My colleague who is rightly paranoid about security has a dislike for the buggy software from Java, so one day he shoots me off a link to a forum where he found a VB script to remove ALL versions of java from a PC. Fantastic i thought, now we just have to put it in our environment!
Here is the forum from where we got a VB script from:
http://www.appdeploy.com/messageboards/tm.asp?m=29809
So they guys on the forum post did all the hard work, all I did was apply it to our situation. Here is what we wanted to achieve:
- Run the script on every PC (client) in our network – we didnt have alot of users that actually required Java so we decided to remove everything, and only install it (in a managed way) to the users that required it.
- Make sure the whole script did not run EVERY time the PC was turned on.
- Output the log files somewhere centrally so we can monitor the uninstall process.
- Provide a managed Java deployment solution via GroupPolicy
So here is the vbs file that i used:
uninstall_all_java.vbs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 |
'# D.Collins - 16:58 18/02/2009 '# Uninstalls any and all versions of Java Runtime. '# Based on a script by 'muaddip' from Appdeploy.com message boards. '# http://www.appdeploy.com/messageboards/tm.asp?m=29809 Option Explicit Dim wshShell, fso, strLogFile, ts, strTempDir, strTempISS, strUnString, tsIn, blFound Dim strUninstLine, CLSID, search5, search6, search7, strJRE1, strDisplayName, strDisplayVersion Dim strPublisher, strUninstallString, strJREUninstallString, strJREDisplayName Dim search1, search2, search3, search4, strJREUninstallStringNEW, ret, strUninstCMD Dim tsISS, strSetupexe, qVal, strComputername qVal = 0 Set wshShell = CreateObject("WScript.Shell") Set fso = CreateObject("Scripting.FileSystemObject") strComputername = wshShell.ExpandEnvironmentStrings("%COMPUTERNAME%") If Not fso.FolderExists("\\server.contoso.com\hiddenshare$\JavaUninstall\Logs") Then fso.CreateFolder("\\server.contoso.com\hiddenshare$\JavaUninstall\Logs") strLogFile = "\\server.contoso.com\hiddenshare$\JavaUninstall\Logs\Java_Uninstall_" & strComputername & ".log" Set ts = fso.OpenTextFile(strLogFile, 8, True) ts.WriteLine String(80, "_") ts.WriteLine String(80, "¯") ts.WriteLine Now() & " - Java Runtime(s) uninstallation" ts.WriteLine String(80, "_") & vbCrlf '# Generate Registry extracts from 'Uninstall' keys. PreFlight() '# Kill Java Processes KillProc() strTempDir = wshShell.ExpandEnvironmentStrings("%temp%") strTempISS = strTempDir & "\iss" strUnString = " -s -a /s /f1" Set tsIn = fso.OpenTextFile(strTempDir & "\uninstall.tmp", 1) If Not fso.FolderExists(strTempISS) Then fso.CreateFolder(strTempISS) blFound = False Do While Not tsIn.AtEndOfStream strUninstLine = tsIn.ReadLine CLSID = Mid(strUninstLine, 73, 38) search5 = Instr(strUninstLine, "JRE 1") search6 = Instr(strUninstLine, "]") If search5 > 0 AND search6 > 0 Then strJRE1 = Replace(Mid(strUninstLine, search5, search6),"]","") End If On Error Resume Next strDisplayName = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & CLSID & "\DisplayName") strDisplayVersion = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & CLSID & "\DisplayVersion") strPublisher = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & CLSID & "\Publisher") strUninstallString = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & CLSID & "\UninstallString") strJREUninstallString = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & strJRE1 & "\UninstallString") strJREDisplayName = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & strJRE1 & "\DisplayName") On Error Goto 0 'Search for presence of Java and Sun in DisplayName and Publisher search1 = Instr(1, strDisplayName, "Java", 1) search2 = Instr(1, strPublisher, "Sun", 1) search3 = Instr(1, strDisplayName, "J2SE", 1) search4 = Instr(1, strUninstallString, "setup.exe", 1) search7 = InStr(1, strDisplayName, "Development", 1) + InStr(1, strDisplayName, "Java DB", 1) If strJREUninstallString <> "" Then blFound = True '# JRE 1 found strJREUninstallStringNEW = Replace(strJREUninstallString," -f"," -s -a /s /f") ts.WriteLine Now() & " - " & strJREDisplayName ts.WriteLine