themselves.

With update .89 the update policies seem to be ignored but updating to .107
shows the policy in fact still applied and active but the UX changed which
led to confusion. I consider this a UX bug, I hope this will get fixed soon
so automatically attempting to update when opening the About page is
disabled.

[chro...@googlecode.com]

Comment #82 on issue 512627 by BKDMi...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

We have the same issue that many have stated.
1: Domain joined win7 with non-admin users
2: Up to 43 updates turned off via reg keys & disabled services as listed
above.
3: We would, post testing, deploy updates via SCCM about 3 weeks after
release.
4: Now in testing we see that 44 tries to check for update when one views
the version and prompts for admin in the process. This will not work for us
so we will remain on 43 until this is resolved.

[chro...@googlecode.com]

Comment #84 on issue 512627 by ewald.li...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Just upgraded to version 44.0.2403.125, no change in behavior yet. Neither
is this in the changelog
https://chromium.googlesource.com/chromium/src/+log/44.0.2403.107..44.0.2403.125.

[chro...@googlecode.com]

Comment #85 on issue 512627 by Sebastia...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

@#56
You are right. It's the UX bug you mentioned in #31.
The update won't get applied and I see the error message you posted after
confirming the UAC-prompt. Any specific plans when this bug will be fixed?
It still exists in 44.0.2403.125.

[chro...@googlecode.com]

Comment #86 on issue 512627 by insidean...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Just wanted to add my experience:

Windows Domain network, I just deployed the 44.0.2403.125 ("Chrome for
work")to my desktop and checked the version information - suddenly saw,
that Chrome was looking for updates but tells me, I'm on the latest release.

The GPO is still active but wont work on my 44.0.2403.125 - Updates should
be disabled.
My last version was the 43.0.2357.130 (also Chrome for work) - there are no
problems.

Any fix in sight already?

If I can help with sending in logs, tell me.

[chro...@googlecode.com]

Comment #87 on issue 512627 by sh...@elkin.k12.nc.us: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

RE Post 70

Not all of us have abandoned Novell yet. Our machines are not part of a
domain and wont be for some time.

We also use DeepFreeze. In the morning when we turn them on, they have 43.
After a time they get updated to 44. When we shut them off, they are back
to 43. Rinse, Repeat. We have spent the summer cloning computers with 43
the way we need. We then lock it down with DeepFreeze. When school starts
back, we'll have 1000 PC's updating to 44 every day.

Why are you forcing 44 down? Forcing updates is an Apple move!!! I have
more faith in Google than that!!

For the general public, this is a great default. However, you've got to
give us a way to control it.

[chro...@googlecode.com]

Comment #88 on issue 512627 by sh...@elkin.k12.nc.us: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

# 87. add-on

Yes, we have manually pushed the GPO's on the machines and the registry
settings to block the updates.

[chro...@googlecode.com]

Comment #89 on issue 512627 by david.dr...@heatsoftware.com: Regression:

Chrome 44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Since you mentioned Apple...

Disabling the Chrome updater on a Mac does not work either, not even when
you follow Google's instructions:
https://support.google.com/installer/answer/147176?hl=en&ctx=go

...but the bigger issue right now is Windows.

[chro...@googlecode.com]

Comment #90 on issue 512627 by sh...@elkin.k12.nc.us: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Lol. Didn't realize that.

Sent from my mobile. Please ignore my spelling. :-)

[chro...@googlecode.com]

Comment #91 on issue 512627 by david.dr...@heatsoftware.com: Regression:

Chrome 44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

re #89, it never worked on Mac in our environments. I am not saying it is
part of this issue at all.

[chro...@googlecode.com]

Comment #92 on issue 512627 by sh...@elkin.k12.nc.us: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

I see. Thanks for the clarification.

Sent from my mobile. Please ignore my spelling.

[chro...@googlecode.com]

Comment #93 on issue 512627 by martijn....@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Any update on this? Still not fixed in the latest version.

[chro...@googlecode.com]

Comment #94 on issue 512627 by jabark...@warwickshire.gov.uk: Regression:

Chrome 44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Same issue in Version 45.0.2454.15 beta

[chro...@googlecode.com]

Comment #95 on issue 512627 by d...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Issue 491684 has been merged into this issue.

