/build/static/layout/Breadcrumb_cap_w.png

Script to install JDK 16 on macOS so OVAL can run

Here again your favorite Random Dude,


Hope everything has been going well for everyone. Recently I was tasked with running an OVAL scan on all our macOS devices, I found that if they have JDK 17 or newer OVAL won't work. KACE Support told me that this is expected as it will only work with JDK 16, so obviously, my next task was to get that version of JDK on every machine.


How to confirm that OVAL doesn't work, you run your OVAL against your devices and you will get this…


cChAACgHzgUAAD0A4cCAIBekpL+f8OwbyKrYvAmAAAAAElFTkSuQmCC


OK so let's get to work. 


Our Frist step is to get a list of all machines having that newer version of the JDK as we don't need/want to target our entire inventory (assuming a big amount of macOS devices).


To do this we need to create a Custom Inventory Rule (CIR for short) to gather that data.


yY5GzI3+7I0AAAAASUVORK5CYII=


Code from the image

ShellCommandTextReturn(java -version 2>&1 >/dev/null | grep 'java version' | awk '{print $3}' | tr -d \")

After the inventory runs on our devices we will see the CIR under the "Installed Programs" of each device. 


w8DfAjUZDNdbAAAAABJRU5ErkJggg==


Under the Custom Inventory Fields, we will also see the result of our CIR


16zkgtCszJgAAAABJRU5ErkJggg==


Now that we have (will have) all devices marked with our CIR we just need to create a simple Smart label to mark the machines.

PIZAAAAAElFTkSuQmCC

B3ofjx+3D5P7AAAAAElFTkSuQmCC


We need to force the inventory to run again (or wait for it) so the label can be assigned to all the devices.


Lastly, we create an Online Shell Script from the Scripting section of the SMA.


PIZAAAAAElFTkSuQmCC


In the "Deploy" section we add our label.

vUhBocf4xah0dZ8ioPTubupz11o8hnkocF8yy8KLAAAQWrx4L4LnAi8CAMCCAS+GAPAiAAAsGPBiCAAvAgDAggEvhgDwIgAALBjwYggALwIAwIIBL4YA8CIAACwY8GIIAC8CAMCCAS+GAPAiAAAsGPNZ4C5atGjJkiWyLAfzBF1SurDyEgMAAAgw8+nFxYsXUwlOwQ2YR+iS0oWVlxgAAECAQQUdAAAAoAIvAgAAACrwIgAAAKACLwIAAAAq8CIAAACgAi8CAAAAKvAiAAAAoAIvAgAAACrwIgAAAKACLwIAAAAuwsL+P0Sf0I04R6S8AAAAAElFTkSuQmCC


On the Dependencies, we add the JDK 16.x pkg  and on the Script, we add the following

89UKW89Rol4AAAAASUVORK5CYII=


#!/usr/bin/env bash
rm -rf /Library/Java/JavaVirtualMachines/
rm -rf /Library/PreferencePanes/JavaControlPaneel.prefPane
rm -rf /Library/Internet\ Plug-ins/JavaAppletPlugin.Plugin
rm -rf ~/Library/Application\ Support/Oracle/Java
installer -pkg /Library/Application\ Support/Quest/KACE/data/scripts/66/JDK\ 16.0.2.pkg -target /

Be sure to modify the script ID on the last line of the script matches with the script ID from the URL (tip use "adminui").


PjYNQNzTWpQAAAAASUVORK5CYII=


After you run the script on your mac devices an inventory should remove the devices from the smart label and therefore the script should not run again on its own.


I have exported the script so you can import it and follow the last part of modifying the script ID. Download it from here. (from my Mega account).


If you have any questions or comments let me know in the comments.


See you in my next post!

Posted 2 years ago 2904 views

Comments

This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