Solved

Java out of date notice

Posted on 2013-10-22
31
1,055 Views
Last Modified: 2014-01-16
I need to fully suppress the message that corporate users are getting about Java updates when launching the Oracle java applet.  Message is below and also attached.

"Java Update Needed
   Update (recommended)
      Get the recommended secure version of Java now from java.com
   Block
      Block Java content from running in this browser session.
   Later
      Continue and you will be reminded to update again later

[] Do not ask again until the next update is available"



If they select later and check the box for "Do not ask again" they are able to open Java.  They are no longer warned if they check the box.  I need to disable this popup on all domain computers.

I have done a lot of research and tried multiple options that i found but nothing seems to be affecting Java's expiration/update check.  Is there a proven method to do this?
JavaUpdateNeeded.png
0
Comment
Question by:netshops
  • 11
  • 7
  • 6
  • +3
31 Comments
 
LVL 16

Expert Comment

by:krakatoa
ID: 39591683
There have been a few similar questions to this, and the best answer is that updates shouldn't be suppressed.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39591727
netshops--
It is not easy to kill the Java Updates warning.  I have done the following three things and it seems to work.
C:\Program Files (x86)\Common Files\Java\Java Update  Rename jucheck.exe to jucheck.old

In msconfig scroll to jusched.exe     Uncheck.

Start|type javacpl.exe |click  "run as Admin".  On Update tab, click Advanced|change to once per month.  Or uncheck "Check for Updates automatically",  choose Never from nag popup.

And to minimize incompatibility of Java with some apps,
Start|type javacpl.exe |click  "run as Admin".  On Security tab  slide Slider to Medium.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39591734
Since the JAVA people are doing that to protect their own liability, I doubt that you can prevent it.
0
 

Author Comment

by:netshops
ID: 39591737
Even if we wanted to push every new version of Java we could not do so until after testing it.  Even if we only tested it for a few days before pushing it we would still get too many incidents to our Service Desk in that time.

Also, our java application is unsigned and does not have permissions set properly (it runs with unlimited access).  Future versions of java will not allow it to run at all.
0
 

Author Comment

by:netshops
ID: 39591749
I need a solution that does not involve manually interacting with every computer affected
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39591763
netshops--
"Also, our java application is unsigned and does not have permissions set properly (it runs with unlimited access).  Future versions of java will not allow it to run at all. "

See my last comment in my post above about lowering the slider on the Java Console Security tab slider.
This will not eliminate the popup when initiating an app which uses Java and you are asked if you want to run Java.   But just check the box say you accept the risk and then click Run.
0
 

Author Comment

by:netshops
ID: 39591785
Yes, i have explored ways to lower the security level without interacting with the computer via console.  Affecting the registry did not change the security level and neither did editing the %userprofile%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties configuration file.

I assume there must be a way to control the program without the javacpl.exe.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39591788
Then it sounds like you need to fix your application.  People keep asking how to make their DOS applications from 1985 work in Windows 64-bit.  The answer is that they need to update or upgrade their app to work with 'modern' systems.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 39591799
Since the JAVA people are doing that to protect their own liability
That's one way of looking at it. Another way of looking at it is that they are being rightly and honestly cautious and warning you that unpatched Java is a vector for serious malware. It's one thing getting support calls saying a Java app is behaving oddly and quite another saying that CryptoLocker malware has entered our entire network and encrypted all our files. The solution to that last one? There isn't one so if you have no backups you've had it
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39591812
netshops--
"I assume there must be a way to control the program without the javacpl.exe. "

You can reach the Security tab of the Java Console by clicking Java on the Control Panel.    You may not have an Update tab going this route.
 
(Not sure why you do not want to use javacpl.exe.)
0
 

Author Comment

by:netshops
ID: 39591856
You do not understand, I cannot go around clicking on hundreds of computers.  Some are in remote locations.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39591881
netshops--
Then you may all have to live with the Java messages.
However as DaveBaldwin has said the best alternative is to modify the application.  You could then set Java to update automatically and quietly.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 39591950
What is the problem with getting them to click on the update button exactly?
0
 
LVL 16

Expert Comment

by:krakatoa
ID: 39592303
Too difficult CEHJ - end users generally aren't allowed to think for themselves.