[chro...@googlecode.com]

Comment #96 on issue 512627 by techguru...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

This has NOTHING to do with a "domain joined" machine and I cannot believe
the Google folks don't understand such a simple problem. The darn product
used to honor a couple simple REG keys saying "don't upgrade".

As of 44, your code was changed and you broke it - the product sees the
keys, partially still even displays blah blah can't update....and then it
proceeds to UPDATE when it shouldn't.

I have tested this on 3 different PC's in VMs that are standalone WORKGROUP
non-domain machines, set the reg key via GPEDIT.MSC loading the google
provided ADM template. Then, installed v43. Reboot. Chrome will then
auto-update to v44.

Is that a simple enough explanation I see 100 darn posts of devs trying to
dance around this. Find in the code everywhere that those reg keys were
read (in v43) and diff the code to v44 and revert the change that broke it
- problem solved.

[chro...@googlecode.com]

Comment #97 on issue 512627 by collin.c...@blueprairie.com: Regression:

Chrome 44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

What's wrong with Google? Seriously, I reported this problem MONTHS AGO in
May. When you CLOSE the older report like this to merge into the NEWER one
leaving only it....when you admin these posts I see no other reason to do
it that way but to SKEW your metrics and you've now make a multiple month
issue you FAILED to do anything about appear to be a NEWER issue.

For the record, this is how long this issue has been sitting.
Issue 512627
https://code.google.com/p/chromium/issues/detail?id=512627

And other posts are correct, pull the darn code for v43 and diff the
sections that read those reg keys - that's it - this has NOTHING TO DO
with "domain joined" machines. I was the ORIGINAL reporter of this and
HALF the original machines I tested on for the initial report weren't
domain joined and simply standalone workgroup machines.

[chro...@googlecode.com]

Comment #98 on issue 512627 by JGo...@drpower.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

From my perspective and testing its a UX problem only. After running the
following script with ver 44...89 it did not update to ver 44....125 even
though it appears to check for updates. It will indicate that it is updated
even though it isn't.

You must run the script with the installer in the same directory as the
script if you would like to update Chrome.

REM Install Chrome
"googlechromestandaloneenterprise.msi" /qn

REM 1. Just in case apply policy settings:

REG.EXE ADD "HKLM\SOFTWARE\Policies\Google\Update" /v
DisableAutoUpdateChecksCheckboxValue /t REG_DWORD /d 1 /f
REG.EXE ADD "HKLM\SOFTWARE\Policies\Google\Update" /v
AutoUpdateCheckPeriodMinutes /t REG_DWORD /d 0 /f
REG.EXE ADD "HKLM\SOFTWARE\Policies\Google\Update" /v UpdateDefault /t
REG_DWORD /d 0 /f

REM 2. Disable updater services (cmd as administrator):

sc config gupdate start= disabled
sc config gupdatem start= disabled
sc stop gupdate
sc stop gupdatem

REM 3. Delete updater tasks:

schtasks /delete /tn GoogleUpdateTaskMachineCore /f
schtasks /delete /tn GoogleUpdateTaskMachineUA /f

REM 4. Kill GoogleUpdate.exe if exists.

[chro...@googlecode.com]

Comment #99 on issue 512627 by martijn....@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

#98 You're right. It does say checking for updates but then it says it's
running the latest version although a newer version was available.

So I'm happy with that, solves it for me. As long as it's not downloading
or installing anything I'm good.

Thanks for the clarification.

[chro...@googlecode.com]

Comment #100 on issue 512627 by avn...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

same problem here. policy works on v41. not working on v44.

similar issue, probably the same:
https://code.google.com/p/chromium/issues/detail?can=2&start=0&num=100&q=&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20OS%20Modified&groupby=&sort=&id=514277

[chro...@googlecode.com]

Comment #101 on issue 512627 by jabark...@warwickshire.gov.uk: Regression:

Chrome 44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Same issue in Version 44.0.2403.130...

Attachments:
1.JPG 17.8 KB

[chro...@googlecode.com]

Updates:
Cc: kavv...@chromium.org

Comment #103 on issue 512627 by kavv...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Issue 516966 has been merged into this issue.

[chro...@googlecode.com]

Comment #106 on issue 512627 by stev...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

This is a serious issue as it prevents being able to roll Chrome 44 out in
an Enterprise scenario, forcing us to stick with the earlier releases which
do not have the fix in place for the serious Adobe Flash vulnerabilities.

Honoring of the "UpdateDefault" policy needs to be reinstated!

