John_Auskelis
asked on
How to: disable Java in all web browsers - using group policy or registry
For win xp x32, Win 7 x32, and Win 7 x64. Running IE, firefox, chrome, safari.
I'd like to disable Java content in all browsers. I know I can do this 'manually' per Oracle: http://www.java.com/en/download/help/disable_browser.xml.
Some machines I can manage using active directory group policy, including pushing out registry entries. For other machines, not joined to a domain, I'd like to email the users with the registry update.
Asking end user's to update to JRE 7.10, then disabling Java in the browser is a little more than I usually ask of them. For the workgroup users I can publish the JRE 7.10 update as an MSI file. Then I'd like for them to double click a registry update to disable Java in all their browsers.
Thanks!
I'd like to disable Java content in all browsers. I know I can do this 'manually' per Oracle: http://www.java.com/en/download/help/disable_browser.xml.
Some machines I can manage using active directory group policy, including pushing out registry entries. For other machines, not joined to a domain, I'd like to email the users with the registry update.
Asking end user's to update to JRE 7.10, then disabling Java in the browser is a little more than I usually ask of them. For the workgroup users I can publish the JRE 7.10 update as an MSI file. Then I'd like for them to double click a registry update to disable Java in all their browsers.
Thanks!
John_Auskelis--For the Registry option see the "Installation Options" section here
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html
I believe the Registry key is
HKEY_LOCAL_MACHINE\SOFTWAR
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html
I believe the Registry key is
HKEY_LOCAL_MACHINE\SOFTWAR
ASKER
Thanks guys - after an afternoon of fighting with Java, I conclude there is no easy registry entry that disables Java in browsers. You can manually set it per http://www.java.com/en/download/help/disable_browser.xml. I can't find a registry key that disables it.
You can install the latest version and use command line switches to disable Java in browsers. The command is: jre-7u10-windows-i586.exe WEB_JAVA=0
Command line switches are not allowed in group policy installs. Maybe someone who understands the Microsoft Installer can figure out a transform or other technique to push outthis setting.
After manually disabling, or installing with the command line, a registry key does get set (WEB_JAVA=0). I think this only helps the next upgrade to keep the same disabled setting.
You can install the latest version and use command line switches to disable Java in browsers. The command is: jre-7u10-windows-i586.exe WEB_JAVA=0
Command line switches are not allowed in group policy installs. Maybe someone who understands the Microsoft Installer can figure out a transform or other technique to push outthis setting.
After manually disabling, or installing with the command line, a registry key does get set (WEB_JAVA=0). I think this only helps the next upgrade to keep the same disabled setting.
John_Auskelis--
FWIW-- Even the manual instructions in http://www.java.com/en/download/help/disable_browser.xml do not work for me. I have to Start|type javacpl.exe|Enter|Security tab and then I can uncheck the box to Enable Java.
FWIW-- Even the manual instructions in http://www.java.com/en/download/help/disable_browser.xml do not work for me. I have to Start|type javacpl.exe|Enter|Security tab and then I can uncheck the box to Enable Java.
ASKER
jcimarron -
Here's a tech note "Why are the disable Java check box and security slider not in the Control Panel" http://www.java.com/en/download/help/jcp_securityslider.xml
"This is due to a conflict between Java 7u10/7u11 and standalone installations of JavaFX."
Here's a tech note "Why are the disable Java check box and security slider not in the Control Panel" http://www.java.com/en/download/help/jcp_securityslider.xml
"This is due to a conflict between Java 7u10/7u11 and standalone installations of JavaFX."
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I tested disabling Java in the browser, but too many website are using it. Even Microsoft Live Meeting needed java in the browser. So I have to agree - Java 7 update 11 is the best we can do right now.
May I rant? I have to send some bad vibes out to Oracle / Java. Most of the malware cleanups I have done in the past couple years have started with a Java exploit. Their default install adds unwanted software to the user’s machine. They made it difficult to administratively disable browser functionality.
May I rant? I have to send some bad vibes out to Oracle / Java. Most of the malware cleanups I have done in the past couple years have started with a Java exploit. Their default install adds unwanted software to the user’s machine. They made it difficult to administratively disable browser functionality.
Cd&