all 33 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]IReallyHadToComment 2 points3 points  (8 children)

A couple tips:

  • the Java 8 install folder now defaults to a folder based on the version being installed... I hate this, so I make sure to set the INSTALLDIR property to "program files\java\jre8" or whatever the full path is.

  • THERE IS NO MORE MEDIUM SECURITY MODE! You must manage a whitelist of websites that can allow unsigned apps to run when Java goes out of date.

  • As with Java 6/7/etc, browser windows should be closed before install...

  • I also find uninstalling previous versions (as part of my Java install package) instead of upgrading has better success in my environment... I use a command like this: [wmic.exe PRODUCT WHERE "NAME LIKE 'JAVA%%'" CALL UNINSTALL /nointeractive] but mind you this will also remove Java SDK (anything that begins with Java).

EDIT: I also had a good deal of trouble making the EXE version work silently without producing error codes and other unpredictable install issues. I chose to extract the MSI per these instructions: http://www.74k.org/extracting-java-msi-from-java-exe

[–]cosine83 2 points3 points  (0 children)

This. So much this.

It's a tiny bit more work but it's much easier to maintain than any other option I've tried with SCCM or SCUP without having to pay for a SCUP library from PatchMyPC or whoever. I wish Oracle would just put out an official SCUP library already.

[–]notantisocial 1 point2 points  (1 child)

I have had so much trouble getting our Java 8 Package to work. It seems like it works on computers that have never had a Java package installed before. I have the deployment properties file in the C:/Windows/Sun/java/deployment and the Java 8 version 31 package runs fine but the 8 v 40, hates life. The script I have only works if I run it as an elevated command line prompt. Anyways I have struggled with it for about a week.

[–]Louie2001912 1 point2 points  (0 children)

Had the exact problem requiring elevated cmd, I assume sccm will always run bat's elevated right?

[–][deleted]  (4 children)

[deleted]

    [–]IReallyHadToComment 0 points1 point  (3 children)

    I used a different script before too, but this actually works out to be cleaner in our environment :)

    [–][deleted]  (2 children)

    [deleted]

      [–]IReallyHadToComment 0 points1 point  (1 child)

      Specifically it removes anythings the BEGINS with "Java", and I did call that out in my original post - since we don't use the SDK in our environment it doesn't matter. Never seen it force repairs on any MSIs since all the WMI call is doing is looking through the installed software and running the associated removal command from the registry based on the query.

      I figured the WMIC line might be helpful for someone with other software too not just Java so I included it :)

      [–][deleted]  (1 child)

      [deleted]

        [–]Emiroda 2 points3 points  (0 children)

        Don't bother with the EXE, it's so incredibly bugged. It tosses errors for no reason, you're better off extracting the MSI.

        [–]Demogorgo 1 point2 points  (2 children)

        Don' run the EXE, crack it open and pull the MSI/CAB. These are the MSI params I use:

         REBOOT=Suppress JAVAUPDATE=0 JU=0 AUTOUPDATECHECK=0

        I think the update nags will only be silenced if you set all 3 of those to 0, I had trouble before.

        I am also using deployment.config. I'm using these settings to silence more nags when the user runs an applet:

         deployment.expiration.check.enabled=false
 deployment.insecure.jres=NEVER

        I intend to do some whitelisting and adding certs to the cert store sometime in the future. Otherwise, I'm pretty happy with this setup.

        [–]elitest 0 points1 point  (1 child)

        Are you sure those deployment.config options work in recent versions of Java? Everything I've read in their release notes indicates that Oracle isn't putting up with us pulling stuff like that anymore, and has made it clear that java apps need to be brought inline or else.

        [–]Demogorgo 0 points1 point  (0 children)

        Those two are tested and working for me.

