Welcome Guest [Log In] [Register]
Add Reply
Deploying Java Settings with Group Policy; How to deploy Java Settings with Group Policy
Topic Started: Apr 11 2015, 03:58 PM (81 Views)
imastar1987
Member Avatar
Administrator
Hello all,

I managed to get rid of Java Pop ups fairly easy with Group Policy.

I have deployed Java 8 update 40. There are 2 files that can be deployed which will configure java.

Exceptions.sites which is editable. With Java 8 update 40 you will need to put all sites where java is allowed to run otherwise you will get a box that says it can’t run.

(Special thanks to Oracle for getting rid of Medium Security)

Trusted.certs which is not editable directly. This file knows when you want to always allow a websites to run without prompts.

Now lets set it all up.

Open the Java Control Panel and click on the security tab. Click Edit Site List…

Add http://testnav.com and https://testnav.com

As well as any other sites you want whitelisted.

My exception.sites file has these whitelisted:

http://javatester.org/version.html
http://phschool.com
http://www.phschool.com
https://testnav.com
http://testnav.com
http://pearson.com
https://pearsonaccess.com
http://www.usc.edu/
As well as a few internal sites

Now go to the test location. Click the check box that say Always allow, then run.

If you want to prevent the run box from showing on other sites you should visit those sites as well.

The files are located here:

%USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security

Now copy exception.sites and trusted.certs to a location on your network.

Open Group Policy and edit a user policy. I have one for just software changes.

Go to: User Configuration > Preferences > Windows Settings > Files

Create a New File

Action Replace

Source File(S) PATHTO\trusted.certs
Destination File: %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs

Attributes Archive

Under the common tab place a description:
Java Certificates, When you click on the check box for Always allow this publisher

Create a New File

Action Replace

Source File(S) PATHTO\exception.sites
Destination File: %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites

Attributes Archive

Under the common tab place a description:
Java Whitelist

Now on a new machine do a gpupdate /force, see if these files populate and go to the testnav site and test to see if you get prompted.

Hope this helps.

Oh BTW. If you are having trouble with Deploying Java. (I was, took me about 2 months till I figured it out, I was always getting 1603 errors) Here is a tip.

Don’t use the java exe or their MSI. Instead using a packaging environment to build your own Java Installer. I used EMCO msi packaging.

Using a custom MSI of java has so many advantages over the original made by oracle.

You can deploy it at any time and it will not close out browsers. (Browser will need to be reopened for Java to work)

No More 1603 Errors.

You can remove Java Update

You can remove the start menu shortcuts.

And when the next version of Java comes up its easy to do a quick upgrade.

Etc. If anybody wants a copy of my Java installers I would be happy to post them somewhere.

Thanks
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · Group Policy · Next Topic »
Add Reply