UAC and java updates on domain

Banzai_Joe

Banzai_Joe

Banzai_Joe

Soldato
Joined
30 Sep 2006
Posts
5,280
Location
Midlands, UK
Hi all,

all of our win7 pro x64 domain pc's are requesting UAC credentials to install java update.
I can't go round every single pc and manually do this, so is there any way this can be automated from GPO or somewhere else?
Don't really want to turn UAC off as the retarded users are likely to bork something up. At the least UAC flags up a warning that they usually inform me about, so in that respect it's ok. Other than that its a PITA.
I'm the only admin btw.

Any suggestions please?
 
Could be a little more specific please?
Disabling updates would require my presence at each pc wouldn't it? Or at least remotely, but i've got about 25 desktops to do.
Thing is though, with Java they release updates quite often, which mean i'll be remaking the msi's quite often i guess.
 
Make a batch file or VB script to create the reg key below, save it somewhere all computers can access (eg sysvol) then assign the script to the OU containing the computers using a group policy object with this as a startup script

[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy]
“EnableJavaUpdate”=dword:00000000

Next time the computers reboot they will run the batch file and updates are disabled

Or if all the computers are turned on you could write something with psexec or ps-remoting that connects to each machine and adds the reg key for you.

Java provide MSI packages on their website so you only need to download them and update your group policy - 5 minute job
 
Something like this.. (needs psexec and the reg file in the same directory you run the script from)

@ECHO OFF
TITLE Import reg file to OU

setlocal enabledelayedexpansion

REM Remove any pre-existing files
del dsqueryresults.txt /f
del dsqueryresults2.txt /f
del RegImportLog.txt /f

REM Generate list of computers from OU
dsquery computer "OU=Desktops,dc=london,dc=company,dc=com" -o rdn -limit 0 > dsqueryresults.txt

REM Remove quotation marks from generated list
for /F "delims=" %%A in (dsqueryresults.txt) do echo %%~A >> dsqueryresults2.txt

REM Iterate through list, copy and import reg file to machines which respond to ping
for /f %%a in (dsqueryresults2.txt) do (
ping -n 1 -i 200 -w 130 %%a
IF !ERRORLEVEL! GTR 0 echo %%a Timedout. >> RegImportLog.txt
IF !ERRORLEVEL! LSS 1 echo %%a Responded. >> RegImportLog.txt
IF !ERRORLEVEL! LSS 1 copy disableJavaUpdate.reg \\%%a\c$\disableJavaUpdate.reg >> RegImportLog.txt
IF !ERRORLEVEL! LSS 1 psexec \\%%a reg import c:\disableJavaUpdate.reg >> RegImportLog.txt
echo. >> RegImportLog.txt
)

REM Remove temp files
del dsqueryresults.txt /f
del dsqueryresults2.txt /f

REM Open results file
start RegImportLog.txt

exit
Click to expand...
 
Thanks fellas,
i'm not really a scriptkiddy, i might just be able to manage the regkey and GPO part of, but psexec, i'm not really acquainted very well with. Thinks its on my pc, but not faimilar with it to the extent that i would try doing this.
 
KIA said:
Question is, do they all need Java?
Click to expand...

This, although I'm guessing you do. Otherwise just uninstall it. I've noticed it doesn't even like "over the shoulder" elevation either and I have to log into the admin account to update. It drives me nuckin futz but we need it.
 
Banzai_Joe said:
Possibly not, although i'm of the opinion that if java is indeed needed, then it should at least be up-to-date.
Click to expand...

I agree, it should be kept up-to-date but please uninstall Java unless it is definitely required. Sometimes certain applications don't require access to the web plug-in meaning it can be disabled without affecting the user.
 
You must log in or register to reply here.
Back
Top Bottom