INSTRUCTIONS
How to deploy Java 7 Update 25 with customized settings:
1. Download the latest offline installer: http://www.java.com/de/download/manual.jsp
|
|
2. Install Java manualy on a test machine (32bit/64bit) After the installation you can find a .MSI setup in the following folder: “%USERPROFILE%\AppData\LocalLow\Sun\Java”
|
|
3. Now you can create a .MST with Orca or InstEd and under the "Property table" add following PROPERTIES: AUTOUPDATECHECK=0 IEEXPLORER=1 JAVAUPDATE=0 JU=0 MOZILLA=1 RebootYesNo=No |
|
4. Switch to the "Registry Table" and add this reg key: Registry = NotifyDownload Root = 2 Key = Software\JavaSoft\Java Update\Policy Name = NotifyDownload Value = 0 Component_ = jz
|
|
5. Create a new “Deployment.config” and copy in the folling information:
deployment.system.config.mandatory=true |
|
6. Copy the “Deployment.properties” file from „%USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment“ and add following settings deployment.security.mixcode=HIDE_RUN deployment.security.level=MEDIUM deployment.javaws.autodownload=NEVER |
|
7. Installation: msiexec.exe /QN /L* "%Logs%\%AppName%.msi.log" /i "jre1.7.0_21.msi" TRANSFORMS="custom.mst" REBOOT=ReallySuppress Copy job for the settings: copy /y “%~dp0deployment.config” “C:\WINDOWS\sun\java\deployment\deployment.config” >>"%LogFile%" copy /y “%~dp0deployment.properties” “C:\WINDOWS\sun\java\deployment\deployment.properties” >>"%LogFile%" That’s it.
|
|
8. If you know how, for sure you can integrate the property files in to the .MST file: But I think for the most people it is more easy with a normal copy job. More settings can be found on: http://docs.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/properties.html |
But I think for the most people it is more easy with a normal copy job. "
2. Yes you are right, but I have this in my template I use everytime. So if I don't make a transform file, that I dont miss the REBOOT Property ;) It is useless on the command line, when I make a transform, you are right. - tecrumors 11 years ago
I have to push out Java 7 update 25 to all pc on network. We want to turn off autoupdate. Also we want it to run the java plug in on IE. - Kdebiasse 11 years ago
The last bit changes the location of the trusted certificates store to be in appdata to a shared location. You can then drop a trusted.certs file in that location to prevent "do you want to run this application" for your approved applications.
REM Install Java 7 update 25
REM Check for 64bit OS and install 64bit Java if it is.
if defined ProgramW6432 "\\d204.ipsd.net\express\Software\D204 Software\Java\7u25\jre-7u25-windows-x64.exe" /s IEXPLORER=1 MOZILLA=1 REBOOT=Suppress JAVAUPDATE=0 WEB_JAVA_SECURITY_LEVEL=M
if ERRORLEVEL 1 exit %ERRORLEVEL%
REM Install 32bit Java on both 64bit and 32bit Windows.
"\\d204.ipsd.net\express\Software\D204 Software\Java\7u25\jre-7u25-windows-i586.exe" /s IEXPLORER=1 MOZILLA=1 REBOOT=Suppress JAVAUPDATE=0 WEB_JAVA_SECURITY_LEVEL=M
if ERRORLEVEL 1 exit %ERRORLEVEL%
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy" /v EnableJavaUpdate /t REG_DWORD /D 0 /f
if ERRORLEVEL 1 exit %ERRORLEVEL%
REM copy deployment.properties file so set java defaults
if not exist "c:\windows\Sun\Java\Deployment" md "c:\windows\Sun\Java\Deployment"
copy /y "\\d204\express\Software\D204 Software\Java\DeploymentSettings\Windows\Sun\Deployment\deployment.properties" "c:\windows\Sun\Java\\Deployment\deployment.properties"
REM copy trusted.certs file to pre-approve Kronos and other java applications we approve of
if not exist "c:\program files\Java\jre7\security" md "c:\program files\Java\jre7\security"
copy /y "\\d204\express\Software\D204 Software\Java\DeploymentSettings\Program Files\Java\jre7\security\trusted.certs" "c:\program files\Java\jre7\security\trusted.certs" - iconiu 11 years ago
http://www.youtube.com/watch?v=PLQpkIQVCBg
I suppose you could put the deployment.properties file in the additional files part of the mst, but you would still need to make two separate packages for Java to cover 32 and 64bit deployments. This cmd file is a one stop shop that does it all. When switching Java versions, all I do is download the two new exe files, copy the install script and edit the u number of the exe file path. I find that much easier than messing with an MST file but perhaps you have to with your deployment system. Even if you don't do an MST file, as long as the deployment.properties and trusted.certs files are copied after the deployment, but before a user opens Java, you are fine.
