Welcome to Part 2 of my series of Deploying Java 7 JRE – Deep Dive!
Hopefully my first article, Deploying Java 7 JRE – Deep Dive! (Part 1) has helped you understand the history behind what Java have been doing over the past year and how all these changes will affect you. This part will cover the steps to successfully overcome the deployment of Java in an enterprise. So lets get into it!
Packaging Java 7 U 45 to deploy
The below steps are geared towards deploying the 32 bit (x86) version of Java. This version of java works on both Windows 7 32 bit and Windows 7 64 bit (and i’m sure it would work with Windows 8 and possibly XP too but have not tested).
The reason I only deploy the 32bit version to all my clients is because most of our applications are run through the web browser (Internet Explorer), of which we use 32 bit version due to compatibility issues with almost every business application available. Please have a clear understanding of what version you actually require as I notice a lot of people get confused. If in doubt 32bit version works almost always.
Download Package
Download the latest version of Java from Oracle website. The link to get it from is: http://www.oracle.com/technetwork/java/javase/downloads/index.html.
Click on the JRE Download link. This link will take you to the most current version available, currently Java 7 Update 45. The link currently points to http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html.
Here you download the version titled Windows x86 Offline with filename jre-7u45-windows-i586.exe.
Prepare Package
Using EXE installer
You can use the EXE boot strap installer directly without modifying it. Ultimately it will still run an MSI in the background but it also does install other components unless you specify specifically. I prefer the other solution but both work.
Using MSI installer
Double click on the EXE file you downloaded earlier and leave the installation window open. It should look like this:
Now while that window is still open open Windows Explorer and go to the below location and you will see the CAB and MSI files that are needed to deploy via GPO.
C:\Users\%username%\AppData\LocalLow\Sun\Java\
Copy these files to your distribution location (or your staging area).
I no longer create MST files as I have little need for this. We just use arguments when executing. If you are deploying via Group Policy you may want to create an MST file to customise specific configuration – This article provides the steps on doing this for an old version of Java, however it should still be accurate with Version 7.
Explaining the script
Below is the script we are using to deploy the latest update to new and existing computers. Our computers consist of Windows 7 32bit and Windows 7 64bit.
The script does the following in our environment. I have added comments below (and in the script) as to where you can easily deviate/modify to suit your situation:
-
- Stopping Java services is imperative to not requite a reboot of the machine before installing the latest version. For logged on users, we execute this script with a special program courtesy of CJWDEV that allows us to check if processes are running, and if so prompts the user to close them so an update can occur. If you do not want to warn users, you can simply run a Kill command for the processes that use Java.
The processes that I am aware of are:
java.exe, javaw.exe, javaws.exe, javacpl.exe, iexplore.exe, firefox.exe, chrome.exe
If you are only installing when a user is logged off, you can be pretty confident that none of these will be running. - Uninstall and clean-up all previous versions of Java 7. The method I use is to run repeated MSIEXEC uninstall commands for all specific GUIDS of Java version 7.
I have only included 32Bit versions as i know my environment does not have 64Bit versions.
I have not included version 6 as we don’t have any clients with Java 6 installed. This is optional but recommended. - We install Java using MSI and have no specific parameters to pass. I use verbose logging in the event a client has an issue deploying the app, I can use to troubleshoot it. I could have removed the Start Menu items through an MST file but suppose this will be more practical for future upgrades.
- We create two config files to prevent the new auto-updating solution from kicking in. Also additional configuration to reduce security settings. Below is a view of the output that the script produces.
%WinDir%\Sun\Java\Deployment\deployment.properties
12345deployment.javaws.autodownload=NEVERdeployment.javaws.autodownload.lockeddeployment.expiration.check.enabled=FALSEdeployment.security.level=MEDIUMdeployment.security.level.locked
%WinDir%\Sun\Java\Deployment\deployment.config
12deployment.system.config = file:\\C:\\Windows\\Sun\\Java\\Deployment\\deployment.propertiesdeployment.system.config.mandatory = true
- Stopping Java services is imperative to not requite a reboot of the machine before installing the latest version. For logged on users, we execute this script with a special program courtesy of CJWDEV that allows us to check if processes are running, and if so prompts the user to close them so an update can occur. If you do not want to warn users, you can simply run a Kill command for the processes that use Java.