[chro...@googlecode.com]

Comment #107 on issue 512627 by gan...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Re comment #105 and #106, are you actually seeing updates applied, or are
you just seeing checks for updates? If you are seeing updates being applied
for domain-joined machines, could you please follow the instructions in #17
to get a sawbuck log when navigating to chrome://chrome?

So far, we do not have a single confirmed case of updates actually being
applied for domain-joined machines.

Thank you.

[chro...@googlecode.com]

Comment #108 on issue 512627 by j...@jfjames.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

RE #107. Checked a couple domain joined 44.0.2403.89 machines and it
appears you are correct - they show "up to date" when allowed through the
firewall and running a manual check. My apologies for missing the earlier
comments about domain vs. non domain and the UX change.


*Please* consider restoring the ability to block updates on non-domain
machines and just do something like enforce the warning when software is
out of date more than a set number of days/versions/etc. I'd be fine
signing up for a special enterprise download where I acknowledge "extra
risk", etc of retaining that setting.

Example 1: Not being able to block updates causes issues with non-domain
DeepFreeze machines, especially on cellular modems - they pull down the new
version every reboot.

Example 2: Application whitelisting could block auto-updated installs of
Chrome.

Example 3: Testing patches before install and the ability to roll back in
case of issues is important. See also, FBI CJIS policy 5.3
5.10.4.1 Patch Management
....
Local policies should include such items as:
1. Testing of appropriate patches before installation
2. Rollback capabilities when installing patches, updates, etc.


Thanks

[chro...@googlecode.com]

Comment #110 on issue 512627 by so...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

#109, let's discuss the idea of "just do something like enforce the warning

when software is out of date more than a set number of days/versions/etc".

Please tell us how would this work end to end. What warning would you like
to be enforced?

[chro...@googlecode.com]

Comment #111 on issue 512627 by joshjame...@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

To be clear I'd still prefer an option to disable auto-update but in lieu
of that maybe something like this would help everyone using the enterprise
msi on non-domain machines:

1. UpdateDefault flag of old can be set in registry / Local GPO. If not
set or set to true, just auto-update like the old versions. If set to 0,
follow enterprise timeframe.

2. Chrome periodically checks for updates and sees that as of <server
returned time> the installed version has been flagged as old.

3. If out of date less than 72 hours, server tells Chrome to display an
out of date message on the about screen with option to update but does
nothing automatically.

4. If out of date between 72 hours and 144 hours, the server responds
telling Chrome to display a warning message at launch / every x hours
suggesting the user contact their system administrators for updates.

5. Beyond 144 hours out of date, server tells Chrome to update anyway.


Obviously the time-frames are up for debate, those examples are pretty
short. Having them be configurable or tied to the local clock would defeat
the purpose but it might be helpful to extend them a bit for significant
changes like plugin/certificate support - the key here would be making
those time-frames known. Somewhere there's a balance of giving sysadmins a
chance to test/push/coordinate updates, avoiding pop up messages that
everyone will just ignore if they appear all the time, and making sure
things get updated quickly to stop malware. This wouldn't really help for
machines that sit powered off for a few weeks at a time - they might
download a Chrome update before getting enterprise updates and/or whitelist
settings, but still better than no control over updates.


Thanks

[chro...@googlecode.com]

Comment #112 on issue 512627 by mcruci...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

As with post #87 I am in the Novell boat here as well. No AD Domain. Using
Zenworks to deploy local GPOs which include the Google ADM files. This had
worked until recently. Can google confirm that this is no longer going to
be a viable way to block updates going forward?

[chro...@googlecode.com]

Comment #113 on issue 512627 by bmckilli...@conetec.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

This is very frustrating, trying to lock machines down to chrome 44, by
disabling autoupdate, the main reason being that chrome 45 is disabling
NPAPI support.

[chro...@googlecode.com]

Comment #114 on issue 512627 by jabark...@warwickshire.gov.uk: Regression:

Chrome 44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

NO luck on version 44.0.2403.155m... Just updated!

Attachments:
1.JPG 18.1 KB

[chro...@googlecode.com]

Comment #115 on issue 512627 by lobian...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Experiencing the same problem with Google Chrome Version 44.0.2403.155 m.
I am in an enterprise organization running Windows 7 and tested upgrading
from Google Chrome 43 to Version 44.0.2403.155 m. My machines are
connected are joined to an Active Directory Domain, as soon as we launch
Google Chrome Browser 44, we get the following error:

Version 44.0.2403.155 m

Update failed (error: 3)An error occurred while checking for updates:
Update check failed to start (error code 3: 0x800704c7 -- system level).


