Office 365 - Critical Update Deployment Help

1

Hi,

Having received an email this morning stating Microsoft are releasing a critical patch for Outlook for Windows, I wondered how other MSPs are rolling out fixes like this?

I have been search this forum and the web to find an automated way to do this via Syncro, Chocolatey or PowerShell but am finding nothing works.

I am aware I can instruct customer to use the Click to Run feature within Outlook to prompt for the upgrade but it doesn’t look great. If I can say Microsoft have released a critical security update but if you are a managed customer this has already be done. It not only looks good but may encourage other customers to see the value of having our RMM service.

Any help would be very much appreciated.

2

I haven’t dug into the Outlook issue yet but we have a script to force Office Click to Run versions to update. Take note that the “forceappshutdown=true” option will close any open Office apps. Either run it after-hours or change it to false.

# Check if running as System
$sid = ([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value
if ($sid -ne "S-1-5-18") {
    Write-Host "This script needs to be run as System."
    Exit 1
}

$updateExePath = "$($env:ProgramFiles)\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe"

# Exit if execuatable not found
$pathExists = Test-Path -Path $updateExePath -PathType Leaf
if(!($pathExists)) {
    Write-Host "Office C2R not found on this system."
    Exit 0
}

# Update Office using ClickToRun
try {
    Write-Host "Updating Office..."
    $result = Start-Process -FilePath $updateExePath -ArgumentList "/update user displaylevel=false forceappshutdown=true" -PassThru -Wait
    if($result.ExitCode -eq 0) {
        Write-Host "Office was sucessfully updated."
    } else {
        Write-Host "Office was not updated successfully."
        Exit 1
    }
} catch {
    Write-Host "An error occurred while updating Office."
    Exit 1
}
1 Like
3

Amazing, thank you very much.

I will try that shortly.

4

This worked amazingly, thank you very much.

5

FYI, C2R can be in two possible locations, so you probably want to wrap that all in a foreach something like this:

$C2RPaths = @(
        "$env:SystemDrive\Program Files (x86)\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe"
        "$env:SystemDrive\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe"
)
$C2RPaths | ForEach-Object {
    if (Test-Path -Path $_) {
yadayada
}
6

Good catch! I forgot about 32-bit Office on 64-bit Windows. Here’s an updated version for anyone that needs it.

Import-Module $env:SyncroModule

# Check if running as System
$sid = ([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value
if ($sid -ne "S-1-5-18") {
    Write-Host "This script needs to be run as System."
    Exit 1
}

$c2rPaths =@(
    "$($env:ProgramFiles)\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe"
    "${env:ProgramFiles(x86)}\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe"
)

# Check each path to see which is correct
foreach ($c2rPath in $c2rPaths) {
    $pathExists = Test-Path -Path $c2rPath -PathType Leaf
    if ($pathExists) {
        Write-Host "Updating Office using C2R located at '$($c2rPath)'."
       
        try {           
            $result = Start-Process -FilePath $c2rPath -ArgumentList "/update user displaylevel=false forceappshutdown=true" -PassThru -Wait
        } catch {
            Write-Host "An error occurred updating Office."
            Exit 1
        }
        
        if ($result.ExitCode -eq 0) {
            Write-Host "Successfully called the Office C2R updater."
        } else {
            Write-Host "The Office C2R updater was not called successfully. Please investigate."
            Rmm-Alert -Category "Windows | Application Management" -Body "The Office C2R updater was not called successfully. Please investigate."
        }
    }
}
1 Like
7

We have had a few computers I cannot get this to run on. I log in and click update in the actual Office app and it updates fine, so I’m perplexed why some machines just will not take it with no apparent error.

8

We have found that this script needs one more variable or it doesn’t always work.

updatepromptuser=false displaylevel=false forceappshutdown=true

The updatepromptuser=false also needed to be there. And if you wanted to NOT force apps shutdown, then displaylevel=true because the user has to push OK or the update won’t work.

9

So to be clear, and for those of us without the Powershell skills you folks possess, the command should look like this?
$result = Start-Process -FilePath $c2rPath -ArgumentList “/update user updatepromptuser=false displaylevel=false forceappshutdown=true” -PassThru -Wait

Thanks for this. Takes a long time to learn to use Powershell, and this sort of thing really helps.

1 Like
10

Out of curiosity, what was happening when the “updatepromptuser=false” parameter was not included?

You’ve got to love Microsoft for it’s edge cases!

11

That’s a great question.

Nothing! With no logs, feedback, output from the command, or evidence otherwise.

It looks like the CTR executable runs and “does a bunch of stuff”. I THINK that the failure is when people are using Office and never do anything, something like … “times out”?

Others are reporting that this may actually work but require a PC reboot to be updated anyhow. If this is true, then my comment should just be modified to “this works AFTER a PC reboot”. However, I wasn’t testing for that. It might work great by the time everyone restarts their PC.

12

Thanks Neil, works like a charm.