I am more than happy to provide additional details, but hopefully the REM statements will be enough explanation. - iconiu 11 years ago
It's not my blog, but why write down again when you can read it there ;) - tecrumors 11 years ago
First for downloading JRE, I would suggest using the developer forum package located at
http://www.oracle.com/technetwork/java/javase/downloads/index.html
These do not have the crapware, they try to get you to download.
For the K1000, I use a java zip file that includes the jre executable, a bat script, and a 2 reg entry files.
The bat file looks like the following: I rename the installer so it is easier for people to read if I am not around.
::Installs Newest Version of Java and Java SDK
@ECHO OFF
start /wait jre_7u67.exe /s
IF EXIST c:\programdata reg import javaupdx64.reg
reg import javaupd.reg
exit
The reg file contents include:
For 64bit installs:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy]
"EnableJavaUpdate"=dword:00000000
"NotifyDownload"=dword:00000000
"UpdateSchedule"=dword:00000006
"Frequency"=dword:01010000
"UpdateMin"=dword:00000009
"Country"="US"
"PostStatusUrl"="https://sjremetrics.java.com/b/ss//6"
"NotifyInstall"=dword:00000000
For 32bit Installs:
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy]
"EnableJavaUpdate"=dword:00000000
"EnableAutoUpdateCheck"=dword:00000001
"NotifyDownload"=dword:00000001
"NotifyInstall"=dword:00000001
"Frequency"=dword:01040000
"UpdateSchedule"=dword:00000013
"LastUpdateBeginTime"=""
"LastUpdateFinishTime"=""
This actually removes the update tab from java control panel all together.
So, in my K1000, I will install the JRE on a dummy machine. Fix the zip file, then upload it into K1000 under software.
I will change my distribution install to the new version and I do not need to change anything else and it will begin
deploying to the computers specified in the distribution. And as of JRE version 7u10 or so,
the new versions uninstall the old for you during the update.
Next, I created a new software for my deployment.properties file.
The file looks like the following:
#deployment.properties
#Wed Feb 12 09:51:35 GMT-06:00 2014
deployment.modified.timestamp=1392220295511
deployment.expiration.decision.timestamp.10.45.2=1392218969
deployment.version=7.21
deployment.capture.mime.types=true
install.disable.sponsor.offers=true
deployment.expiration.decision.10.45.2=later
deployment.expiration.decision.suppression.10.45.2=false
deployment.browser.path=C\:\\Program Files\\Internet Explorer\\iexplore.exe
#Java Deployment jre's
#Wed Feb 12 09:51:35 GMT-06:00 2014
deployment.javaws.jre.0.registered=true
deployment.javaws.jre.0.platform=1.7
deployment.javaws.jre.0.osname=Windows
deployment.javaws.jre.0.path=C\:\\Program Files\\Java\\jre7\\bin\\javaw.exe
deployment.javaws.jre.0.product=1.7.0_45
deployment.javaws.jre.0.osarch=x86
deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.enabled=true
deployment.javaws.jre.0.args=
deployment.security.level=MEDIUM
Most of these do not seem to matter much from version to version but a few I would like to point out are the following.
deployment.security.level=MEDIUM
install.disable.sponsor.offers=true
Another one that looks promising, from the documentation below,
for the guy who asked about the upgrade no later, etc boxes.
deployment.expiration.check.enabled=false
These 2 seem to be the big ones I worry about.
The first one sets security to medium
The third one disables the sponsor offers when doing a manual update from the Java Control Panel, or from the system tray icon.
Now I create a manual Software entry for this file and assign it to my Windows Operating Systems I want it to be deployed too.
Then I create a file sync to deploy it to the systems I want it to be on. In the file sync, you can set the retries to 0, so it will constantly try to sync until it gets on the machine and set persistent so it will be put back if it gets updated or deleted.
I sync the file to the location
C:\Windows\sun\java\deployment
Here are many other items you can place in the deployment.properties box.
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/properties.html
This is what I do, and dealing with Texas state wide testing it seems to work pretty well keeping the machines updated
with java with as little hassle as possible. - PhillipR 10 years ago
I'm trying to install Java 7 with no update, iexplore enable and web_java enable and in control panel of java deployment.security.mixcode=HIDE_RUN - Kdebiasse 9 years ago
msiexec /i jre1.8.0_45.msi INSTALL_SILENT=1 STATIC=0 AUTO_UPDATE=0 WEB_JAVA=1 WEB_ANALYTICS=0 EULA=0 REBOOT=0 NOSTARTMENU=1 SPONSORS=0 /qn - rockhead44 9 years ago