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update]
"AutoUpdateCheckPeriodMinutes"=dword:00000000
@=""
"DisableAutoUpdateChecksCheckboxValue"=dword:00000001
"Update{8A69D345-D564-463C-AFF1-A69D9E530F96}"=dword:00000000
"Update{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}"=dword:00000000
"UpdateDefault"=dword:00000000
"InstallDefault"=dword:00000000
"Install{8A69D345-D564-463C-AFF1-A69D9E530F96}"=dword:00000001
"Install{8BA986DA-5100-405E-AA35-86F34A02ACBF}"=dword:00000001

We cannot deploy Google Chrome as the user base will see a UAC Prompt in
order to try checking for an updated version of Chrome. We ran a Procmon
scan and confirmed that Chrome is hitting the keys, but no action is taking
place.

[chro...@googlecode.com]

Comment #116 on issue 512627 by Sebastia...@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

@gan...@chromium.org Are there still plans to fix this bug?

[chro...@googlecode.com]

Comment #117 on issue 512627 by tom.dl...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Here the same. Chrome 44.0.2403.155 m don't recognized that updates are
disabled with GPO. Can't deploy it. Please, fix this bug!

[chro...@googlecode.com]

Comment #118 on issue 512627 by marc.rie...@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

same Problem for us, waiting for a fix.
Can't deploy version 44.0 in our company with this bug.

[chro...@googlecode.com]

Comment #119 on issue 512627 by schim...@schimkat.dk: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

This is bad all right .. but there is no need to halt deploying.

The Chrome enterprise MSI installer is probably one of the worst MSI's ever
- it's just a wrapper around the .exe installer. You would all ways want to
repack this "msi" into a regular Windows Installer MSI, and when doing that
- you just exclude the Update directory and update services - and updating
is disabled for good.

[chro...@googlecode.com]

Comment #120 on issue 512627 by martijn....@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

#119 That doesn't mean this should not be fixed. I can't believe something
small as this which affects a lot of enterprises is so hard to fix,
somebody broke it so they should sure know how to fix it but it looks like
nobody cares.

For me it's purely cosmetic, I hate it when users see some vague error
message when they click on about. It should just say updates are disabled,
I'm not a programmer but really, how hard can that be?

[chro...@googlecode.com]

Comment #121 on issue 512627 by schim...@schimkat.dk: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

This is bad all right .. but there is no need to halt deploying.

The Chrome enterprise MSI installer is probably one of the worst MSI's ever
- it's just a wrapper around the .exe installer. You would all ways want to
repack this "msi" into a regular Windows Installer MSI, and when doing that
- you just exclude the Update directory and update services - and updating
is disabled for good.

I still create new update-disabled Chrome packages for our customers as
soon a Google release new versions - so the problem is not that hard to
circumvent. :-)

[chro...@googlecode.com]

Comment #124 on issue 512627 by sh...@elkin.k12.nc.us: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

C'mon folks lets just admit it. This is not a bug. They did it on purpose
and really don't care what we think. If there is not enough backlash from
the users, this will always be an issue from now on. Guess we'll have to
repack the MSI like #121 suggests. As I've said earlier we run DeepFreeze,
so in my environment it gets reset back to our config every night... then
re-updates everyday. Thanks for all the wasted bandwidth!

Guess we'll start reimaging with an older version or repack.....


Thanks,
-britt

Britt Shaw
Chief Technology Officer
Elkin City Schools
202 W. Spring St
Elkin NC 28621
336-835-3135 x250

"There are only 10 types of people in the world: those who understand binary
and those who don't..."

[chro...@googlecode.com]

Comment #125 on issue 512627 by slice.of...@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

How would one repack the chrome msi? What tools to use to do it?
schim...@schimkat.dk could you please elaborate.

[chro...@googlecode.com]

Comment #126 on issue 512627 by deepak...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Hello Team,

Well, I searched through this forum for the same purpose - and trying to
find out any solution or workarounds.

Luckily, Going through many of the above comments, I understand that this
is limited to an UX issue.