-----------

Even if we wanted to push every new version of Java we could not do so until after testing it.

You *can't* be serious???
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39592549
Krakatoa--
Well, you may be back to my suggestions in http:#a39591727 .

"It is not easy to kill the Java Updates warning"
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 16

Expert Comment

by:krakatoa
ID: 39592748
Your suggestions could be right up the Asker's street, indeed. I guess in the end it is up to him if he wants to play Russian Roulette. ;)
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39592832
Krakatoa--Please, let us know.
0
 
LVL 16

Expert Comment

by:krakatoa
ID: 39593474
Let you know what?
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39594667
Krakatoa--What the Asker does and if use of the suggestion fixes the problem.
0
 
LVL 16

Expert Comment

by:krakatoa
ID: 39594884
Well you've already made all the suggestions, have you not? I thought it would be obvious that I'm of the opinion that the updates should not be ignored, and that's all I have to say about it.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39594944
krakatoa--One of the objectives of Experts-Exchange is to archive threads which have successful solutions to problems.
I do not know why you seem to be annoyed by my comment above ( http:#a39592832 ) .  It was only to eventually learn whether the solutions offered were successful.
0
 
LVL 16

Expert Comment

by:krakatoa
ID: 39595010
I understand the objectives. As I said, you are making the representations about what can be done - why is that not good enough? Do I need to repeat them? You already *have* given what you deem to be "successful solutions to problems", and I don't need to embellish them, nor plagiarise what you've said.

Who said I was annoyed by your comments?? There was never any notion of annoyance on my part.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39595051
krakatoa--
Forgive me--This is a long thread and thought you were posting on behalf of the Asker (who was your client) when I made my comment asking to let us know (what the end result was).
0
 
LVL 16

Expert Comment

by:krakatoa
ID: 39595756
I'm out. Long ago. Please, someone, award the points.
0
 

Accepted Solution

by:
netshops earned 0 total points
ID: 39597465
As this forum failed to be helpful to me I continued to research online forums.  I did extensive testing on all of the suggestions I gathered and I was able to reach the goals set for me by my superior.

Goals;
1.  Lower security level of java to Medium
2.  Allow java to run without notifying users that it has expired
3.  Push the solution to hundreds of computers ASAP

ID: 39591727-response-In our environment we have Java auto-updates disabled (we use a GPO registry key).  Almost no users have administrator rights to their workstations and we manage all updates for them.

Here are the steps to disable the popup, as well as to set the security level to medium in Java.  

Deploy a file from a network share to all computers.  The file must be end up here (we are using Java 7_25):
"C:\Windows\Sun\Java\Deployment\deployment.properties"

The contents of the file should be as follows;
#deployment.properties
deployment.expiration.check.enabled=false
deployment.security.level=MEDIUM
deployment.security.level.locked
deployment.expiration.decision.10.25.2=later

Doing just that is enough to accomplish these goals for all new users of the computer.  However my fix must apply to current users and so we must recreate the following config file for them;
%userprofile%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

I accomplished this by using a startup script that deletes the config file from the user's appdata, it must run as the user.  Up to you whether you want to use a script that only runs once or everytime.

This solution has been in effect for 2 days now and we have not received any furthers Java incidents.
Thanks
0
 

Author Closing Comment

by:netshops
ID: 39608090
This solution was the only suggestion provided that fit the requirements set out by the original post.  We cannot push all Java updates without testing, sadly that was the only solution offered by the experts.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39609039
netshops--Thanks for telling us the solution.
0
 

Expert Comment

by:Sorin_V
ID: 39786915
Hi all,

Can someone guide me in the right direction (post), where it outlines how to Update Java on all workstations.

Active Directory environment. Users do not have access to donwload/install applications.

Thank you all.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39787095
Sorin_V--I suspect you will have very few viewers at the tail end of an answered question.

You would be best served by starting your own thread.
0
 

Expert Comment

by:Sorin_V
ID: 39787372
@jcimarron ... I'm new to this community. Thank you for your advice. I did not want to be the one who asked questions that have already been posted.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39787433
@Sorin_V, I wouldn't worry about it.  If your question has already been answered we will probably give you a link to the answer.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
This video teaches viewers about errors in exception handling.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now