Now() & " - Uninstall String sent: " & strJREUninstallStringNEW ret = wshShell.Run(strJREUninstallStringNEW , 0, True) ts.WriteLine Now() & " - Return: " & ret If ret <> 0 And ret <> 3010 Then qVal = 1 ElseIf search7 = 0 And search1 > 0 Or search3 > 0 And search2 > 0 Then blFound = True strUninstCMD = "msiexec.exe /x " & CLSID & " /norestart /qn" If search4 > 0 Then '# Old InstallShield setup found Set tsISS = fso.OpenTextFile(strTempISS & "\" & CLSID & ".iss", 2, True) 'Create Response file for any Java Version tsISS.WriteLine "[InstallShield Silent]" tsISS.WriteLine "Version=v6.00.000" tsISS.WriteLine "File=Response File" tsISS.WriteLine "[File Transfer]" tsISS.WriteLine "OverwrittenReadOnly=NoToAll" tsISS.WriteLine "[" & CLSID & "-DlgOrder]" tsISS.WriteLine "Dlg0=" & CLSID & "-SprintfBox-0" tsISS.WriteLine "Count=2" tsISS.WriteLine "Dlg1=" & CLSID & "-File Transfer" tsISS.WriteLine "[" & CLSID & "-SprintfBox-0]" tsISS.WriteLine "Result=1" tsISS.WriteLine "[Application]" tsISS.WriteLine "Name=Java 2 Runtime Environment, SE v1.4.0_01" tsISS.WriteLine "Version=1.4.0_01" tsISS.WriteLine "Company=JavaSoft" tsISS.WriteLine "Lang=0009" tsISS.WriteLine "[" & CLSID & "-File Transfer]" tsISS.WriteLine "SharedFile=YesToAll" tsISS.Close strSetupexe = Left(strUninstallString, search4 + 9) strUninstCMD = strSetupexe & strUnString & Chr(34) & strTempISS & "\" & CLSID & ".iss" & Chr(34) End If ts.WriteLine Now() & " - " & strDisplayName & " - Version: " & strDisplayVersion ts.WriteLine Now() & " - Uninstall String sent: " & strUninstCMD ret = wshShell.Run(strUninstCMD , 0, True) ts.WriteLine Now() & " - Return: " & ret If ret <> 0 And ret <> 3010 Then qVal = 1 End If Loop tsIn.Close If Not blFound Then ts.WriteLine Now() & " - No Java Runtime versions found installed." qVal = 99 End If ts.WriteLine String(80, "_") ts.WriteLine String(80, "¯") ts.Close fso.DeleteFolder(strTempISS) fso.DeleteFile(strTempDir & "\uninstall.tmp") WScript.Quit(qVal) Sub PreFlight() '# Creates temp files containing extracts from registry 'Uninstall' keys. Dim wshShell, fso, sTemp Set wshShell = CreateObject("WScript.Shell") Set fso = CreateObject("Scripting.FileSystemObject") sTemp = wshShell.ExpandEnvironmentStrings("%temp%") wshShell.Run "REGEDIT /E %temp%\registry.tmp HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall", 0, True wshShell.Run "cmd /c type %temp%\registry.tmp | find /i ""{"" | find /i ""}]"" > %temp%\uninstall.tmp ", 0, True wshShell.Run "cmd /c type %temp%\registry.tmp | find /i ""JRE 1"" >> %temp%\uninstall.tmp ", 0, True If Not fso.FileExists(sTemp & "\uninstall.tmp") Then ts.WriteLine Now() & " - No input - %temp%\uninstall.tmp Reg extract not created." ts.WriteLine String(80, "_") ts.WriteLine String(80, "¯") ts.Close WScript.Quit(1) End If End Sub Sub KillProc() '# kills jusched.exe and jqs.exe if they are running. These processes will cause the installer to fail. Dim wshShell Set wshShell = CreateObject("WScript.Shell") wshShell.Run "Taskkill /F /IM jusched.exe /T", 0, True wshShell.Run "Taskkill /F /IM jqs.exe /T", 0, True End Sub |
Note: The changes I did to one of the versions posted online was to relocate the log file from the local machine to one central location. The only changes required to apply to your network are on line 21 and line 22.
Next is the batch file that we actually executed as a StartUp script in GroupPolicy:
checklogsbeforerunning.bat
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
@ECHO OFF REM ======================================================= REM Author: Ivan Dretvic REM DATE CREATED: 28/01/2011 REM REM Checks to see if log file exists, if so wont run script REM REM ======================================================= SET LOGFILE="\\server.contoso.com\hiddenshare$\JavaUninstall\Logs\Java_Uninstall_%computername%.log" IF EXIST %LOGFILE% GOTO END cscript "\\contoso.com\SysVol\contoso.com\Policies\{CB83E5DC-897C-4A88-8F3A-61960C2D5B4F}\Machine\Scripts\Startup\uninstall_all_java.vbs" :END end |
Now a log file will be created by the VBS script when the uninstall runs initially. After that, the batch file searches for the log file and if it exists, it simply bypasses the VBS.
