Java 7 update 21 (1.7.0_21) Enterprise Repackaged Security Medium Deployment with SCCM

The issue on many blogs and articles is around creating the 'deployment.config' and 'deployment.properties' files for an enterprise deployment. In my case i wanted to set the security level to 'Medium', but everytime I open the Java control panel it was set to the default HIGH setting.

Solution

1 Create the following directory path 'C:\Windows\sun\java\deployment'

2 Create a file called 'deployment.config' in this directory and open with Notepad.

Copy the two line below

####################

deployment.system.config = file\:\\C\:\\WINDOWS\\Sun\\Java\\Deployment\\deployment.properties

deployment.system.config.mandatory = true

####################

3 Create a file called 'deployment.properties' in this directory and open with Notepad.

Copy the four line below (# deployment.security.level.locked optional)

######################

deployment.security.level=MEDIUM

deployment.browser.path=C:\Program Files\Internet Explorer\IEXPLORE.EXE

deployment.version=7.21

#deployment.security.level.locked

###########################

(without path and version, level will be ignored)

4 Delete C:\Users\%Username%\AppData\LocalLow\Sun

5 Delete: HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties

6 Open Java from Control Panel. You will find the security is now set to MEDIUM. If the lock was imposed, the user will not be able to adjust this setting as it will be greyed out.

Author: Jonathan Proctor

Source: http://www.syswow64.co.uk/2013/05/java-7-update-21-1721-enterprise.html

Comments

Active Setup Registry Key : What it is and how to create in the package using Admin Studio Install Shield

While launching from Admin account or doing “Run as Admin” it was launching properly but when launched from the standard-user account, though it was launching but GUI was not coming properly and before launching, it throws the error that some particular Skin file is missing. I checked in installation folder and skin file was there but still while launching I was getting the error, but when launched from Admin account or using “Run as admin” it was launching properly with proper GUI and no skin file missing error. On exploring further I found that application was installed by admin account and it created some entries in HKCU, and these entries contain the path and name of skin file to be used. So when we launched the application from Standard user account then these entries were empty in HKCU for Standard user. So to solve this problem while re-packaging I used Active Setup . Active Setup provides a great solution for installing current user data when the package is not installed

Remove previous versions using MSI Upgrade Table

There are several methods to uninstall the existing older versions of an application e.g. Script, MSI upgrade table, SCCM deployment conditions. We are here discussing the method using Upgrade table. Upgrade table can be used effectively to detect and uninstall the previous versions of a MSI based application provided the upgrade code is known. Here is an example on populating Upgrade Table: Locate the U pgradeCode in Property Manager . Remember this could either be same or different in previous version and if it is different then grab the code from previous version. Go to the Upgrade Table in Direct Editor . Copy the upgrade code to its column. Populate the Version columns based on requirement (consider all the digits as per previous MSI versions). Attribute column needs to be configured with appropriate bit flag for corresponding upgrade behavior. Refer to Upgrade Table to calculate the proper bit flag. In example, 768 is the sum of 256+512 which means, det

Active Setup for MSI with no Entry Points

Active setup provides a solution when the aim is to deliver user based components when no advertised entry points exist in an MSI package. Most packages will contain some kind on entry point; commonly an advertised shortcut. When launching this kind of shortcut Windows Installer will check the keypath of the component the shortcut belongs to and verifies that the component is installed. If it is found to be missing Windows Install will kick off a repair. This provides a great solution for installing current user data when the package is not installed in the user context. It is also a very good reason why you should never mix machine and user data in the same feature. So what do you do if there are no shortcuts to advertise? Active Setup will solve the problem. An MSI package has been created to install an Outlook plug-in. This package installs both user and machine data. User preferences are stored as a combination of HKCU registry and a XML file written to %USERPROFILE%. As t

Collection of Useful Posts

Search This Blog