The Script
Below is the script. There are many comments in there to help explain what each step is for, and where you can add your additional steps should you choose to.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
@Echo OFF REM ####################################################### REM AUTHOR: Ivan Dretvic REM BLOG: https://ivan.dretvic.com REM DATE CREATED: 01/11/2013 REM Deploy Java 7 to your Enterprise REM This script is optimised for 32 Bit versions of Java to be installed on either 32 or 64 bit REM operating systems. It can easily accommodate 64 bit versions of Java. REM ####################################################### REM ####################################################### REM SECTION 1 - CLEAN UP PC BEFORE INSTALLING JAVA (This section is not mandatory) REM ####################################################### Echo ------------------------------------------------------- Echo STOP PROCESSES Echo ------------------------------------------------------- REM Assuming that processes using Java are stopped before uninstalling existing versions of Java REM Common processes using Java: firefox.exe, iexplore.exe, chrome.exe, jusched.exe, jucheck.exe, java.exe, javacpl.exe Echo ------------------------------------------------------- Echo UNISTALL OLD JAVA Echo ------------------------------------------------------- REM Uninstall Java 7 Update 1 through to Update 40 (32 Bit only) start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217040FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U40.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217025FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U25.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217021FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U21.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217017FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U17.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217016FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U16.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217015FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U15.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217014FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U14.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217013FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U13.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217012FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U12.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217011FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U11.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217010FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U10.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217009FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U9.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217008FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U8.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217007FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U7.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217006FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U6.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217005FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U5.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217004FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U4.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217003FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U3.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217002FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U2.log start /wait msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217001FF} /qn REBOOT=ReallySuppress /L*V %temp%\SCCM_Uninstall_Java7U1.log REM An Alternative uninstall method is to use WMI however I find better success calling msiexec.exe in the past. REM For reference the commands are below (may require altering to suite product name) REM start /wait wmic product where "name like 'Java 7%%'" call uninstall /nointeractive REM start /wait wmic product where "name like 'Java(TM) 7%%'" call uninstall /nointeractive Echo ------------------------------------------------------- Echo CLEANING REGISTRY Echo ------------------------------------------------------- REM Removing known problem registry keys. I use the below line to set the variable of which reg.exe to use depending on OS architecture. REM Additional registry removal strings can be added here. @If Defined ProgramFiles(x86) (set "Reg32Path=%SystemRoot%\SysWOW64\reg.exe") Else (set "Reg32Path=%SystemRoot%\System32\reg.exe") %Reg32Path% DELETE HKLM\SOFTWARE\JavaSoft /va /f Echo ------------------------------------------------------- Echo CLEANING FILES\FOLDERS Echo ------------------------------------------------------- REM I use the below line to know where the jre7 folder lives based on OS architecture. REM Additional file removal strings can be added here. @If Defined ProgramFiles(x86) (set "JREPath=%ProgramFiles(x86)%") Else (set "JREPath=%ProgramFiles%") Del "%JREPath%\Java\jre7" /S /Q REM ####################################################### REM SECTION 2 - Install Java REM ####################################################### Echo ------------------------------------------------------- Echo Install Java using MSI parameters Echo ------------------------------------------------------- REM Install starts while using exact path of file (%dp0~) and export logs to %temp% directory. REM Because I use the extracted MSI file, JavaUpdater is not included by default, and it installs to Internet Explorer by default. start /wait msiexec.exe /i "%~dp0jre1.7.0_45.msi" /L*V %temp%\SCCM_Install_Java7U45.log /qn REBOOT=ReallySuppress Set EXIT_CODE=%ERRORLEVEL% REM ####################################################### REM SECTION 3 - Configure REM ####################################################### Echo ------------------------------------------------------- Echo DELETE START MENU ITEMS Echo ------------------------------------------------------- RD /s /q "%ProgramData%\Microsoft\Windows\Start Menu\Programs\Java" Echo ------------------------------------------------------- Echo CREATE CONFIG FILES Echo ------------------------------------------------------- REM Two files are required to configure system wide settings of Java. We overwrite these files every time we install Java. REM JavaConfig tells java where the config file lives. JavaProp holds the deployment configuration. Set JavaConfig="%windir%\Sun\Java\Deployment\deployment.config" Set JavaProp="%windir%\Sun\Java\Deployment\deployment.properties" REM Create the directory structre required to store files. If Not Exist "%windir%\Sun" MD "%windir%\Sun" If Not Exist "%windir%\Sun\Java" MD "%windir%\Sun\Java" If Not Exist "%windir%\Sun\Java\Deployment" MD "%windir%\Sun\Java\Deployment" REM Create the deployment.config file with required information. You can add/remove settings as you please. Echo deployment.system.config = file:\\%SystemDrive%\\Windows\\Sun\\Java\\Deployment\\deployment.properties>%JavaConfig% Echo deployment.system.config.mandatory = true>>%JavaConfig% REM Create the deployment.properties file with required information. You can add/remove settings as you please. Echo deployment.javaws.autodownload=NEVER>%JavaProp% Echo deployment.javaws.autodownload.locked>>%JavaProp% Echo deployment.expiration.check.enabled=FALSE>>%JavaProp% Echo deployment.security.level=MEDIUM>>%JavaProp% Echo Exit Code is: %EXIT_CODE% Exit /B %EXIT_CODE% |
How to run the Script
We use this script in our SCCM 2012 environment (application – not a package) both as a mandatory deployment to machines and an available application to users. Our configuration checks the client if the application is installed (Using MSI GUID as reference) and if its not, it runs the script.