However, to verify the same, I tried checking the help-> about of the
latest & (latest -1) versions of Chrome. In both cases, it displays Google
Chrome is up-to-date & also during first launch, it actually tries to check
for updates, but in real - it doesn't. Have attached the screenshots of the
same.

Finally, I wanted to know whether the Ux issue has been resolved or the
work is in progress or any work arounds for the same ? Because, being an
enterprise sysadmin, we are likely to get similar questions from many!

Thanks & in anticipation of a response to this,

Deepak YN
Software Lifecycle Management - Global Lead

Attachments:
2.jpg 15.2 KB

[chro...@googlecode.com]

Updates:
Status: WontFix

Comment #127 on issue 512627 by lafo...@chromium.org: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

First, thank you to everyone who provided feedback. Our next step is going
to be to resolve the on-demand UX behavior, which will be tracked
separately in issue 514827.

Referencing back to comment #70, copied below (for utility sake), policy
settings are going to continue to apply only to AD-joined users.

Since we have a separate bug to track the UX behavior, I'm going to close
out this particular issue. While we didn't change our position, for this
case, I want to be clear that we do indeed read and thoughtfully consider
all feedback that we receive. You have my sincere thanks for providing a
good discussion on this topic.



"We understand the need for controls in the Enterprise use case, which is
why we support policy based administration. I want to make clear that we
respect that audience to make careful decisions about their user bases, and
as such offer affordances w/ in certain practical limits (i.e. users
controlled by an Active Directory domain).

That being said, auto-update is a critical security feature for our
product, and is not something that we consider to be optional (both for the
sake of protecting users and quickly de-valuing exploits). Since malware
(and other unwanted ware) has started to abuse these policy settings, for
the broader user community, we made the call to limit those settings
strictly to Active Directory domains, where there was strong validation
that the client was indeed an Enterprise user.

If there is an error in our enforcement logic (i.e. if we are not honoring
those policy settings for AD users), that is a bug and we will treat it
with urgency."

[chro...@googlecode.com]

Comment #128 on issue 512627 by collin.c...@blueprairie.com: Regression:

Chrome 44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Again this is horrible and now Google edited my post above just to cover up
how long ago I initially reported this issue (in MAY) as issue 491684 check
it yourself and you'll see they killed the original OLDER post and merged
into the MONTHS NEWER to make it look like a newer issue which is horrible
in practice!

https://code.google.com/p/chromium/issues/detail?id=491684

So as an ex developer where can I pull the source code for Chrome 43 vs
latest? Jesus, this should be easy to fix. In May (my original post) you
can simply compare those 2 versions that's where the code change took place
and broke this.

And no, as far as I know this happens GLOBALLY - ANY VERSION of DEV x64
since I reported this issue in MAY when I test and use the ADM to set ALL
the block reg keys if I leave it alone it winds up updating. This is for
both domain and non-domain joined machines that seems to have zero impact
in my testing.

HELP/ABOUT CHROME <used to> simply immediately show "Updates are disabled
by your administrator" and simply NOT TAKE ANY FURTHER ACTION, execute
anything, waste any bandwidth, etc. - that is how is should function why
would anyone think that needed to change or now want to suggest anything
else?

Find the code change made in May in those couple sections, and roll it back
- period. Heck, give me the code and I'll find it how hard is searching
the source files for all references those reg keys to be checked correctly
in 43, and adding them back to the current code base?

Google is killing Enterprises now after struggling for all those years to
slowly win the market share from MS....if they do not respond quickly to
issues like this they risk losing that hard earned market share.

[chro...@googlecode.com]

Comment #133 on issue 512627 by martijn....@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

The reason for disabling the policy when not in a domain is kinda stupid
anyway.

Quote: To prevent abuse of our policy settings (principally by malware).

So, the malware can already write to your HKLM (which requires
administrator privileges and triggers UAC to begin with) why would it set
Chrome updates disabled, so it can exploit a not yet released security hole
that will be patched in a newer version of Chrome?

If it can write to HKLM, can it also null route the google update servers?
I bet it can. How are you gonna patch that 'hole'?

Man, the guy that brought this up he really had nothing else to do did he?
It was just added without thinking about it, the assumption alone that the
entire world runs Windows with Active Directory is crazy to begin with.