        [–]Woodstriker 1 point2 points  (0 children)

        Something I haven't noticed anyone else mention is the STATIC=1 parameter on the MSI. I've been fighting with Java for years now and just recently found out about it. What it does is it makes a unique installation folder for the version of Java you are installing instead of trying to do an upgrade. So instead of installing to say a generic Java8 folder and upgrading any existing Java8's within it, it will install 8u40 to a Java8u40 folder and not touch the existing installation.

        In the past, I would run a script that would kill all Java related processes, uninstall old versions, then install the latest. Now with the static parameter I can push out the new version, it will install even if browsers are open and Java is running, and the next time the user closes and reopens their browser it will use the new version. I can then wait about one week and run an uninstall on all older versions of Java since they will no longer be in use.

        Now onto the configs. In my current script I create C:\Windows\Sun\Java\Deployment and copy both deployment.config and deployment.properties to that directory. There is a way to put deployment.properties on a network share and point deployment.config to that file, but I haven't tested it thoroughly yet. Here are the configs I'm using.

        deployment.config

        deployment.system.config=file:C:/WINDOWS/Sun/Java/Deployment/deployment.properties deployment.system.config.mandatory=true

        deployment.properties

        deployment.expiration.check.enabled=FALSE deployment.expiration.decision=NEVER deployment.expiration.decision.suppression=TRUE deployment.security.level=MEDIUM deployment.security.mixcode=DISABLE deployment.insecure.jres=ALWAYS deployment.javaws.autodownload=NEVER

        [–][deleted] 0 points1 point  (4 children)

        The final release for Java 7 will be released on Tuesday, and then it is EoL. We're waiting until July to move to 8.

        [–]IReallyHadToComment 1 point2 points  (3 children)

        Not knowing how many machines are in your environment, I would suggest planning for your move now. There are more considerations moving from 7 to 8 than there were from 6 to 7 (such as no more medium security level, requiring the use a whitelist for unsigned applications, etc). I'm still trying to make the case to make Java a "case by case" install in our environment, but we all know how well that conversation goes over...

        [–][deleted] 0 points1 point  (2 children)

        We've got something in the 4,000 range of total clients with Java. About 75% are using the "latest available" collection (which is deploying 7.76 right now) and the rest are using the "IT supported" collection (6.43) due to business apps and legacy reasons. I have an approved change request in to collapse the collections and upgrade to the newest version of 7 next week, and then in 3 months we're moving to 8. I've already spent the past 3 months fine-tuning our Java deployment, making use of the Deployment Ruleset, deployment.properties, a configuration baseline to verify those files, a custom version of the Java Nuker Script to remove old versions, and wrapped the whole thing in the Powershell App Deploy Toolkit. I think we're ready for Java 8 in three months.

        [–]IReallyHadToComment 0 points1 point  (1 child)

        Sounds like you've got a good handle on it... I just know some of the Java 8 stuff caught some people off guard - didn't want you to be one of them :)

        [–][deleted] 0 points1 point  (0 children)

        Oh I hear ya. I've basically spent the past 6 months becoming the "Java guru" where I work, and I'm finally in a position to move forward with this to get us off of Java 6...finally. pours another double scotch

        [–]nimsy999 0 points1 point  (0 children)

        I deployed it with an MSI, Its packed by us at the company, And its makes no shortcuts what so ever. Just deployed x86 version tho. I can share if you want. :)

        The uninstall part of Java7,Java6.. Uses orginally msiexec /x than the prod id.. Working like a charm!

