Java out of date notice

I need to fully suppress the message that corporate users are getting about Java updates when launching the Oracle java applet.  Message is below and also attached.

"Java Update Needed
   Update (recommended)
      Get the recommended secure version of Java now from java.com
   Block
      Block Java content from running in this browser session.
   Later
      Continue and you will be reminded to update again later

[] Do not ask again until the next update is available"



If they select later and check the box for "Do not ask again" they are able to open Java.  They are no longer warned if they check the box.  I need to disable this popup on all domain computers.

I have done a lot of research and tried multiple options that i found but nothing seems to be affecting Java's expiration/update check.  Is there a proven method to do this?
JavaUpdateNeeded.png
netshopsAsked:
Who is Participating?
 
netshopsConnect With a Mentor Author Commented:
As this forum failed to be helpful to me I continued to research online forums.  I did extensive testing on all of the suggestions I gathered and I was able to reach the goals set for me by my superior.

Goals;
1.  Lower security level of java to Medium
2.  Allow java to run without notifying users that it has expired
3.  Push the solution to hundreds of computers ASAP

ID: 39591727-response-In our environment we have Java auto-updates disabled (we use a GPO registry key).  Almost no users have administrator rights to their workstations and we manage all updates for them.

Here are the steps to disable the popup, as well as to set the security level to medium in Java.  

Deploy a file from a network share to all computers.  The file must be end up here (we are using Java 7_25):
"C:\Windows\Sun\Java\Deployment\deployment.properties"

The contents of the file should be as follows;
#deployment.properties
deployment.expiration.check.enabled=false
deployment.security.level=MEDIUM
deployment.security.level.locked
deployment.expiration.decision.10.25.2=later

Doing just that is enough to accomplish these goals for all new users of the computer.  However my fix must apply to current users and so we must recreate the following config file for them;
%userprofile%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

I accomplished this by using a startup script that deletes the config file from the user's appdata, it must run as the user.  Up to you whether you want to use a script that only runs once or everytime.

This solution has been in effect for 2 days now and we have not received any furthers Java incidents.
Thanks
0
 
krakatoaCommented:
There have been a few similar questions to this, and the best answer is that updates shouldn't be suppressed.
0
 
jcimarronCommented:
netshops--
It is not easy to kill the Java Updates warning.  I have done the following three things and it seems to work.
C:\Program Files (x86)\Common Files\Java\Java Update  Rename jucheck.exe to jucheck.old

In msconfig scroll to jusched.exe     Uncheck.

Start|type javacpl.exe |click  "run as Admin".  On Update tab, click Advanced|change to once per month.  Or uncheck "Check for Updates automatically",  choose Never from nag popup.

And to minimize incompatibility of Java with some apps,
Start|type javacpl.exe |click  "run as Admin".  On Security tab  slide Slider to Medium.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
Dave BaldwinFixer of ProblemsCommented:
Since the JAVA people are doing that to protect their own liability, I doubt that you can prevent it.
0
 
netshopsAuthor Commented:
Even if we wanted to push every new version of Java we could not do so until after testing it.  Even if we only tested it for a few days before pushing it we would still get too many incidents to our Service Desk in that time.

Also, our java application is unsigned and does not have permissions set properly (it runs with unlimited access).  Future versions of java will not allow it to run at all.
0
 
netshopsAuthor Commented:
I need a solution that does not involve manually interacting with every computer affected
0
 
jcimarronCommented:
netshops--
"Also, our java application is unsigned and does not have permissions set properly (it runs with unlimited access).  Future versions of java will not allow it to run at all. "

See my last comment in my post above about lowering the slider on the Java Console Security tab slider.
This will not eliminate the popup when initiating an app which uses Java and you are asked if you want to run Java.   But just check the box say you accept the risk and then click Run.
0
 
netshopsAuthor Commented:
Yes, i have explored ways to lower the security level without interacting with the computer via console.  Affecting the registry did not change the security level and neither did editing the %userprofile%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties configuration file.

