This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Buscar en Ayuda

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

ESR 115 Windows - background update without user ever logging in or launching FF?

  • 9 respuestas
  • 3 tienen este problema
  • 59 visitas
  • Última respuesta de Mike Kaply

more options

Hello,

We want to run Firefox in our environment which is constantly scanned by a security scanner, and deducts points for applications which have a vulnerability that has an available patch, but the patch has not been installed. These are on shared Windows terminal servers. Firefox is one of two browsers, Edge being the other one.

If users do not launch firefox at least once, then Firefox never gets updated.

Yes, we have the background update service installed, but it sets itself to manual, and if I try to start it, it simply gives the error "error 1: incorrect function"

How can we configure Firefox 115ESR to be able to run this service automatically, check for updates, and install, without a user on a particular terminal server ever having launched the application once?

Hello, We want to run Firefox in our environment which is constantly scanned by a security scanner, and deducts points for applications which have a vulnerability that has an available patch, but the patch has not been installed. These are on shared Windows terminal servers. Firefox is one of two browsers, Edge being the other one. If users do not launch firefox at least once, then Firefox never gets updated. Yes, we have the background update service installed, but it sets itself to manual, and if I try to start it, it simply gives the error "error 1: incorrect function" How can we configure Firefox 115ESR to be able to run this service automatically, check for updates, and install, without a user on a particular terminal server ever having launched the application once?

Todas las respuestas (9)

more options

is this really that difficult?

more options

Our background updater requires the user to have started Firefox once. Does it work in that case?

more options

Mike - in my testing, I found that the Windows scheduled task for firefox background updates was created automatically when the *first* person launches firefox on that particular server.

However, to my surprise, the scheduled task is set to only run when that first user is logged on, and it runs only in that first user's context too - rather than SYSTEM and to run whether or not a particular user is logged on (see attached image).

Also, subsequent users who launch Firefox on that same server, do not get a Scheduled Task under their own username and context. Is this by design, do you know? In order to keep down scheduled task bloat?

Our terminal server pool randomly puts logging in users on whatever server has the least load at that moment, and then signs them out automatically after 12 hours so that the next business day, they will again get load-balanced.

This means that that each user is relatively unlikely to ever get put back onto the same server again. And firefox background updates, therefore, will never work on that server because the scheduled task is waiting, forever, for that user to sign in again so that it will run in that user's context.

We do our patch management with SCCM/MECM (Microsoft's Configuration Manager program) and of course I could just make a new deployed package for every new version of Firefox ESR that comes out, but I was really hoping to just use Firefox's built-in updater and avoid the tedious task of making and deploying new MSI files for every release of FF.

But yes, to answer your question - for the specific scenario you are describing where the first user to launch Firefox on a server, stays logged into that server for the 7 hours auto-repeat that the Scheduled Task is set to in Windows, then yes, background update works.

That is great for a single user computer that is signed into all the time by that single user, (I know it works great because of course I use Firefox on my personal machine :-) )but for the Enterprise, it does not work for us at all unfortunately.

I have perused the ADMX files for Firefox for Enterprise but I have yet to find a way around this issue.

more options

We also have the problem with "run task only when user is logged on" (SCCM Infrastructure with over 20.000 Clients)

First time starting Firefox: We were able to solve this problem with our Active Setup script. (Start Firefox, wait five seconds, end process --> Background Task is created for the user).

However, we would also like to have the task run when the user is not logged in, but we cannot find a setting for this. (For example, we changed the interval from 7 hours to 30 minutes in the mozilla.cfg). Is there a way to change this?

Thanks in advance.

more options

daniel.schauer said

We also have the problem with "run task only when user is logged on" (SCCM Infrastructure with over 20.000 Clients) First time starting Firefox: We were able to solve this problem with our Active Setup script. (Start Firefox, wait five seconds, end process --> Background Task is created for the user).

Daniel - are your 20,000 clients all mostly single-user workstation-OS, or server-OS? So that active script startup is just for that particular first user who logs on - as I mention in my post, if a SECOND user logs onto that same computer, does the active setup script create a second background task for them?

I noticed that without any special active setup configuration, second users (and beyond) who launch firefox do not get a background update task. In my multi-user server OS environment, it's functionally useless unfortunately since we have dozens of servers and hundreds of users getting randomly load balanced to them.

more options

See text below

Modificadas por daniel.schauer el

more options

We have mostly physical single-user workstations (besides Citrix and VmWare, which I am not responsible for because I work in client management) in our environment, on which we distribute our scripted packages via SCCM.

Our Active Setup works in such a way that it is executed once for each user who is currently logging in. In other words, if five users log in, an Active Setup is performed for each of these users. For this purpose, a REG key is created in the registry in the user-hive. If this is present, Active Setup is no longer executed. (For example: https://www.itninja.com/blog/view/active-setup-concept)

With this we were also able to solve the problem with the missing task, since Firefox creates it on the user side after the first start.

However, we have not yet been able to solve the update problem with logged-out users. Maybe someone else here has input?

more options

It's been a month since the last entry, is there really no official help on this manageable problem? Is there a way to install updates to logged-out users?

With best regards

more options

I spoke to the team and for various reasons, updating Firefox requires that a user profile has been created.