Solved

SCCM 2007 Exclusions

Posted on 2013-06-06
5
394 Views
Last Modified: 2013-07-22
Greetings & Felicitations,

I have a collection that gets pushed Java updates; however, there are systems within that collection I need to exclude.  I am having a difficult :o( time understanding the logic behind excluding these systems.  Can anyone assist in "excluding" systems from a collection and/or preventing them from getting specific updates, i.e., Java versions.

Thanks
0
Comment
Question by:Adell3920
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 39225385
Create a collection with these special servers

then create another collection that excludes this collection and put it inside main java collection.

http://security.crudtastic.com/?p=144

It will look like this

JAVA
      nojava
      yesjava
0
 

Author Comment

by:Adell3920
ID: 39225553
Oh wow! I will have to modify a couple of statements I guess because these are workstations and I need to prevent Java from being updated.
0
 
LVL 17

Assisted Solution

by:Mike T
Mike T earned 334 total points
ID: 39322363
Hi,

You need to prevent Java updating by creating an MST (and use the MSI from the original source). As above, the exclude query is as described. Test it well before unleashing as queries can get complicated quickly.

Mike
0
 
LVL 23

Assisted Solution

by:Nagendra Pratap Singh
Nagendra Pratap Singh earned 166 total points
ID: 39322782
For the servers, create a package with the following registry entry. Then create a regedit program to import it.


On Windows 2008 R2 Enterprise
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy
"EnableJavaUpdate"=dword:00000000

http://www.dabcc.com/posts.aspx?thread=221&forum=53

This will disable it.
0
 
LVL 17

Accepted Solution

by:
Mike T earned 334 total points
ID: 39323921
Hi,

Just realised my post was not clear as I intended.

One of the best ways to stop Java from updating itself is to create a package with the settings to not update *before* you even deploy it. That way it's done and you don't have to worry.
Arguably, the best way to achieve that is use a custom package: the original MSI from Oracle and a transform aka MST file with your customisations.

If it's too late for some machine and they already have updating turned on then a registry tweak will work, but in my experience Oracle change the behaviour too often for a silver bullet approach. What stops updates on version 6 might do nothing at all on version 8.

Hence the need to create a package every release and test it.

If you don't create an MST, then Java likes to repair itself and put the registry keys back to auto-update! The exact solution depends on the version you have.
Our solution required an INI file and an MST in the past.

There is an alternative to packaging: create a GPO (here); but again it may be version specific.

Mike
ps: there's more than just one reg key in that post too, if you want to try that
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The new Microsoft OS looks great, is easier than ever to upgrade to, it is even free.  So what's the catch?  If you don't change the privacy settings, Microsoft will, in accordance with the (EULA) you clicked okay to without reading, collect all the…
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now