Monday 24 December 2018

windows 7 - deploying Java with SCCM / SCUP


We have a network of about 250 PC's which I want to deploy the java updates to. As distribution software we are using SCCM 2012 / SCUP 2011.


Note: I need to deploy both the x86 and the x64 version.


So I create two updates with the following rules:


Installable Rule


Registry Value 'HKLM\Software\JavaSoft\Java Runtime Environment\CurrentVersion' exists

Installed Rule


Registry String 'HKLM\Software\JavaSoft\Java Runtime Environment\Java7FamilyVersion' Begins With '1.7.0_11'

Now the problems:




  • java.exe is running on the computer (due to a open browser window for example): the update routine of java uninstalles the old java version; the install routine failes because java.exe is still running (although it has been uninstalled). Next time the user reboots no java is installed on the machine




  • some users enable the auto update function of java. So whenever a new version is released it gets updatet automatically (that is not the problem). But in the next deployment cycle SCCM trys to install the previous update again. (7U12 was released and autoupdatet, but SCCM still has 7U11 and trys to install that although the user has a newer version)




Any help is appreciated!



Answer



For your first problem (Java.exe is running)


I use a powershell script for installing Java, which (among other things) closes the big 3 browsers. I'll paste it below for reference:


function Get-ScriptDirectory{
$Invocation = (Get-Variable MyInvocation -Scope 1).Value
try {
Split-Path $Invocation.MyCommand.Path -ea 0
}
catch {
Write-Warning 'You need to call this function from within a saved script.'
}
}

function Get-Architecture{
return $(gwmi win32_operatingsystem).OSArchitecture
}


$Path = Get-ScriptDirectory

#Close all instances of IE, Firefox, & Chrome
Get-Process | where {$_.ProcessName -match "iexplore"} | Stop-Process -Force
Get-Process | where {$_.ProcessName -match "chrome"} | Stop-Process -Force
Get-Process | where {$_.ProcessName -match "firefox"} | Stop-Process -Force

#Install
Start-Process -FilePath "$Path\jre-6u41-windows-i586.exe" -ArgumentList "/s /v`"/qb REBOOT=ReallySuppress JAVAUPDATE=0 WEBSTARTICON=0 SYSTRAY=0`"" -Wait

#Also Install the 64-bit JRE if on a 64 workstation
if(Get-Architecture -match "64")
{
Start-Process -FilePath "$Path\jre-6u41-windows-x64.exe" -ArgumentList "/s /v`"/qb REBOOT=ReallySuppress JAVAUPDATE=0 WEBSTARTICON=0 SYSTRAY=0`"" -Wait
}

#Import reg keys to disable auto updating
reg import "$Path\JavaUpdate.reg"

You may also notice that it installs the 32 bit java on every machine, and installs the 64 bit java on 64 bit machines after a 64 bit check of the OS.


I package this script up with the Java exes into an sfx that unpacks and runs


powershell.exe -executionpolicy bypass -noprofile -file C:\Temp\Java\install.ps1

For your second question, there are TWO reg keys that Java checks for auto updating:


HKLM\SOFTWARE\JavaSoft\Java Update\Policy\EnableAutoUpdateCheck
HKLM\SOFTWARE\JavaSoft\Java Update\Policy\EnableJavaUpdate

They both must be set to 0 to disable autoupdating (some versions of Java read one key and some read they other). I deploy the reg keys with the package as you can see in the script, but I also use SCCM 2012s DCM and set these as configuration items, and enabled remediate on them to make sure they are always 0.


No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...