/build/static/layout/Breadcrumb_cap_w.png

Java 7 Update 25 Best way to deploy with customized settings

INSTRUCTIONS

 How to deploy Java 7 Update 25 with customized settings:

1. 

Download the latest offline installer: 

http://www.java.com/de/download/manual.jsp

 

2.

Install Java manualy on a test machine (32bit/64bit)

After the installation you can find a .MSI setup in the following folder:

“%USERPROFILE%\AppData\LocalLow\Sun\Java”

 

3.

Now you can create a .MST with Orca or InstEd and under the "Property table" add following PROPERTIES: 

AUTOUPDATECHECK=0

IEEXPLORER=1

JAVAUPDATE=0

JU=0

MOZILLA=1

RebootYesNo=No

 

 4.

Switch to the "Registry Table" and add this reg key: 

 
 

Registry = NotifyDownload

Root = 2

Key = Software\JavaSoft\Java Update\Policy

Name = NotifyDownload

Value = 0

Component_ = jz

 

 

 

5.

Create a new “Deployment.config” and copy in the folling information:

 

deployment.system.config.mandatory=true

 

6.

Copy the “Deployment.properties” file from „%USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment“ and add following settings

deployment.security.mixcode=HIDE_RUN

deployment.security.level=MEDIUM

deployment.javaws.autodownload=NEVER

 

 

7.

Installation:

msiexec.exe /QN /L* "%Logs%\%AppName%.msi.log" /i "jre1.7.0_21.msi" TRANSFORMS="custom.mst" REBOOT=ReallySuppress

Copy job for the settings:

copy /y “%~dp0deployment.config” “C:\WINDOWS\sun\java\deployment\deployment.config” >>"%LogFile%"

copy /y “%~dp0deployment.properties” “C:\WINDOWS\sun\java\deployment\deployment.properties” >>"%LogFile%"

That’s it.

 

 

8.

If you know how, for sure you can integrate the property files in to the .MST file:

But I think for the most people it is more easy with a normal copy job. 

More settings can be found on:

http://docs.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/properties.html


Comments

  • looks great, really worth testing it - Nico_K 8 years ago
    • Thx, if you have any questions, feel free to ask - tecrumors 8 years ago
      • This looks really good. I built the package and was going to deploy via Kbox. Can you elaborate on how you deployed this? I would prefer to deploy via a manged installation instead running scripts. Do you know how or where I can find out how to integrate the property files into transform? Thanks for any input you can provide on this. - jwilliams 8 years ago
  • I made it with "InstallShield 2012" with this program you can add files and set the directory for the files. If you have no program like this check out http://www.instedit.com/instedplus. With InstEdPlus you have a FileManager where you can add files and folders. - tecrumors 8 years ago
  • Why do you not add the two files and the REBOOT property to the transform? - vjaneczko 8 years ago
    • 1. see point eight "If you know how, for sure you can integrate the property files in to the .MST file:

      But I think for the most people it is more easy with a normal copy job. "

      2. Yes you are right, but I have this in my template I use everytime. So if I don't make a transform file, that I dont miss the REBOOT Property ;) It is useless on the command line, when I make a transform, you are right. - tecrumors 8 years ago
  • Java 7u25 includes a patched version of the Javadoc tool that no longer generates vulnerable Web pages. In addition, Oracle released a separate tool called the Java API Documentation Updater Tool, that can be used to fix previously generated and vulnerable pages.so learn more about online courses on java training,.net,my sql,sap and sas at http://www.benchfolks.org/java-j2ee-training - anuli 8 years ago
  • Is this in a script or Distribution file? I want to push this out to all computer on our network through Kace if I can.
    I have to push out Java 7 update 25 to all pc on network. We want to turn off autoupdate. Also we want it to run the java plug in on IE. - Kdebiasse 8 years ago
    • Step 7. is the script Step 5 and 6 are config files. You can Deploy it over Kace, this is no Problem. - tecrumors 8 years ago
  • Because you have to update this so frequently, I find it easier to use a combination of switches on the exe installer and then dropping the deployment.properties file on the computer afterwards. That way you can simply update the name of the installer file exe instead of having to pull out the msi file every time. Below is our script to install Java on any machine, whether 32 or 64bit.

    The last bit changes the location of the trusted certificates store to be in appdata to a shared location. You can then drop a trusted.certs file in that location to prevent "do you want to run this application" for your approved applications.

