We have a network of about 250 PC's which I want to deploy the java updates to. As distribution software we are using SCCM 2012 / SCUP 2011.
Note: I need to deploy both the x86 and the x64 version.
So I create two updates with the following rules:
Installable Rule
Registry Value 'HKLM\Software\JavaSoft\Java Runtime Environment\CurrentVersion' exists
Installed Rule
Registry String 'HKLM\Software\JavaSoft\Java Runtime Environment\Java7FamilyVersion' Begins With '1.7.0_11'
Now the problems:
java.exe
is running on the computer (due to a open browser window for example): the update routine of java uninstalles the old java version; the install routine failes becausejava.exe
is still running (although it has been uninstalled). Next time the user reboots no java is installed on the machinesome users enable the auto update function of java. So whenever a new version is released it gets updatet automatically (that is not the problem). But in the next deployment cycle
SCCM
trys to install the previous update again. (7U12 was released and autoupdatet, butSCCM
still has 7U11 and trys to install that although the user has a newer version)
Any help is appreciated!
Answer
For your first problem (Java.exe is running)
I use a powershell script for installing Java, which (among other things) closes the big 3 browsers. I'll paste it below for reference:
function Get-ScriptDirectory{
$Invocation = (Get-Variable MyInvocation -Scope 1).Value
try {
Split-Path $Invocation.MyCommand.Path -ea 0
}
catch {
Write-Warning 'You need to call this function from within a saved script.'
}
}
function Get-Architecture{
return $(gwmi win32_operatingsystem).OSArchitecture
}
$Path = Get-ScriptDirectory
#Close all instances of IE, Firefox, & Chrome
Get-Process | where {$_.ProcessName -match "iexplore"} | Stop-Process -Force
Get-Process | where {$_.ProcessName -match "chrome"} | Stop-Process -Force
Get-Process | where {$_.ProcessName -match "firefox"} | Stop-Process -Force
#Install
Start-Process -FilePath "$Path\jre-6u41-windows-i586.exe" -ArgumentList "/s /v`"/qb REBOOT=ReallySuppress JAVAUPDATE=0 WEBSTARTICON=0 SYSTRAY=0`"" -Wait
#Also Install the 64-bit JRE if on a 64 workstation
if(Get-Architecture -match "64")
{
Start-Process -FilePath "$Path\jre-6u41-windows-x64.exe" -ArgumentList "/s /v`"/qb REBOOT=ReallySuppress JAVAUPDATE=0 WEBSTARTICON=0 SYSTRAY=0`"" -Wait
}
#Import reg keys to disable auto updating
reg import "$Path\JavaUpdate.reg"
You may also notice that it installs the 32 bit java on every machine, and installs the 64 bit java on 64 bit machines after a 64 bit check of the OS.
I package this script up with the Java exes into an sfx that unpacks and runs
powershell.exe -executionpolicy bypass -noprofile -file C:\Temp\Java\install.ps1
For your second question, there are TWO reg keys that Java checks for auto updating:
HKLM\SOFTWARE\JavaSoft\Java Update\Policy\EnableAutoUpdateCheck
HKLM\SOFTWARE\JavaSoft\Java Update\Policy\EnableJavaUpdate
They both must be set to 0 to disable autoupdating (some versions of Java read one key and some read they other). I deploy the reg keys with the package as you can see in the script, but I also use SCCM 2012s DCM and set these as configuration items, and enabled remediate on them to make sure they are always 0.
No comments:
Post a Comment