Running this script as a GPO start-up script is possible, so long as you include a check at the beginning to see if the software is already installed. A smart way to do this is to run java.exe -version, parse the results and if they result to being the current version, then skip install. A crude way to do this is to assume that every installation is successful, and write a file to a location on the system drive called Java7U45_installed.txt at the end of the script. Then simply do a check at the start of the script to see if this file exists, if not then proceed, otherwise go to end.
Running this script using Kace/Alteris/PDQ Deploy should also work without problems so long as the client can execute the script, and have access to all the files within the same location as the script. If you wanted to use the Process Prompt tool for checking that the process has been closed, you will need to make sure your tool can run the deployment interactively with the logged on user.
Stopping Processes
The method that I use to make sure processes are stopped is with a wonderful piece of software written by CJWDEV.
It allows me to simply enter the process names that i want to monitor, a description and a timeout for how long to ask a user (there are lots more settings to play with). With all this information I can push an interactive mandatory deployment using SCCM 2012 (System Center Configuration Manager 2012) and be sure that Java will successfully deploy.
Keep an eye out – an article on this will be coming shortly.
Conclusion
Hopefully this has allowed you to configure and deploy Java 7 Update 45 to your end users successfully. I cant stress enough how much you need to test this solution before rolling it out. Testing is very important.
As with always, feel free to post up your comments.
References:
Below are references that I passed along when writing this article series. To better understand this topic i suggest you start by researching the below links.
- Java SE Runtime Environment 7 Downloads
http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html - Java SE 7 Downloads (PREVIOUS VERSIONS)
http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html - Deployment Rule Set
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/deployment_rules.html - Security Dialogs
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/securityDialogs.html - Setting the Security Level of the Java Client
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html - Deployment Configuration File and Properties
http://docs.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/properties.html - Who hates Java? (how to remove all Java installations on your Network)
https://ivan.dretvic.com/2011/02/who-hates-java-how-to-remove-all-java-installations-on-your-network/ - How to package and deploy Java JRE 1.6.0_26 via Group Policy
https://ivan.dretvic.com/2011/06/how-to-package-and-deploy-java-jre-1-6-0_26-via-group-policy/ - Defeat the new Oracle Java Runtime(JRE) 1.7 update notification mechanism
http://p0w3rsh3ll.wordpress.com/2013/06/25/defeat-the-new-oracle-java-runtimejre-1-7-update-notification-mechanism/ - How is everyone addressing the forced Java dialog “Java Update Needed – Your Java Version is insecure”
http://www.symantec.com/connect/forums/how-everyone-addressing-forced-java-dialog-java-update-needed-your-java-version-insecure - Disable the Java 7 “Java Update Needed” Popup (Part 1)
http://trekker.net/archives/disable-the-java-7-java-update-needed-popup-part-1/ - Java 7 Release Highlights
http://java.com/en/download/faq/release_changes.xml - How do I arrange a silent (unattended) Java installation?
http://java.com/en/download/help/silent_install.xml - JRE Installer Options
http://docs.oracle.com/javase/7/docs/webnotes/install/windows/jre-installer-options.html - Oracle JAVA Version: 7
http://www.itninja.com/software/oracle/java-2/7-552