Who hates Java? (how to remove all Java installations on your Network)

My colleague who is rightly paranoid about security has a dislike for the buggy software from Java, so one day he shoots me off a link to a forum where he found a VB script to remove ALL versions of java from a PC. Fantastic i thought, now we just have to put it in our environment!

Here is the forum from where we got a VB script from:
http://www.appdeploy.com/messageboards/tm.asp?m=29809

So they guys on the forum post did all the hard work, all I did was apply it to our situation. Here is what we wanted to achieve:

  • Run the script on every PC (client) in our network – we didnt have alot of users that actually required Java so we decided to remove everything, and only install it (in a managed way) to the users that required it.
  • Make sure the whole script did not run EVERY time the PC was turned on.
  • Output the log files somewhere centrally so we can monitor the uninstall process.
  • Provide a managed Java deployment solution via GroupPolicy

So here is the vbs file that i used:

uninstall_all_java.vbs

Note: The changes I did to one of the versions posted online was to relocate the log file from the local machine to one central location. The only changes required to apply to your network are on line 21 and line 22.

Next is the batch file that we actually executed as a StartUp script in GroupPolicy:

checklogsbeforerunning.bat

 

Now a log file will be created by the VBS script when the uninstall runs initially. After that, the batch file searches for the log file and if it exists, it simply bypasses the VBS.

If you want to exclude systems, you can do that by:

  • Security context in Group Policy
  • Organizational Units in Group Policy
  • Log files (empty) in the central log file location

Lastly we deployed the latest version of Java (without the bloat) based on group membership to only the users that required it. From here we can upgrade them all in a managed way, and remove the original version so we only keep the latest version of Java. I may create a new blog on how i packaged Java (if there is nothing out there thats clear enough)

UPDATE: 18/11/2013 – I have an updated post on how to package and deploy Java 7 Update 45 which may help if you are reading this article. Read them here:
Deploying Java 7 JRE – Deep Dive! (Part 1)
Deploying Java 7 JRE – Deep Dive! (Part 2)

24 thoughts on “Who hates Java? (how to remove all Java installations on your Network)”

  1. why would you want to delete java? its not a virus… its a programming and game running system. a lot of games use it and many programmers use it. it nothing bad… the only thing i hate is that is has sooo many updates

    Reply
    • Java has been round for being a problem product. To mention a few:
      1. Security risks – the software has had many many security vulnerabilities which have been exploited in the wild. A large number of zero-day malware used vulnerabilites found in Java and this causes many problems for enterprise IT departments.
      2. Updating the software has always, and still is problematic. They choose to package their software with not enough consideration to enterprises. Their software used to keep multiple versions rather than upgrade. This was changed at version 6.11 from memory but that did create problems for IT.
      3. The software is system wide, not user only, so administrative rights required to perform upgrades. This creates updating problematic for Enterprise IT.
      The product itself may do what its supposed to but it comes at a cost.

      From a security perspective, if my clients dont need to run it, i would not install it.

      Cheers,
      Ivan

      Reply
  2. I added the following if statement that checks for a certain info in the DisplayName before it runs the uninstall. Seems to work pretty good.

    if strDisplayName = “Java(TM) 6 Update 39″ then
    ts.WriteLine Now() & ” – ” & strDisplayName & ” – Version: ” & strDisplayVersion & ” ALREADY INSTALLED”
    else
    ts.WriteLine Now() & ” – ” & strDisplayName & ” – Version: ” & strDisplayVersion
    ts.WriteLine Now() & ” – Uninstall String sent: ” & strUninstCMD
    ret = wshShell.Run(strUninstCMD , 0, True)
    ts.WriteLine Now() & ” – Return: ” & ret
    End if

    Reply
  3. Ivan,

    Thank you so much for this. This has saved us a lot of time and headaches. I am having problems with the uninstall 32 bit versions on x64 win 7 and 8. When I run the script, I get “No Java Runtime versions found installed.” I have made the changes that you suggested back in December, and ran the x64 version first. Am I missing something?

    I am new at scripting, so I am still learning on how to read and understand what is written.

    Reply
    • Hi Dan,

      It would be quite difficult to do that with that particular script as it was not designed to do it. There are others scripts are easier to modify. Below is a code i found online that would be easier to implement such change, however I have found some issues with that particular code that did not give consistent results.
      (http://www.itninja.com/software/oracle/java-2/7-552 – Comment from junuzzz 11/29/2012)
      Regards,
      Ivan

      Reply
  4. Awesome thanks, I’ll try to create the package and advertise it now and see what happens, I have a small number, about 10, test machines that reflect about 1 machine in each department we have here, so I’ve had a few people bugged with me this week but at least is isn’t 400!

    Reply
  5. So I was getting a system error that this has to be installed by an admin which I am, when I run it as a local admin it works, will this work then if I push it out via SCCM 2007?

    Reply
    • Hi MMAniac911,
      When installing through SCCM, provided the advertisement and program are configured correctly it will use the SYSTEM account to run the actions. This means you should have no issues with permissions.

      Before sending it off to run on a large number of machines always apply it to test groups prior and make sure the outcome is desirable. A little extra care in the beginning goes a long way to preventing enterprise wide problems later.

