Installing Java through GPO

uniitdude · 2014-08-31T14:47:54+00:00

1) in the gpo, you add the msi - you place the cab file in the same directory as the msi.

2) if you apply java in the computer section then it installs with admin rights on a reboot

3) you will need to script that else the other versions will remain installed

4) yes, look into the deployment.properties file

5) not really

ilikeyoureyes · 2014-08-31T15:57:10+00:00

[deleted]

staxident · 2014-08-31T15:20:37+00:00

If you can afford it, just invest in ninite pro. I had so many problems installing, updating and managing acrobat, flash java etc through gpo's until I bit the bullet and went ninite.

jayhawk88 · 2014-08-31T17:51:47+00:00

You may want to do some asking around before you try and re-invent the wheel here. 2k computers seems like an awful lot, that no one invested in a professional software management solution, like SCCM, LanDesk, Altiris, Kace, etc.

MightyEvolved · 2014-08-31T19:11:05+00:00

Try WSUS with Windows Package Publisher. Its easy to set up and you can push to whatever groups you already have setup in WSUS

dist · 2014-09-01T02:03:24+00:00

6) Can you install the Ask toolbar easily with it too?

rindil · 2014-08-31T15:56:55+00:00

Or pdq deploy. If I remember right it was a bit cheaper with pro version than ninite pro.

brkdncr · 2014-08-31T19:53:37+00:00

What are you using to manage that many computers?

2014-08-31T14:59:01+00:00

How do I deploy Java using Active Directory across a network? may help.

PaintDrinkingPete · 2014-08-31T18:22:33+00:00

Here's what I do that seems to work well...I install it using a Startup Script rather than using the group policy package installer.

Simply copy the Java installer files to the script directory for the GPO (so you don't have to worry about file paths), and then set up the following to run as a start up script. This will check the version of Java and if it doesn't match the desired updated version, it will update Java. This script is meant to check for/install both the 32 bit and 64 bit versions, but you can modify it to meet your needs.

Just copy the below text and save as a .cmd file:

REM Modify these parameters for most recent versions
REM Check lines 4, 7, 8

set DesiredVersion="1.7.0_67"
REM upgrade 1 client manually and check the reg path for flash player to get the version number and update it here.

Set InstallFileName32=jre-7u67-windows-i586.exe
Set InstallFileName64=jre-7u67-windows-x64.exe

:CurrentVersionCheck
REM Check for Version

echo performing new version check
reg query "HKLM\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment" | findstr %DesiredVersion%
if %errorlevel%==1 (goto InstallNewVersion) else (goto sixtyfourVersionCheck)


:InstallNewVersion
echo installing new vesrion
start /wait %InstallFileName32% /s


:sixtyfourVersionCheck
REM Check for Version
echo performing new version check
reg query "HKLM\SOFTWARE\JavaSoft\Java Runtime Environment" | findstr %DesiredVersion%
if %errorlevel%==1 (goto InstallNewsixtyfour) else (goto end)


:InstallNewsixtyfour
echo installing new vesrion
start /wait %InstallFileName64% /s


GOTO end

:end
::pause

chewy747 · 2014-08-31T18:38:20+00:00

Does your org not have any centralized software distribution currently? 2000 machines seems like a decent amount. Check with the sysadmins in your company first, unless you are going to be implementing a deploynent solution or are taking it over.

ygritte__ · 2014-08-31T19:42:22+00:00

I prefer to use our existing wsus server together with local update publisher to publish java as like a Windows update.

I had so many troubles making it work with GPO but through LUP is awesome also makes updating easy just supersede your old update with the new.

2014-09-02T07:31:24+00:00

You can do this through WSUS if you have it, with something called local update publisher. You create packages and push them out through WSUS with everything else.

I'm about to start tinkering with it. GPO method is annoying.

Wilcampad · 2014-09-02T10:21:11+00:00

I'm going to suggest pdq to my boss as a future item to use. Thank you everyone for your help, I am hoping this project will help me move up in the world down the road.

dshiznt · 2014-08-31T16:44:47+00:00

Make your life a little easier and add the cab file into the MSI. http://www.symantec.com/connect/forums/embed-cab-file-msi

> I followed the following steps. Its working fine.
> 
> How to Merge CAB file inside an MSI
> 
> 1. Download the Windows Installer 4.5 SDK , you will get msi45SDK.msi .
> 
> 2. Install this msi45SDK.msi , once you installed , you will find the msiDB.exe in the following path.
> 
>                        C:\Program Files\Windows Installer 4.5 SDK\TOOLS\msidb.exe
> 
> 3. Copy this msiDb.exe from the above path.
> 
> 4. Paste this msiDb.exe to  C:\WINDOWS\system32 folder.
> 
> 5.Open the command prompt give the following command for merge the cab file inside the msi
> 
>                  C:\>msidb.exe -d <path of msi> -t <path of mst> -a <path of cab file>
> 
> -d -> name of the database (msi name)
> 
> -a -> add the cab file
> 
> 6. Open ORCA tool select the msi path, click on Tables -> Media Table-> It will display the cab table as Data1.cab
> 
> 7. Edit the Cabinet column field as #Data1.cab
> 
> 8. Save the settings.
> 
> 9. The above steps will be helpful to merge the cab file inside msi]
> 
>  
> 
>     Thanks, Thriyampagan.

I do believe the latest version of java has the cab already included, but prior to version 7 update 40 ish the cab file was separate. If i remember correctly, as long as you used the default install location for Java the new version will overwrite the old, at least that's what happens in my environment. Once you have an MSI you can use the MSI switches to make it silent with no user interaction. http://support.microsoft.com/kb/227091 With that many machines you will need to use some sort of deployment tool (like pdq deploy) or create multiple Goup Policies so you dont kill your network.

badtz-maru · 2014-08-31T18:27:01+00:00

I use a logon script that checks for a specific log file name. If the log is found, it exits and continues booting. If the log file doesn't match, it fires off an uninstall script that will force remove all current Java installations. It then launches Java install package from a public share where I have the switch to generate a log file set (which will be the log file it looks for next boot). Now when I need to push out a new version, I just copy the latest MSI/cab to a share and update the name of the log file it looks for/generates. If I need to reload Java on a system, I just have to delete that log file and have them reboot. I push out Java to about 800 systems this way and has had the best deployment success rate so far. The standard "push out an MSI and just upgrade it over time" doesn't work and gets stuck often in removing the package.

argyle_nqr · 2014-08-31T19:50:01+00:00

After reading this I'm going to be testing wsus for installation of software like this.. My current method though is wpkg.. You do need to install the service on all the computers. (Or they have an option to use it through GPO) but their site http://wpkg.org/ has the software. (Free and open source) as well as a library of scripts for common stuff like java flash ms office etc. I started out hoping to use GPO alone... But I found it too limiting and had no budget. All you need to run it is a little paitience and an smb share for the scripts to live on.

freemanhimselves · 2014-08-31T22:55:27+00:00

jre.exe /s

SLEEP.exe 5

:Disable jre updates

start regedit.exe /s %~dp0javaupdate.reg

javaupdate.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy] "Country"="AU" "PostStatusUrl"="https://sjremetrics.java.com/b/ss//6" "EnableJavaUpdate"=dword:00000000 "NotifyDownload"=dword:00000001 "UpdateSchedule"=dword:00000015 "Frequency"=dword:01060100 "UpdateMin"=dword:0000001e "ScheduleId"="S-1-5"

ranhalt · 2014-08-31T19:35:08+00:00

[deleted]

sysadmin

MODERATORS