Securing Java on the desktop

With all the recent real security concerns over Java, I am tring to find a way to make sure that Java is as secure as it can be for those users that require it to be enabled. This is all in relation to Jave 1.7 update 11 only.

Java comes with security setting options as per the attached pictures. These choices are then apparantly stored in a file under each user, as per the attached text file. That text file is located at C:\Users\usernamehere\AppData\LocalLow\Sun\Java\Deployment. This is on a Windows 7 Professional workstation.

Does anyone know of a way to push these settings out to other workstations via Group Policy or registry or files, being that the deployment.properties file contains the username of the user?
1-21-2013-11-24-51-AM.gif
1-21-2013-11-14-42-AM.gif
1-21-2013-11-16-33-AM.gif
deployment.properties.txt
LVL 1
John TolmachoffNetwork AdministratorAsked:
Who is Participating?
 
Chris HConnect With a Mentor Infrastructure ManagerCommented:
You could write a batch file that echo'd the lines of code and use '%username%' without the quotes.
test.txt
0
 
John TolmachoffNetwork AdministratorAuthor Commented:
Interesting idea. Which then led me to the idea of just plainly coping the file upon login using the %username% as part of the path. Which your script triggered that thought. I will test and post back.
0
 
Chris HConnect With a Mentor Infrastructure ManagerCommented:
Using the script promotes the correct security is assigned to the file.  In my experience, echo piping is the fastest way to generate a config file.  Copying centrally located files brings other protocols and timeouts into the mix.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
John TolmachoffNetwork AdministratorAuthor Commented:
OK, if I follow that thought then, how does your example script handle if the file already exists and the line already exists? Is the line overwritten or is it appended to the bottom of the existing file?
0
 
Chris HInfrastructure ManagerCommented:
Yes, line overwritten.  First line echo has single pipe out >.  That basically empties the file contents.  Two pipe outs >> would append.
0
 
John TolmachoffNetwork AdministratorAuthor Commented:
Ah, did not know that about single and double pipe out.
0
 
John TolmachoffNetwork AdministratorAuthor Commented:
OK, I have implemented your example after coming up with 3 variations. (XP or 7, disabled or enabled in browser.)

I will let you know in a day or 2 how it goes.
0
 
Chris HInfrastructure ManagerCommented:
Good deal.  And thanks for the suggestion, I've implemented the same on my network now ;D
0
 
John TolmachoffNetwork AdministratorAuthor Commented:
OK, this is working great. If a user should have to change it during the day to get to a trusted website, as soon as he/she logs on again it is reverted back to the secure settings I dictate.
0
All Courses

From novice to tech pro — start learning today.