[chro...@googlecode.com]

Comment #135 on issue 512627 by sh...@elkin.k12.nc.us: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Another issue I would like to bring up is compatibility. NC uses a
modified version of PowerSchool for every LEA in the state to handle
Student Information. We have to use this system. Mission Critical. Last
year we started patching some of our machines to the new version of
Chrome. Broke the entire system. We had to backrev every machine that we
had patched until you came out with the next version. We had to skip an
entire version because of an incompatibility. If it works it works. If it
doesn't, we can't use it. What do we do when you force an update and it
breaks the system that we have to use. Doesn't matter if it's your issue
or theirs; it has to work or we're down. Attendance, Grades, all
information, etc... Again, Novell user. Is Microsoft paying you guys to
do this?

Thanks,
-britt

Britt Shaw
Chief Technology Officer
Elkin City Schools
202 W. Spring St
Elkin NC 28621
336-835-3135 x250

"There are only 10 types of people in the world: those who understand binary
and those who don't..."

[chro...@googlecode.com]

Comment #136 on issue 512627 by carlosan...@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

#127 - Maybe I missed something, but I have joined-AD users and GPO
enabled, but having v44...155 still updating directly from Internet.

Is this going to change in next minor release?

Currently I have Chrome 42 deployed - It's thousand of users and it's not
easy to upgrade all... If this is going to be fixed only in v45, users will
get banner "This version of Chrome is no longer supported. Please upgrade"
causing many internal issues...

[chro...@googlecode.com]

Comment #137 on issue 512627 by joshjame...@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Looking for creative ways to minimize malware is great - forcing auto
updates for non AD is hurting enterprise users more than helping. Forcing
auto-update is great for home use and anyone just trying to get a quick
download - leave that for the non enterprise download. Please consider
restoring the functionality or offering a special opt-out enterprise
download that allows the old UpdateDefault to work as before on Non AD
machines.

See previous posts for issues forcing updates creates for the many legit
enterprise machines not running AD - with DeepFreeze and similar software,
white-listing, FBI CJIS compliance, special enterprise applications, etc.


Thanks



Thanks

[chro...@googlecode.com]

Comment #138 on issue 512627 by collin.c...@blueprairie.com: Regression:

Chrome 44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Jesus seriously where this has gone. In May the Chrome team changed what
should be minimal amount of code that reads/writes and calls functions or
class methods based on a handful of registry keys specific to Google corp
for updating their products.

Those few changes broke what was perfect working functionality that <seems>
had been 100% accepted and adopted by both enterprise and even home users
or DEV users alike.

All this banter boils down to finding those handful of changes and
reverting the code - that's it.

Jesus I can banter all day long about Malware, Netware, group policies hell
system policies back to .pol files but none of it matters other than the
only developers with permissions to make code changes actually roll back in
the code from May and commit to the working DEV branch - Period.

[chro...@googlecode.com]

Comment #139 on issue 512627 by sh...@elkin.k12.nc.us: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

If you'll notice, this is not a bug. It is their decision to force this on
us. The banter is us trying to convince them to rethink their bad choice.

Thanks,
-britt

Britt Shaw
Chief Technology Officer
Elkin City Schools
202 W. Spring St
Elkin NC 28621
336-835-3135 x250

"There are only 10 types of people in the world: those who understand binary
and those who don't..."

[chro...@googlecode.com]

Comment #140 on issue 512627 by collin.c...@blueprairie.com: Regression:

Chrome 44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Untrue - I have seen not one piece of official documentation stating the
ADM file I use for enterprise update blocking is no longer valid or
supported by Google, nor that it is now IMPOSSIBLE to stop Chrome from
auto-updating using these registry keys.

When I see that.....I'll start bantering myself but until then....it's a
bug/coding mistake that broke the existing code functionality we all
adopted for many years, right?

[chro...@googlecode.com]

Comment #141 on issue 512627 by sh...@elkin.k12.nc.us: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Sorry. I guess I'm reading between the lines on #127. "WontFix".

Even though we are on Novell, we have pushed out the ADM files, registry
keys and other update blocks.. but those no longer work.

Many folks have shown that it's not working but with #127, they still
reference that it's "by design" instead of offering a fix. Bug? If they
really wanted to stop this, I doubt it would take 30 minutes. Maybe I'm
wrong.... I'll stop the banter. I guess I'm just getting more cynical
with age.

