Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 352
  • Last Modified:

Securing Java on the desktop

With all the recent real security concerns over Java, I am tring to find a way to make sure that Java is as secure as it can be for those users that require it to be enabled. This is all in relation to Jave 1.7 update 11 only.

Java comes with security setting options as per the attached pictures. These choices are then apparantly stored in a file under each user, as per the attached text file. That text file is located at C:\Users\usernamehere\AppData\LocalLow\Sun\Java\Deployment. This is on a Windows 7 Professional workstation.

Does anyone know of a way to push these settings out to other workstations via Group Policy or registry or files, being that the deployment.properties file contains the username of the user?
1-21-2013-11-24-51-AM.gif
1-21-2013-11-14-42-AM.gif
1-21-2013-11-16-33-AM.gif
deployment.properties.txt
0
John Tolmachoff
Asked:
John Tolmachoff
  • 5
  • 4
2 Solutions
 
Chris HIT DirectorCommented:
You could write a batch file that echo'd the lines of code and use '%username%' without the quotes.
test.txt
0
 
John TolmachoffNetwork AdministratorAuthor Commented:
Interesting idea. Which then led me to the idea of just plainly coping the file upon login using the %username% as part of the path. Which your script triggered that thought. I will test and post back.
0
 
Chris HIT DirectorCommented:
Using the script promotes the correct security is assigned to the file.  In my experience, echo piping is the fastest way to generate a config file.  Copying centrally located files brings other protocols and timeouts into the mix.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
John TolmachoffNetwork AdministratorAuthor Commented:
OK, if I follow that thought then, how does your example script handle if the file already exists and the line already exists? Is the line overwritten or is it appended to the bottom of the existing file?
0
 
Chris HIT DirectorCommented:
Yes, line overwritten.  First line echo has single pipe out >.  That basically empties the file contents.  Two pipe outs >> would append.
0
 
John TolmachoffNetwork AdministratorAuthor Commented:
Ah, did not know that about single and double pipe out.
0
 
John TolmachoffNetwork AdministratorAuthor Commented:
OK, I have implemented your example after coming up with 3 variations. (XP or 7, disabled or enabled in browser.)

I will let you know in a day or 2 how it goes.
0
 
Chris HIT DirectorCommented:
Good deal.  And thanks for the suggestion, I've implemented the same on my network now ;D
0
 
John TolmachoffNetwork AdministratorAuthor Commented:
OK, this is working great. If a user should have to change it during the day to get to a trusted website, as soon as he/she logs on again it is reverted back to the secure settings I dictate.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now