I assume there must be a way to control the program without the javacpl.exe.
0
 
Dave BaldwinFixer of ProblemsCommented:
Then it sounds like you need to fix your application.  People keep asking how to make their DOS applications from 1985 work in Windows 64-bit.  The answer is that they need to update or upgrade their app to work with 'modern' systems.
0
 
CEHJCommented:
Since the JAVA people are doing that to protect their own liability
That's one way of looking at it. Another way of looking at it is that they are being rightly and honestly cautious and warning you that unpatched Java is a vector for serious malware. It's one thing getting support calls saying a Java app is behaving oddly and quite another saying that CryptoLocker malware has entered our entire network and encrypted all our files. The solution to that last one? There isn't one so if you have no backups you've had it
0
 
jcimarronCommented:
netshops--
"I assume there must be a way to control the program without the javacpl.exe. "

You can reach the Security tab of the Java Console by clicking Java on the Control Panel.    You may not have an Update tab going this route.
 
(Not sure why you do not want to use javacpl.exe.)
0
 
netshopsAuthor Commented:
You do not understand, I cannot go around clicking on hundreds of computers.  Some are in remote locations.
0
 
jcimarronCommented:
netshops--
Then you may all have to live with the Java messages.
However as DaveBaldwin has said the best alternative is to modify the application.  You could then set Java to update automatically and quietly.
0
 
CEHJCommented:
What is the problem with getting them to click on the update button exactly?
0
 
krakatoaCommented:
Too difficult CEHJ - end users generally aren't allowed to think for themselves.

-----------

Even if we wanted to push every new version of Java we could not do so until after testing it.

You *can't* be serious???
0
 
jcimarronCommented:
Krakatoa--
Well, you may be back to my suggestions in http:#a39591727 .

"It is not easy to kill the Java Updates warning"
0
 
krakatoaCommented:
Your suggestions could be right up the Asker's street, indeed. I guess in the end it is up to him if he wants to play Russian Roulette. ;)
0
 
jcimarronCommented:
Krakatoa--Please, let us know.
0
 
krakatoaCommented:
Let you know what?
0
 
jcimarronCommented:
Krakatoa--What the Asker does and if use of the suggestion fixes the problem.
0
 
krakatoaCommented:
Well you've already made all the suggestions, have you not? I thought it would be obvious that I'm of the opinion that the updates should not be ignored, and that's all I have to say about it.
0
 
jcimarronCommented:
krakatoa--One of the objectives of Experts-Exchange is to archive threads which have successful solutions to problems.
I do not know why you seem to be annoyed by my comment above ( http:#a39592832 ) .  It was only to eventually learn whether the solutions offered were successful.
0
 
krakatoaCommented:
I understand the objectives. As I said, you are making the representations about what can be done - why is that not good enough? Do I need to repeat them? You already *have* given what you deem to be "successful solutions to problems", and I don't need to embellish them, nor plagiarise what you've said.

Who said I was annoyed by your comments?? There was never any notion of annoyance on my part.
0
 
jcimarronCommented:
krakatoa--
Forgive me--This is a long thread and thought you were posting on behalf of the Asker (who was your client) when I made my comment asking to let us know (what the end result was).
0
 
krakatoaCommented:
I'm out. Long ago. Please, someone, award the points.
0
 
netshopsAuthor Commented:
This solution was the only suggestion provided that fit the requirements set out by the original post.  We cannot push all Java updates without testing, sadly that was the only solution offered by the experts.
0
 
jcimarronCommented:
netshops--Thanks for telling us the solution.
0
 
Sorin_VCommented:
Hi all,

Can someone guide me in the right direction (post), where it outlines how to Update Java on all workstations.

Active Directory environment. Users do not have access to donwload/install applications.

Thank you all.
0
 
jcimarronCommented:
Sorin_V--I suspect you will have very few viewers at the tail end of an answered question.

You would be best served by starting your own thread.
0
 
Sorin_VCommented:
@jcimarron ... I'm new to this community. Thank you for your advice. I did not want to be the one who asked questions that have already been posted.
0
 
Dave BaldwinFixer of ProblemsCommented:
@Sorin_V, I wouldn't worry about it.  If your question has already been answered we will probably give you a link to the answer.
0
All Courses

From novice to tech pro — start learning today.