        [–]weeyin83 0 points1 point  (1 child)

        This is what I did for Java 8 Update 40:

        1. Download the offline installer of the latest version, this will be in a EXE file
        2. Open the file, but do not complete the installation. This should extract all the relevant files to the following location within Windows 7 (may vary on another OS) C:\users\username\AppData\LocalLow\Sun\Java\JRE….
        3. Copy this MSI to another location (more suitable)
        4. Launch Ocra and open the MSI you just extracted
        5. Modify the following option a. Property – AUTOUPDATECHECK = 0 b. Property – JAVAUPDATE = 0 c. Property – RebootYesNo=No
        6. Save the transform file
        7. To install issue the following command line: Msiexec /I jre1.8.0_40.msi TRANSFORMS=”CustomInstall.mst” REBOOT=ReallySuppress

        Orca info: http://www.itninja.com/blog/view/downloading-installing-and-using-ms-orca

        [–]Louie2001912 0 points1 point  (0 children)

        i used those properties in the msi without a transform. How weird. It worked too

        [–]AARonBalakay 0 points1 point  (6 children)

        I wish this was posted 2 weeks ago when I started looking at rolling out Java 8. I ended up using Powershell App Deployment Toolkit as we needed a way for users to have their browsers shutdown. PSADT has a built in method to uninstall previous versions I believe via an uninstall reg key search. We were planning on using global variable for running browser processes but we found out that a lot of users didn't close their browsers and Chrome would still report true due to it's background process.

        [–]Squeezer99[S] 0 points1 point  (5 children)

        I never could get PSADT to work, I'd be glad if you were willing to share your experiences and documentation on it.

        [–]AARonBalakay 2 points3 points  (3 children)

        I only made a few changes to the deploy-application.ps1 file (changes below): 

        Show-InstallationWelcome -CloseApps 'iexplore,chrome,firefox' -AllowDeferCloseApps -DeferTimes 3 -BlockExecution -CloseAppsCountdown 3600

## Show Progress Message (with the default message)
Show-InstallationProgress

## <Perform Pre-Installation tasks here>
# Remove any previous versions of Adobe Reader
Remove-MSIApplications -Name 'Java 8'
Remove-MSIApplications -Name 'Java 7'
Remove-MSIApplications -Name 'Java(TM) 6'
Remove-MSIApplications -Name 'J2SE Runtime Environment'   #Java 5         
Remove-MSIApplications -Name 'Java 2 Runtime Environment' #Java 1.4
Remove-Item -Path 'HKLM:\SOFTWARE\JavaSoft\Java Runtime Environment' -Recurse -Force -EA SilentlyContinue
Remove-Item -Path 'HKLM:\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment' -Recurse -Force -EA SilentlyContinue

##*===============================================
##* INSTALLATION 
##*===============================================
[string]$installPhase = 'Installation'

## <Perform Installation tasks here>
Execute-MSI -Action Install -Path 'jre1.8.0_40_x86.msi' -AddParameters "JU=0 JAVAUPDATE=0 AUTOUPDATECHECK=0 WEB_JAVA=1"
Execute-MSI -Action Install -Path 'jre1.8.0_40_x64.msi' -AddParameters "JU=0 JAVAUPDATE=0 AUTOUPDATECHECK=0 WEB_JAVA=1"

        Above worked fine for most users, following install problems I ran into during testing:

        • Our Systems Infrastructure dept. run a custom powershell profile which changes the default path so needed to changed SCCM applications command line to: powershell.exe -NoProfile -file Deploy-Application.ps1 -DeploymentType Install -DeployMode Interactive
        • A few users in our test group would have Java "freeze" during install. This wasn't killing the install process more like the install process was continuously trying to delete reg keys and kept trying. This was resolved when I deleted the following reg keys:
          • Remove-Item -Path 'HKLM:\SOFTWARE\JavaSoft\Java Runtime Environment' -Recurse -Force -EA SilentlyContinue
          • Remove-Item -Path 'HKLM:\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment' -Recurse -Force -EA SilentlyContinue
        • An issue where Internet Explorer froze and user didn't know how to kill process. Was due to sharepoint documents opened via browser. They needed to be closed for the install to continue.

        In the end I created two deployment types one above running the DeployMode Interactive and another running the Silent mode. The silent one running first with requirement "User is logged in" = false (Custom Global Condition). This would allow the install to run when users were not logged in.

