I have an AD domain and I don't want my users to have admin privileges on their local computer. I have WSUS for Windows updates and stuff but what about Firefox, Flash and other third party program updates? Isn't there a better solution than to go to everyone's computer and give them my username/password so that the update will actually go through?
It is called update hell. Seriously.
SCOM etc. can roll out install packages to selected computers that run with admin priviledges anre update the systems.
You could run logon scripts with admin priviledges trying to do the same. With acrobat we roll out new versions via AD when they arrive.
I seriously hope the WIndows Update mechanism (which WSUS piggibacks on) gets opened to third parties at one point. The pressure will be terrific to actually have them get their act together and USE IT.
The hard part is figuring out how to perform unattended installs / uninstalls / patches for each and every 3rd party app. Frameworks like Active Directory Group Policy, wpgk, etc, solve the easy part of the problem-- running code on the client computers.
You "pay the piper" one way or another. Either you subscribe to a service (KACE, etc) that has people who do the hard work of packaging up third-party updates and maintaining a framework to detect when they're needed and install them or you build the infrastructure yourself.
Personally I get a lot of mileage out of repackaging software as MSIs and using Software Installation Policy to uninstall old versions and install new ones. When I have to, I write startup scripts to perform unattended installations of updates. This isn't really sysadmin work-- it's more "installation developer work", but since so many third-party software companies can't get their act together and just use Windows Installer I'm often forced to be an installation developer for their products.
You can get some gratis help from online communities like AppDeploy.com (now owned by Dell via KACE) or the community surrounding wpkg. You're just leveraging the work that others have done to research the software.
It just comes down to what's cheaper-- your time or somebody else's.
As an aside: This would all be so much easier if developers would just use Windows Installer. All the documentation is freely available from Microsoft and there are a myraid of commercial and free/open source tools to get you started. I'm not even a professional developer and I can turn out MSI's using the open source WiX toolset very quickly. Whining that your installation is complex (and thus requires a custom EXE-based SEUTP) isn't a valid argument since you can incorporate custom code into MSI-based installations and, ultimately, you'd have to write that code for your custom EXE-based SETUP anyway.
Check out Shavlik. It works pretty good for us.
Have a look at wpkg. It can operate beside WSUS if you want to deal with these 3rd party apps.
Other than that CFEngine already supports Windows and both Puppet and Chef are working on Windows support. So solid multi-platform solutions are coming.