Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 440
  • Last Modified:

SCCM 2007 Exclusions

Greetings & Felicitations,

I have a collection that gets pushed Java updates; however, there are systems within that collection I need to exclude.  I am having a difficult :o( time understanding the logic behind excluding these systems.  Can anyone assist in "excluding" systems from a collection and/or preventing them from getting specific updates, i.e., Java versions.

Thanks
0
Adell3920
Asked:
Adell3920
  • 2
  • 2
3 Solutions
 
Nagendra Pratap SinghCommented:
Create a collection with these special servers

then create another collection that excludes this collection and put it inside main java collection.

http://security.crudtastic.com/?p=144

It will look like this

JAVA
      nojava
      yesjava
0
 
Adell3920Author Commented:
Oh wow! I will have to modify a couple of statements I guess because these are workstations and I need to prevent Java from being updated.
0
 
Mike TLeading EngineerCommented:
Hi,

You need to prevent Java updating by creating an MST (and use the MSI from the original source). As above, the exclude query is as described. Test it well before unleashing as queries can get complicated quickly.

Mike
0
 
Nagendra Pratap SinghCommented:
For the servers, create a package with the following registry entry. Then create a regedit program to import it.


On Windows 2008 R2 Enterprise
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy
"EnableJavaUpdate"=dword:00000000

http://www.dabcc.com/posts.aspx?thread=221&forum=53

This will disable it.
0
 
Mike TLeading EngineerCommented:
Hi,

Just realised my post was not clear as I intended.

One of the best ways to stop Java from updating itself is to create a package with the settings to not update *before* you even deploy it. That way it's done and you don't have to worry.
Arguably, the best way to achieve that is use a custom package: the original MSI from Oracle and a transform aka MST file with your customisations.

If it's too late for some machine and they already have updating turned on then a registry tweak will work, but in my experience Oracle change the behaviour too often for a silver bullet approach. What stops updates on version 6 might do nothing at all on version 8.

Hence the need to create a package every release and test it.

If you don't create an MST, then Java likes to repair itself and put the registry keys back to auto-update! The exact solution depends on the version you have.
Our solution required an INI file and an MST in the past.

There is an alternative to packaging: create a GPO (here); but again it may be version specific.

Mike
ps: there's more than just one reg key in that post too, if you want to try that
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now