Environment
ZENworks Patch Management 2020
ZENworks Configuration Management 2020
ZENworks Configuration Management 2020
Situation
By default Microsoft Edge is a feature of Windows and is therefore not "installed" in the usual way, ZPM does not recognise it as a product.
Resolution
For ZPM to manage and patch Microsoft Edge, the browser needs to be installed from the MSI.
Download the Edge MSI from: https://www.microsoft.com/en-us/edge/business/download
Edge keeps itself automatically updated. If the latest version is installed the Edge Updater may need to be disabled to allow a newer MSI to be installed. Also the automatic updates need to be disabled to allow ZPM to update Edge, rather than the native updater.
It's not recommended to uninstall Edge.
To disable Edge from updating
If the device is part of a Domain
More details: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-update-policies
If the device is not part of a Domain
- Disable the Edge Update Services (edgeupdate & edgeupdatem)
Task Manager > Services > Open Services
- Delete the Edge Update entries from Task Scheduler
Task Scheduler > Task Scheduler Library
- Rename the following file:
%programfiles(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Download the Edge MSI from: https://www.microsoft.com/en-us/edge/business/download
Edge keeps itself automatically updated. If the latest version is installed the Edge Updater may need to be disabled to allow a newer MSI to be installed. Also the automatic updates need to be disabled to allow ZPM to update Edge, rather than the native updater.
It's not recommended to uninstall Edge.
To disable Edge from updating
If the device is part of a Domain
The following registry key can be used:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate]
"UpdateDefault"=dword:00000000More details: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-update-policies
If the device is not part of a Domain
- Kill the Edge Update Services from Task Manager (if running)
- Disable the Edge Update Services (edgeupdate & edgeupdatem)
Task Manager > Services > Open Services
Task Scheduler > Task Scheduler Library
%programfiles(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
These changes will be reverted once Edge is updated.
The steps could be included as a Post-Enforcement Action in an Edge Patch Policy.
Additional Information
For reference, an example registry file for disabling Edge from updating on a non-Domain device:
"
Windows Registry Editor Version 5.00
; Disable Edge Update Services
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineUA]
; Delete the Edge Update entries in Task Scheduler
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\edgeupdate]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\edgeupdatem]
"Start"=dword:00000004
"
Please confirm and test these registry entries before use as Microsoft may change them.
External URLs are also subject to change.
"
Windows Registry Editor Version 5.00
; Disable Edge Update Services
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineUA]
; Delete the Edge Update entries in Task Scheduler
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\edgeupdate]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\edgeupdatem]
"Start"=dword:00000004
"
Please confirm and test these registry entries before use as Microsoft may change them.
External URLs are also subject to change.