      Cheers,
      Ivan

      Reply
  6. This is a pretty crazy project, seems to simple and is such a huge pain, so this works on my machine, I am a domain admin, but when I try it on a few other computers in the patch test group the script runs disappears fast and msiexec.exe sits in the task manager and does nothing.

    Reply
  7. So I figured out what you meant by deleting the log, obviously my log will be in a different place etc, but it isn’t running, do I have to have something else to get that cscript to run or should it run automatically?

    Reply
    • I am not uninstalling using the MSI instead so for example to delete a 64 bit version of java 7 update 11 im using:
      msiexec.exe /X {26a24ae4-039d-4ca4-87b4-2f86417011FF} /qn
      and this for the 32 bit version:
      msiexec.exe /X {26a24ae4-039d-4ca4-87b4-2f83217011FF} /qn
      I’m having a weird issue with my batch file however because I sometimes get a dll error that requires user input, how can I get the batch file to input “OK” automatically so it continues or to skip this dll error and continue?

      Reply
      • Hi MMAniac911,
        Acutally you are using MSI to uninstall. By calling the GUID, it goes to the registry, fetches the uninstall string and executes it (which is generally an MSI that uninstalls the product).

        Try running the x64 uninstall before the x86 version to alleviate the error – It may resolve it.
        Cheers,
        Ivan

        Reply
  8. OK make sense, but I’m confused about the

    \\server.contoso.com\hiddenshare$\JavaUninstall\Logs\Java_Uninstall_COMPUTERNAME.log

    that your referring to.

    Reply
  9. I tried to make this painless for my XP and Win7 boxes since they only have versions 6 and/or 7.

    REM **************************************************************
    REM * Created by MLTCJL76 *
    REM * 1/16/13 *
    REM * This is designed as a startup script to work with a *
    REM * software deployment GPO for of Java 7 Update 11 *
    REM * for future updates, just use the GPO java package *
    REM **************************************************************

    @ECHO ON

    REM Check to if the cleanup has alread been run on the machine
    cd c:\
    IF exist C:java_log.txt goto END else

    REM Remove all versions of Java(TM) 6
    wmic product where “name like ‘Java(TM) 6%%'” call uninstall /nointeractive

    REM Remove first 10 versions of 7 Update X
    wmic product where “name = ‘Java 7 Update 1′” call uninstall /nointeractive
    wmic product where “name = ‘Java 7 Update 2′” call uninstall /nointeractive
    wmic product where “name = ‘Java 7 Update 3′” call uninstall /nointeractive
    wmic product where “name = ‘Java 7 Update 4′” call uninstall /nointeractive
    wmic product where “name = ‘Java 7 Update 5′” call uninstall /nointeractive
    wmic product where “name = ‘Java 7 Update 6′” call uninstall /nointeractive
    wmic product where “name = ‘Java 7 Update 7′” call uninstall /nointeractive
    wmic product where “name = ‘Java 7 Update 8′” call uninstall /nointeractive
    wmic product where “name = ‘Java 7 Update 9′” call uninstall /nointeractive
    wmic product where “name = ‘Java 7 Update 10′” call uninstall /nointeractive

    REM Create the check file so the script does not run again
    echo Java Uninstalled on %date% by %username% > C:\java_log.txt

    goto END

    :END
    exit

    It could use some error checking and coudl be more elegant but on 1600 nodes, no failures….

    Reply
    • Nice approach – I’m surprised you didn’t have more problems with it as WMI can break in Windows and prevent the uninstall from working correctly.
      In saying that I used the same approach to uninstall Silverlight from my servers.

      Regards,
      Ivan

      Reply
      • I tried this and it ran and it created a log, but didn’t uninstall anything, I just copy and pasted the txt to a .bat file, what am I missing? I’m trying to do this because I pushed a java 7 v 11 update out via sccm that was messed up somehow to a group of test computers and they all show as installed in add remove programs but if you click the java icon in CP its broken, and its broken in IE, so I think I fixed the push but since this is showing as installed I don’t think the new ones are taking, so I wanted to remove what I did and try it again.

        Reply
        • Did you save the VBS file as well? Scroll up to the line that says:
          uninstall_all_java.vbs and underneath it click on the link that says ‘show source’.
          That file needs to be present for the script to work.

          Make sure you delete the log file “\\server.contoso.com\hiddenshare$\JavaUninstall\Logs\Java_Uninstall_COMPUTERNAME.log” and run the script again.

          Cheers,
          Ivan

          Reply
  10. I recieved an email recently asking why this script is not working on Windows 7 x64 machines. Put simply the script is not written to do so. The main reason for this is that Windows stores uninstall information in the registry in two separate locations, depending on the architecture of the application. These locations are:
    * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ – 32 bit installs on a 32 bit machine, and 64 bit installs on a 64 bit machine
    * HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ – 32 bit installs on a 64 bit machine.

    My suggestion was to modify the script (lines 56-62,146) and save the script as a second script. Not a pretty method at all but in a very short turnaround you can run two scripts. One script on ALL machines, and the second only on 64 Bit machines.

    Hope it helps others,
    Ivan

    Reply
  11. Great post. I’ve been looking for a while for an easy way to get rid of Java. You know what they say, “Java: Write once, infect everywhere.”

    Reply

Leave a Reply to DaveCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

QR Code Business Card