    REM Install Java 7 update 25

    REM Check for 64bit OS and install 64bit Java if it is.
    if defined ProgramW6432 "\\d204.ipsd.net\express\Software\D204 Software\Java\7u25\jre-7u25-windows-x64.exe" /s IEXPLORER=1 MOZILLA=1 REBOOT=Suppress JAVAUPDATE=0 WEB_JAVA_SECURITY_LEVEL=M
    if ERRORLEVEL 1 exit %ERRORLEVEL%

    REM Install 32bit Java on both 64bit and 32bit Windows.
    "\\d204.ipsd.net\express\Software\D204 Software\Java\7u25\jre-7u25-windows-i586.exe" /s IEXPLORER=1 MOZILLA=1 REBOOT=Suppress JAVAUPDATE=0 WEB_JAVA_SECURITY_LEVEL=M
    if ERRORLEVEL 1 exit %ERRORLEVEL%

    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy" /v EnableJavaUpdate /t REG_DWORD /D 0 /f
    if ERRORLEVEL 1 exit %ERRORLEVEL%

    REM copy deployment.properties file so set java defaults
    if not exist "c:\windows\Sun\Java\Deployment" md "c:\windows\Sun\Java\Deployment"
    copy /y "\\d204\express\Software\D204 Software\Java\DeploymentSettings\Windows\Sun\Deployment\deployment.properties" "c:\windows\Sun\Java\\Deployment\deployment.properties"

    REM copy trusted.certs file to pre-approve Kronos and other java applications we approve of
    if not exist "c:\program files\Java\jre7\security" md "c:\program files\Java\jre7\security"
    copy /y "\\d204\express\Software\D204 Software\Java\DeploymentSettings\Program Files\Java\jre7\security\trusted.certs" "c:\program files\Java\jre7\security\trusted.certs" - iconiu 8 years ago
    • Thx, but If you write every setting in an MST you can use the same MST for the next release as well - tecrumors 8 years ago
  • This is a really nice solution, but wouldn't it just make sense to just take a little more time and show us all how to actually deploy it from our kbox? - mlafflin 8 years ago
    • I hope someone else can explain this... Because I dont work with kbox :/ - tecrumors 8 years ago
    • There are dozens of software deployment solutions out there and it would not be time efficient to try and write tutorials for every deployment platform out there. This video on youtube talks specifically about Kbox software deployment methods in which they make an mst.

      http://www.youtube.com/watch?v=PLQpkIQVCBg

      I suppose you could put the deployment.properties file in the additional files part of the mst, but you would still need to make two separate packages for Java to cover 32 and 64bit deployments. This cmd file is a one stop shop that does it all. When switching Java versions, all I do is download the two new exe files, copy the install script and edit the u number of the exe file path. I find that much easier than messing with an MST file but perhaps you have to with your deployment system. Even if you don't do an MST file, as long as the deployment.properties and trusted.certs files are copied after the deployment, but before a user opens Java, you are fine.

      I am more than happy to provide additional details, but hopefully the REM statements will be enough explanation. - iconiu 8 years ago
  • Nice article, one I have followed to the letter. However, whenever my users try to execute java they get a Java Update Needed dialog box with Update, Block or Later as an option? Anyway to prevent this? I know it's a known issue but we cannot go higher than 1.7.0_25 :S - Vialli 8 years ago
    • Yes there is a way, but not that easy. Follow this awesome blog: http://p0w3rsh3ll.wordpress.com/2013/06/25/defeat-the-new-oracle-java-runtimejre-1-7-update-notification-mechanism/
      It's not my blog, but why write down again when you can read it there ;) - tecrumors 7 years ago
  • This is a bunch of good information.

    First for downloading JRE, I would suggest using the developer forum package located at

    http://www.oracle.com/technetwork/java/javase/downloads/index.html

    These do not have the crapware, they try to get you to download.

    For the K1000, I use a java zip file that includes the jre executable, a bat script, and a 2 reg entry files.

    The bat file looks like the following: I rename the installer so it is easier for people to read if I am not around.

