Hi David, On 04.07.2010 11:55, David Petterson wrote: > Do I need to enable this "upgrade-before-remove" or is it default? The upgrade-before-remove feature exists since a long time in WPKG. Later a switch to disable it has been implemented. If you did not explicitly disable it, it's enabled. > I would like windows update to become the only update manager for > Windows. It sucks to have like four different update clients running on > the same machines. I usually disable them on our clients and install > program updates with wpkg when possible. To this I fully agree. But this is simply showing a missing pluggable mechanism for Microsoft Windows Update. Since years I hope that Microsoft would allow 3rd-party applications to plug Windows Update extensions. Basically just a server API to check the latest version would be sufficient. Then Windows update could maintain a list of update servers, query them exactly as it queries the Windows update services and in case updates are available download and install them exactly like Windows Updates. But now we are forced to implement our own update tools. Only the Google updater seems to be pluggable so others could hook up to it. But I also do not want to have Google updater, Adobe Updater, Java update checker, Flash updater and various others on my system. Finally you need to extend your system resources just to run all these updaters. In addition most updaters are very basic, do not support a central update server like the Microsoft updater roes (WSUS). Application built-in updaters typically do not work if run in user context. For example Firefox updates are never applied by users since Firefox will only display a dialog box that updates are available. I typically deploy machines with a user account with limited user privileges and disable privilege escalation for such users (no UAC prompts for limited users). In fact even if users do not update Firefox, Flash and Acrobat Reader they are usually more secured than being just one single click away from running malware with administrator privileges. But this is getting off-topic now. br, Rainer |