Solved

How to: disable Java in all web browsers - using group policy or registry

Posted on 2013-01-13
7
1,312 Views
Last Modified: 2013-01-31
For win xp x32, Win 7 x32, and Win 7 x64.  Running IE, firefox, chrome, safari.

I'd like to disable Java content in all browsers.  I know I can do this 'manually' per Oracle: http://www.java.com/en/download/help/disable_browser.xml.

Some machines I can manage using active directory group policy, including pushing out registry entries.  For other machines, not joined to a domain, I'd like to email the users with the registry update.

Asking end user's to update to JRE 7.10, then disabling Java in the browser is a little more than I usually ask of them.   For the workgroup users I can publish the JRE 7.10 update as an MSI file.  Then I'd like for them to double click a registry update to disable Java in all their browsers.

Thanks!
0
Comment
Question by:John_Auskelis
  • 3
  • 3
7 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 38772297
This has become a popular question.  I think this comment may help

Cd&
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 38772310
John_Auskelis--For the Registry option see the "Installation Options" section here
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html

I believe the Registry key is
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\1.7.0_10\MSI
0
 

Author Comment

by:John_Auskelis
ID: 38773041
Thanks guys - after an afternoon of fighting with Java, I conclude there is no easy registry entry that disables Java in browsers.  You can manually set it per http://www.java.com/en/download/help/disable_browser.xml.  I can't find a registry key that disables it.

You can install the latest version and use command line switches to disable Java in browsers.  The command is:  jre-7u10-windows-i586.exe WEB_JAVA=0

Command line switches are not allowed in group policy installs.  Maybe someone who understands the Microsoft Installer can figure out a transform or other technique to push outthis setting.

After manually disabling, or installing with the command line, a registry key does get set (WEB_JAVA=0).  I think this only helps the next upgrade to keep the same disabled setting.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 50

Expert Comment

by:jcimarron
ID: 38775022
John_Auskelis--
FWIW-- Even the manual instructions in http://www.java.com/en/download/help/disable_browser.xml do not work for me.  I have to Start|type javacpl.exe|Enter|Security tab and then I can uncheck the box to Enable Java.
0
 

Author Comment

by:John_Auskelis
ID: 38775250
jcimarron -

Here's a tech note "Why are the disable Java check box and security slider not in the Control Panel"  http://www.java.com/en/download/help/jcp_securityslider.xml

"This is due to a conflict between Java 7u10/7u11 and standalone installations of JavaFX."
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 500 total points
ID: 38775284
Perhaps the problem is solved.  Java 7 Update 11 is released.
http://java.com/en/download/manual.jsp

John_Auskelis--Thanks for the info on the conflict between JRE and JavaFX
0
 

Author Closing Comment

by:John_Auskelis
ID: 38841131
I tested disabling Java in the browser, but too many website are using it.  Even Microsoft Live Meeting needed java in the browser.  So I have to agree - Java 7 update 11 is the best we can do right now.

May I rant? I have to send some bad vibes out to Oracle / Java.  Most of the malware cleanups I have done in the past couple years have started with a Java exploit.  Their default install adds unwanted software to the user’s machine.  They made it difficult to administratively disable browser functionality.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Read about achieving the basic levels of HRIS security in the workplace.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now