How To Deploy Oracle/Sun Java Silently In a Corporate Environment with Group Policy in Active Directory OR Using a Script

After watching THIS video explaining that in 2010, Java was the most exploited product, I decided we need to update our Java to the current version.

We came up with two ways to deploy Java; one through a group policy (GP) in Active Directory (AD), two, through a script with minimal user interaction.


  1. Download the current OFFLINE version of Java from Oracle/SUN
  2. Run the Installer but don’t click anything (i.e. just start it so that it extracts the files for you)
  3. Go to C:\Users\%username%\AppData\LocalLow\Sun\Java\<newest folder>
  4. Copy that folders contents to place on the network all PC’s can see


  1. Start GROUP POLICY MANAGMENT CONSOLE and right click on the appropriate OU (or the domain root) and select CREATE A GPO IN THIS DOMAIN AND LINK IT HERE
  3. right click on SOFTWARE INSTALLATION and select NEW PACKAGE
  4. point to the shared location of the .MSI file (GP only supports .MSI files, not .EXE)
  5. I like to choose ADVANCED because I like to rename the policy to include the date, but you don’t have to
  6. Either wait a few hours for the new GP to drip through your network or run GPUPDATE /FORCE
  7. Reboot and watch the install
Group Policy Management Console New Software Installation Policy for Java
Group Policy Management Console New Software Installation Policy for Java


I will assume that you are running a real network and as such your users a locked down.  Restricted Users can not install software which means you need to elevate them using the following process.

Note that you need two scripts because RUNAS only supports .EXE’s (and we have an .MSI) and RUNAS does not support switches (I think)

  1. Create a new temporary user in Active Directory with minimal admin rights… just enough to install on local PC’s
  2. Copy the following script into a .CMD file, adjusting the paths and username (as is obvious)
    @runas /noprofile /user:yourdomain\yourtempuser “\\your-server\admin tools$\software\java6-25\install-java-silently.cmd”
  3. Copy the following script into a .CMD file, name that file install-java-silently.cmd and adjust paths where it is obivous
    “\\your-server\admin tools$\Software\java6-25\jre1.6.0_25.msi” /passive

The /PASSIVE will give your users only a status bar for the install.  If you want the install to be completely silent use /QUIET.

Email your staff a link to the first script; they will be prompted for the password and to approve the install then bingo bongo, its done!


You may find THIS link helpful if you have questions.


Train Signal Computer Training

Questions or Comments?