Support Multiple Updates on Local Update Server e.g. ESR and Release
I'm operating in an environment with 1,500 - 2,000 clients managed through a combination of SCCM, and Intune. We're transitioning over to ESR for all of our clients however a large portion of them are Release version.
For the Release versions the plan is to give them ESR when their system is replaced or reimaged via SCCM (we're still rolling out windows 10) but in the mean time we want to keep them updated. I attempted to use the msi to just install the version we want but it blew up on my first test group. too many variables in the installs and versions to contend with.
Instead of using the straight installer method I was looking at setting up a local update server and allowing our clients to grab from that . However its not clear if I can host both an ESR and a Release update on the same update server? that would be ideal since it would keep the release clients and the ESR clients updated while we work through getting everyone to ESR.
Or am I just going about this the wrong way? I'm open to any help or suggestions
Opaite Mbohovái (3)
Yes, you can totally host your own update server and do esr and release update.
They send different URLs to the update server.
I'm curious, though, why you wouldn't just let Firefox update itself?
Well it's complicated.
First We have some systems that have to run legacy apps that right now only reliably run on ESR however we have a mixed bag of systems with regular FireFox and ESR in the wild so we don't want to miss one in favor of the other for updates
Second a lot of the systems we support are deliberately isolated from the internet 911 dispatch for instance, internal video surveillance for another and we already use a combination of SCCM / GPO / DSC / WSUS to provide OS and other critical updates to these isolated systems we wanted to do the same with our browser updates to keep up with security bulletins
But thirdly as a general rule we don't just blindly let ANYTHING update especially something like browsers because any time we have it's bit us in the butt and caused issues with the myriad of legacy applications our end users have to use. With an intranet update server we stay in control of it but we can still keep our clients updated
Makes sense.
We do allow you to change the Update URL via policy and we do provide some info on setting up your own update server here:
https://developer.mozilla.org/en-US/docs/Mozilla/Setting_up_an_update_server
You can flip the preference app.update.log to true and see exactly what the URLs we are serving look like in the Browser console. That's the best way to see what's going on.
Then you can just copy the XML and the download of the MAR file (MAR files are our update files)