If you want to exclude systems, you can do that by:
- Security context in Group Policy
- Organizational Units in Group Policy
- Log files (empty) in the central log file location
Lastly we deployed the latest version of Java (without the bloat) based on group membership to only the users that required it. From here we can upgrade them all in a managed way, and remove the original version so we only keep the latest version of Java. I may create a new blog on how i packaged Java (if there is nothing out there thats clear enough)
UPDATE: 18/11/2013 – I have an updated post on how to package and deploy Java 7 Update 45 which may help if you are reading this article. Read them here:
Deploying Java 7 JRE – Deep Dive! (Part 1)
Deploying Java 7 JRE – Deep Dive! (Part 2)
why would you want to delete java? its not a virus… its a programming and game running system. a lot of games use it and many programmers use it. it nothing bad… the only thing i hate is that is has sooo many updates
Java has been round for being a problem product. To mention a few:
1. Security risks – the software has had many many security vulnerabilities which have been exploited in the wild. A large number of zero-day malware used vulnerabilites found in Java and this causes many problems for enterprise IT departments.
2. Updating the software has always, and still is problematic. They choose to package their software with not enough consideration to enterprises. Their software used to keep multiple versions rather than upgrade. This was changed at version 6.11 from memory but that did create problems for IT.
3. The software is system wide, not user only, so administrative rights required to perform upgrades. This creates updating problematic for Enterprise IT.
The product itself may do what its supposed to but it comes at a cost.
From a security perspective, if my clients dont need to run it, i would not install it.
Cheers,
Ivan
I added the following if statement that checks for a certain info in the DisplayName before it runs the uninstall. Seems to work pretty good.
if strDisplayName = “Java(TM) 6 Update 39″ then
ts.WriteLine Now() & ” – ” & strDisplayName & ” – Version: ” & strDisplayVersion & ” ALREADY INSTALLED”
else
ts.WriteLine Now() & ” – ” & strDisplayName & ” – Version: ” & strDisplayVersion
ts.WriteLine Now() & ” – Uninstall String sent: ” & strUninstCMD
ret = wshShell.Run(strUninstCMD , 0, True)
ts.WriteLine Now() & ” – Return: ” & ret
End if
Ivan,
Thank you so much for this. This has saved us a lot of time and headaches. I am having problems with the uninstall 32 bit versions on x64 win 7 and 8. When I run the script, I get “No Java Runtime versions found installed.” I have made the changes that you suggested back in December, and ran the x64 version first. Am I missing something?
I am new at scripting, so I am still learning on how to read and understand what is written.
We figured it out. We were using cmd.exe and we needed to use wscript. Thank you.
is there a way to edit this script so that I can keep certain versions i specify on the machines? Thanks
Hi Dan,
It would be quite difficult to do that with that particular script as it was not designed to do it. There are others scripts are easier to modify. Below is a code i found online that would be easier to implement such change, however I have found some issues with that particular code that did not give consistent results.
(http://www.itninja.com/software/oracle/java-2/7-552 – Comment from junuzzz 11/29/2012)
Regards,
Ivan
Awesome thanks, I’ll try to create the package and advertise it now and see what happens, I have a small number, about 10, test machines that reflect about 1 machine in each department we have here, so I’ve had a few people bugged with me this week but at least is isn’t 400!
So I was getting a system error that this has to be installed by an admin which I am, when I run it as a local admin it works, will this work then if I push it out via SCCM 2007?
Hi MMAniac911,
When installing through SCCM, provided the advertisement and program are configured correctly it will use the SYSTEM account to run the actions. This means you should have no issues with permissions.
Before sending it off to run on a large number of machines always apply it to test groups prior and make sure the outcome is desirable. A little extra care in the beginning goes a long way to preventing enterprise wide problems later.
Cheers,
Ivan
This is a pretty crazy project, seems to simple and is such a huge pain, so this works on my machine, I am a domain admin, but when I try it on a few other computers in the patch test group the script runs disappears fast and msiexec.exe sits in the task manager and does nothing.
So I figured out what you meant by deleting the log, obviously my log will be in a different place etc, but it isn’t running, do I have to have something else to get that cscript to run or should it run automatically?
