Solved

SCCM 2007 Exclusions

Posted on 2013-06-06
5
378 Views
Last Modified: 2013-07-22
Greetings & Felicitations,

I have a collection that gets pushed Java updates; however, there are systems within that collection I need to exclude.  I am having a difficult :o( time understanding the logic behind excluding these systems.  Can anyone assist in "excluding" systems from a collection and/or preventing them from getting specific updates, i.e., Java versions.

Thanks
0
Comment
Question by:Adell3920
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 39225385
Create a collection with these special servers

then create another collection that excludes this collection and put it inside main java collection.

http://security.crudtastic.com/?p=144

It will look like this

JAVA
      nojava
      yesjava
0
 

Author Comment

by:Adell3920
ID: 39225553
Oh wow! I will have to modify a couple of statements I guess because these are workstations and I need to prevent Java from being updated.
0
 
LVL 16

Assisted Solution

by:Mike T
Mike T earned 334 total points
ID: 39322363
Hi,

You need to prevent Java updating by creating an MST (and use the MSI from the original source). As above, the exclude query is as described. Test it well before unleashing as queries can get complicated quickly.

Mike
0
 
LVL 23

Assisted Solution

by:Nagendra Pratap Singh
Nagendra Pratap Singh earned 166 total points
ID: 39322782
For the servers, create a package with the following registry entry. Then create a regedit program to import it.


On Windows 2008 R2 Enterprise
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy
"EnableJavaUpdate"=dword:00000000

http://www.dabcc.com/posts.aspx?thread=221&forum=53

This will disable it.
0
 
LVL 16

Accepted Solution

by:
Mike T earned 334 total points
ID: 39323921
Hi,

Just realised my post was not clear as I intended.

One of the best ways to stop Java from updating itself is to create a package with the settings to not update *before* you even deploy it. That way it's done and you don't have to worry.
Arguably, the best way to achieve that is use a custom package: the original MSI from Oracle and a transform aka MST file with your customisations.

If it's too late for some machine and they already have updating turned on then a registry tweak will work, but in my experience Oracle change the behaviour too often for a silver bullet approach. What stops updates on version 6 might do nothing at all on version 8.

Hence the need to create a package every release and test it.

If you don't create an MST, then Java likes to repair itself and put the registry keys back to auto-update! The exact solution depends on the version you have.
Our solution required an INI file and an MST in the past.

There is an alternative to packaging: create a GPO (here); but again it may be version specific.

Mike
ps: there's more than just one reg key in that post too, if you want to try that
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now