Thanks,
-britt

Britt Shaw
Chief Technology Officer
Elkin City Schools
202 W. Spring St
Elkin NC 28621
336-835-3135 x250

"There are only 10 types of people in the world: those who understand binary
and those who don't..."

[chro...@googlecode.com]

Comment #142 on issue 512627 by schim...@schimkat.dk: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

@#125 slice.of...@gmail.com

You would use a MSI repackager tool like Flexera Admin Studio or similar. I
just creates a update-disabled version of 44.0.155 .. and it works as a
charm. :-)

[chro...@googlecode.com]

Comment #144 on issue 512627 by martijn....@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

#142 So what if you go to chrome://chrome on an update disabled version?
What does it say? And how do you repackage, do you remove the services and
registry keys?

[chro...@googlecode.com]

Comment #147 on issue 512627 by ChuanYu....@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

We have the same issue, all testing machines are keeping updating
themselves. I can't stop these Chrome browsers, they are used to be good
before Chrome 44.0.

When I saw the title of this thread, I felt happy; but status marks
with "WontFix" really made me frustrated. it's been a month since the first
one reported this issue, still no solution. And the explanation #127 sounds
ridiculous, all my testing machines are not real enterprise users, they are
under a sub network and behind firewall. I can handle the security and
don't need browser to bother.

[chro...@googlecode.com]

Comment #148 on issue 512627 by wyd...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Chuan, this was logged by me for a UX issue relating to what users saw
under chrome://chrome when through policy manual updates were disabled but
automatic updates were enabled.

Suggest if you're using group policy to control Google Update behaviour and
your Chrome browser is auto updating, even when you have told it not to,
you either open a new issue or ask as I have suggested to Collin that issue
491684 is reopened.

Because of the noise on this one, this specific issue has now been opened
under issue 514827.

[chro...@googlecode.com]

Comment #151 on issue 512627 by insidean...@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Problem still exists in 44.0.2403.157, my last test before was
44.0.2403.125.

Going back to 43.0.2357.130. Again.
Skip updating Chrome in our company. Again.

[chro...@googlecode.com]

Comment #152 on issue 512627 by ScottAlc...@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Updates have been disabled as per every god damn blog out there and this is
still a pain in the rear end. UAC is now popping up if users go to 'About
Google Chrome'.. WHY??? We control updates in our domain, NOT GOOGLE!!!!!

[chro...@googlecode.com]

Comment #153 on issue 512627 by s....@skynet.be: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

As a workaround you can rename "C:\Program Files\Google\Update" folder on
all clients.
Now the auto-update will fail immediately with:
Update failed (error: 3)An error occurred while checking for updates:
Update check failed to start (error code 3: 0x80070002 -- system level).
No more auto-updates!
No more UAC prompt

[chro...@googlecode.com]

Comment #154 on issue 512627 by ScottAlc...@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

#153, that is a last resort and years back we did just that but our OCIO
and other IT managers now advise against deploying software with known
error messages, where possible, as to avoid users submitting calls to Help
Desk to resolve the error message.
I saw that Google developers have apparently resolved this in the code for
version 47 (code was posted 6 days ago) so I'll update our users to
43.0.2357.134 until 47 is released.

[chro...@googlecode.com]

Comment #155 on issue 512627 by jeffum...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

#153 I'll probably use this hack as well.

I don't understand why these settings are now being ignored as a malware
precaution. Malware with admin access could also rename/delete the google
updater or replace the chrome.exe entirely... Not to mention really do
anything it wanted. Seems like a PM who doesn't actually understand
security made this decision.

[chro...@googlecode.com]

Comment #156 on issue 512627 by apollovi...@gmail.com: Regression: Chrome

44 ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

Looks like in ver. 45.0.2454.85 this problem was fixed.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update]
"AutoUpdateCheckPeriodMinutes"=dword:00000000
"DisableAutoUpdateChecksCheckboxValue"=dword:00000001
"UpdateDefault"=dword:00000000
"Update{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}"=dword:00000000
"Update{8A69D345-D564-463C-AFF1-A69D9E530F96}"=dword:00000000
This registry key prevents Chrome auto update.
Can somebody confirm this?

[chro...@googlecode.com]

Comment #157 on issue 512627 by janaro1...@gmail.com: Regression: Chrome 44

ignoring Google Update Policy Configuration
https://code.google.com/p/chromium/issues/detail?id=512627

I have not tried version 45, but is not working on version 46.0.2490.86 m.