I am not uninstalling using the MSI instead so for example to delete a 64 bit version of java 7 update 11 im using:
msiexec.exe /X {26a24ae4-039d-4ca4-87b4-2f86417011FF} /qn
and this for the 32 bit version:
msiexec.exe /X {26a24ae4-039d-4ca4-87b4-2f83217011FF} /qn
I’m having a weird issue with my batch file however because I sometimes get a dll error that requires user input, how can I get the batch file to input “OK” automatically so it continues or to skip this dll error and continue?
Hi MMAniac911,
Acutally you are using MSI to uninstall. By calling the GUID, it goes to the registry, fetches the uninstall string and executes it (which is generally an MSI that uninstalls the product).
Try running the x64 uninstall before the x86 version to alleviate the error – It may resolve it.
Cheers,
Ivan
OK make sense, but I’m confused about the
\\server.contoso.com\hiddenshare$\JavaUninstall\Logs\Java_Uninstall_COMPUTERNAME.log
that your referring to.
I tried to make this painless for my XP and Win7 boxes since they only have versions 6 and/or 7.
REM **************************************************************
REM * Created by MLTCJL76 *
REM * 1/16/13 *
REM * This is designed as a startup script to work with a *
REM * software deployment GPO for of Java 7 Update 11 *
REM * for future updates, just use the GPO java package *
REM **************************************************************
@ECHO ON
REM Check to if the cleanup has alread been run on the machine
cd c:\
IF exist C:java_log.txt goto END else
REM Remove all versions of Java(TM) 6
wmic product where “name like ‘Java(TM) 6%%'” call uninstall /nointeractive
REM Remove first 10 versions of 7 Update X
wmic product where “name = ‘Java 7 Update 1′” call uninstall /nointeractive
wmic product where “name = ‘Java 7 Update 2′” call uninstall /nointeractive
wmic product where “name = ‘Java 7 Update 3′” call uninstall /nointeractive
wmic product where “name = ‘Java 7 Update 4′” call uninstall /nointeractive
wmic product where “name = ‘Java 7 Update 5′” call uninstall /nointeractive
wmic product where “name = ‘Java 7 Update 6′” call uninstall /nointeractive
wmic product where “name = ‘Java 7 Update 7′” call uninstall /nointeractive
wmic product where “name = ‘Java 7 Update 8′” call uninstall /nointeractive
wmic product where “name = ‘Java 7 Update 9′” call uninstall /nointeractive
wmic product where “name = ‘Java 7 Update 10′” call uninstall /nointeractive
REM Create the check file so the script does not run again
echo Java Uninstalled on %date% by %username% > C:\java_log.txt
goto END
:END
exit
It could use some error checking and coudl be more elegant but on 1600 nodes, no failures….
Nice approach – I’m surprised you didn’t have more problems with it as WMI can break in Windows and prevent the uninstall from working correctly.
In saying that I used the same approach to uninstall Silverlight from my servers.
Regards,
Ivan
I tried this and it ran and it created a log, but didn’t uninstall anything, I just copy and pasted the txt to a .bat file, what am I missing? I’m trying to do this because I pushed a java 7 v 11 update out via sccm that was messed up somehow to a group of test computers and they all show as installed in add remove programs but if you click the java icon in CP its broken, and its broken in IE, so I think I fixed the push but since this is showing as installed I don’t think the new ones are taking, so I wanted to remove what I did and try it again.
Did you save the VBS file as well? Scroll up to the line that says:
uninstall_all_java.vbs and underneath it click on the link that says ‘show source’.
That file needs to be present for the script to work.
Make sure you delete the log file “\\server.contoso.com\hiddenshare$\JavaUninstall\Logs\Java_Uninstall_COMPUTERNAME.log” and run the script again.
Cheers,
Ivan
Thanks it worked for 32-bit Java.
I recieved an email recently asking why this script is not working on Windows 7 x64 machines. Put simply the script is not written to do so. The main reason for this is that Windows stores uninstall information in the registry in two separate locations, depending on the architecture of the application. These locations are:
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ – 32 bit installs on a 32 bit machine, and 64 bit installs on a 64 bit machine
* HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ – 32 bit installs on a 64 bit machine.
My suggestion was to modify the script (lines 56-62,146) and save the script as a second script. Not a pretty method at all but in a very short turnaround you can run two scripts. One script on ALL machines, and the second only on 64 Bit machines.
Hope it helps others,
Ivan
Great post. I’ve been looking for a while for an easy way to get rid of Java. You know what they say, “Java: Write once, infect everywhere.”