| Deploying Java Settings with Group Policy; How to deploy Java Settings with Group Policy | |
|---|---|
| Tweet Topic Started: Apr 11 2015, 03:58 PM (81 Views) | |
| imastar1987 | Apr 11 2015, 03:58 PM Post #1 |
|
Administrator
|
Hello all, I managed to get rid of Java Pop ups fairly easy with Group Policy. I have deployed Java 8 update 40. There are 2 files that can be deployed which will configure java. Exceptions.sites which is editable. With Java 8 update 40 you will need to put all sites where java is allowed to run otherwise you will get a box that says it can’t run. (Special thanks to Oracle for getting rid of Medium Security) Trusted.certs which is not editable directly. This file knows when you want to always allow a websites to run without prompts. Now lets set it all up. Open the Java Control Panel and click on the security tab. Click Edit Site List… Add http://testnav.com and https://testnav.com As well as any other sites you want whitelisted. My exception.sites file has these whitelisted: http://javatester.org/version.html http://phschool.com http://www.phschool.com https://testnav.com http://testnav.com http://pearson.com https://pearsonaccess.com http://www.usc.edu/ As well as a few internal sites Now go to the test location. Click the check box that say Always allow, then run. If you want to prevent the run box from showing on other sites you should visit those sites as well. The files are located here: %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security Now copy exception.sites and trusted.certs to a location on your network. Open Group Policy and edit a user policy. I have one for just software changes. Go to: User Configuration > Preferences > Windows Settings > Files Create a New File Action Replace Source File(S) PATHTO\trusted.certs Destination File: %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs Attributes Archive Under the common tab place a description: Java Certificates, When you click on the check box for Always allow this publisher Create a New File Action Replace Source File(S) PATHTO\exception.sites Destination File: %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites Attributes Archive Under the common tab place a description: Java Whitelist Now on a new machine do a gpupdate /force, see if these files populate and go to the testnav site and test to see if you get prompted. Hope this helps. Oh BTW. If you are having trouble with Deploying Java. (I was, took me about 2 months till I figured it out, I was always getting 1603 errors) Here is a tip. Don’t use the java exe or their MSI. Instead using a packaging environment to build your own Java Installer. I used EMCO msi packaging. Using a custom MSI of java has so many advantages over the original made by oracle. You can deploy it at any time and it will not close out browsers. (Browser will need to be reopened for Java to work) No More 1603 Errors. You can remove Java Update You can remove the start menu shortcuts. And when the next version of Java comes up its easy to do a quick upgrade. Etc. If anybody wants a copy of my Java installers I would be happy to post them somewhere. Thanks |
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · Group Policy · Next Topic » |






8:15 AM Jul 11