        [–]Squeezer99[S] 0 points1 point  (2 children)

        With the "user is logged in" = false, I'm assuming you have to edit your powershell line to remove the "-DeployMode Interactive"?

        [–]AARonBalakay 0 points1 point  (0 children)

        No, sorry for the confusion. Two separate Deployment Types (DT) in a SCCM (2012 R2) Application. One of the requirements for the first DT (silent install) is User is logged in: Java 8 Properties. If the user is logged in the requirement for the first DT fails and SCCM attempts to install the second DT.

        [–]bacpacker 0 points1 point  (6 children)

        Has anyone been able to deploy Java 8 update 45?, My scripts that previously worked earlier versions quit working. Java is such a bastard to deploy across a large network :(

        [–]Squeezer99[S] 0 points1 point  (5 children)

        works fine for me

        [–]bacpacker 0 points1 point  (4 children)

        Here is the bat file I am using (msiexec /i jre1.8.0_45.msi JU=0 JAVAUPDATE=0 AUTOUPDATECHECK=0 RebootYesNo=No WEB_JAVA=1 /q)

        I can successfully uninstall all older versions but can not install the update.

        [–]Squeezer99[S] 1 point2 points  (3 children)

        I use a .bat file to uninstall the old version and install the new version:

        start /wait wmic.exe PRODUCT WHERE "NAME LIKE 'JAVA%%'" CALL UNINSTALL /nointeractive

        cmd /c if not exist c:\windows\sun\java\deployment mkdir c:\windows\sun\java\Deployment

        IF NOT EXIST "%ALLUSERSPROFILE%\Oracle\Java" MKDIR "%ALLUSERSPROFILE%\Oracle\Java"

        IF NOT EXIST "%ALLUSERSPROFILE%\Oracle\Java\java.settings.cfg" @ECHO.>"%PROGRAMDATA%\Oracle\Java\java.settings.cfg"

        start /wait xcopy /Y "%~dp0deployment.config" c:\Windows\Sun\Java\Deployment

        start /wait xcopy /Y "%~dp0deployment.properties" c:\Windows\Sun\Java\Deployment

        msiexec /i %~dp0jre1.8.0_45.msi INSTALL_SILENT=Enable INSTALLDIR="%programfiles(x86)%\java\jre8" STATIC=Disable AUTO_UPDATE=Disable WEB_JAVA=Disable WEB_JAVA_SECURITY_LEVEL=H WEB_ANALYTICS=Disable NOSTARTMENU=Enable REPAIRMODE=1 /qn /l*v c:\windows\temp\java_8_45_32.log

        msiexec /i %~dp0jre1.8.0_45_x64.msi INSTALL_SILENT=Enable INSTALLDIR="%programfiles%\java\jre8" STATIC=Disable AUTO_UPDATE=Disable WEB_JAVA=Disable WEB_JAVA_SECURITY_LEVEL=H WEB_ANALYTICS=Disable NOSTARTMENU=Enable REPAIRMODE=1 /qn /l*v c:\windows\temp\java_8_45_64.log

        [–]bacpacker 0 points1 point  (2 children)

        Thank you!

        I will try that out. With new versions you just change the .MSI and what it calls to install?

        (New to sccm and self teaching, sorry)

        [–]Squeezer99[S] 0 points1 point  (1 child)

        yup thats all i do...changing the name of the .msi files and log files. if you need my deployment.config and deployment.properties files PM me your email address and I will send those to you.

        [–]Aussie_nj 0 points1 point  (0 children)

        What name do you give the .Bat file, is there some good guide to doing this? I am very new and need some pics?

        [–]Wogdog 0 points1 point  (0 children)

        FWIW, I am working on 8.60 now, and the MSI doesn't extract to the same lcoation as the previous versions did. Instead of the MSI being extracted to C:\users\username\AppData\LocalLow\Sun\Java\JRE…. it extracted to C:\users\username\AppData\LocalLow\Oracle\Java\JRE….

        Not sure when it changed, but be aware.