    ::Installs Newest Version of Java and Java SDK
    @ECHO OFF
    start /wait jre_7u67.exe /s

    IF EXIST c:\programdata reg import javaupdx64.reg
    reg import javaupd.reg
    exit

    The reg file contents include:

    For 64bit installs:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy]
    "EnableJavaUpdate"=dword:00000000
    "NotifyDownload"=dword:00000000
    "UpdateSchedule"=dword:00000006
    "Frequency"=dword:01010000
    "UpdateMin"=dword:00000009
    "Country"="US"
    "PostStatusUrl"="https://sjremetrics.java.com/b/ss//6"
    "NotifyInstall"=dword:00000000

    For 32bit Installs:

    [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy]
    "EnableJavaUpdate"=dword:00000000
    "EnableAutoUpdateCheck"=dword:00000001
    "NotifyDownload"=dword:00000001
    "NotifyInstall"=dword:00000001
    "Frequency"=dword:01040000
    "UpdateSchedule"=dword:00000013
    "LastUpdateBeginTime"=""
    "LastUpdateFinishTime"=""


    This actually removes the update tab from java control panel all together.

    So, in my K1000, I will install the JRE on a dummy machine. Fix the zip file, then upload it into K1000 under software.

    I will change my distribution install to the new version and I do not need to change anything else and it will begin
    deploying to the computers specified in the distribution. And as of JRE version 7u10 or so,
    the new versions uninstall the old for you during the update.

    Next, I created a new software for my deployment.properties file.

    The file looks like the following:

    #deployment.properties
    #Wed Feb 12 09:51:35 GMT-06:00 2014
    deployment.modified.timestamp=1392220295511
    deployment.expiration.decision.timestamp.10.45.2=1392218969
    deployment.version=7.21
    deployment.capture.mime.types=true
    install.disable.sponsor.offers=true
    deployment.expiration.decision.10.45.2=later
    deployment.expiration.decision.suppression.10.45.2=false
    deployment.browser.path=C\:\\Program Files\\Internet Explorer\\iexplore.exe
    #Java Deployment jre's
    #Wed Feb 12 09:51:35 GMT-06:00 2014
    deployment.javaws.jre.0.registered=true
    deployment.javaws.jre.0.platform=1.7
    deployment.javaws.jre.0.osname=Windows
    deployment.javaws.jre.0.path=C\:\\Program Files\\Java\\jre7\\bin\\javaw.exe
    deployment.javaws.jre.0.product=1.7.0_45
    deployment.javaws.jre.0.osarch=x86
    deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
    deployment.javaws.jre.0.enabled=true
    deployment.javaws.jre.0.args=
    deployment.security.level=MEDIUM

    Most of these do not seem to matter much from version to version but a few I would like to point out are the following.

    deployment.security.level=MEDIUM
    install.disable.sponsor.offers=true

    Another one that looks promising, from the documentation below,
    for the guy who asked about the upgrade no later, etc boxes.

    deployment.expiration.check.enabled=false

    These 2 seem to be the big ones I worry about.

    The first one sets security to medium
    The third one disables the sponsor offers when doing a manual update from the Java Control Panel, or from the system tray icon.


    Now I create a manual Software entry for this file and assign it to my Windows Operating Systems I want it to be deployed too.
    Then I create a file sync to deploy it to the systems I want it to be on. In the file sync, you can set the retries to 0, so it will constantly try to sync until it gets on the machine and set persistent so it will be put back if it gets updated or deleted.

    I sync the file to the location

    C:\Windows\sun\java\deployment

    Here are many other items you can place in the deployment.properties box.

    http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/properties.html

    This is what I do, and dealing with Texas state wide testing it seems to work pretty well keeping the machines updated
    with java with as little hassle as possible. - PhillipR 7 years ago
    • I don't understand "So, in my K1000, I will install the JRE on a dummy machine. Fix the zip file, then upload it into K1000 under software."
      I'm trying to install Java 7 with no update, iexplore enable and web_java enable and in control panel of java deployment.security.mixcode=HIDE_RUN - Kdebiasse 5 years ago
      • Make sure you have the software entry for the version you are installing. Then create a zip file containing your msi, .cab file and a .bat file to call the msi for installation. As part of the .msi call you can set your switches. For example, here's one I did for Java 8 Update 45

        msiexec /i jre1.8.0_45.msi INSTALL_SILENT=1 STATIC=0 AUTO_UPDATE=0 WEB_JAVA=1 WEB_ANALYTICS=0 EULA=0 REBOOT=0 NOSTARTMENU=1 SPONSORS=0 /qn - rockhead44 5 years ago
This post is locked

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