Windows – Deploying Ossec HIDS Windows Agent via GPO

To speak to Flash Player in particular: You can obtain an MSI from Adobe through a licensing program. Have a look at: http://www.adobe.com/products/players/fpsh_distribution1.html

I regularly install Adobe Reader, Flash, Apple QuickTime, and others using GPO-based installations. When new versions are released, I deploy the new versions as mandatory upgrades.

You should take some time to learn about Windows Installer and building your own packages. You can use repackaging tools, but the best results, in my expereience, come from learning how to use tools like WiX (http://wix.sourceforge.net/) to create your own packages from the ground up. Repackaging tools create "dumb" MSIs that don't necessarily do what the original SETUP author wanted. An intelligent human repackager tries to learn what the SETUP author wanted to do and creates a package that does that.

At the very least, you need a tool like ORCA allow you to create Transform files (MST) for existing packages, and enough of an understanding of Windows Installer to allow you to intelligently create MST files.

I've had really good luck with managing software this way. It's been a big win with my Customers for efficiency, and has been a great differentiator of my services. I highly recommend it.

Maybe familiarize yourself with some of the tools mentioned in this article, even though it's dated WinInstall is probably still considered the top free packaging software. Before Application Virtualization became more popular, I used Wise Admin Studio extensively but that is a pricey, enterprise level product. So grab one of the free utilities and you can "capture" what the installation (the install exe) does and package that as an MSI and go from there.

Click here for a how-to on WinInstall

One last thing, using GPO Software Installation feature only works during a reboot, running a manual gpupdate (even with a /force) will only queue it up to get installed on the next reboot.