After watching THIS video explaining that in 2010, Java was the most exploited product, I decided we need to update our Java to the current version.
We came up with two ways to deploy Java; one through a group policy (GP) in Active Directory (AD), two, through a script with minimal user interaction.
- Download the current OFFLINE version of Java from Oracle/SUN
- Run the Installer but don’t click anything (i.e. just start it so that it extracts the files for you)
- Go to C:\Users\%username%\AppData\LocalLow\Sun\Java\<newest folder>
- Copy that folders contents to place on the network all PC’s can see
ACTIVE DIRECTORY METHOD:
- Start GROUP POLICY MANAGMENT CONSOLE and right click on the appropriate OU (or the domain root) and select CREATE A GPO IN THIS DOMAIN AND LINK IT HERE
- Drill into COMPUTER CONFIGURATION, POLICIES, SOFTWARE SETTINGS
- right click on SOFTWARE INSTALLATION and select NEW PACKAGE
- point to the shared location of the .MSI file (GP only supports .MSI files, not .EXE)
- I like to choose ADVANCED because I like to rename the policy to include the date, but you don’t have to
- Either wait a few hours for the new GP to drip through your network or run GPUPDATE /FORCE
- Reboot and watch the install
I will assume that you are running a real network and as such your users a locked down. Restricted Users can not install software which means you need to elevate them using the following process.
Note that you need two scripts because RUNAS only supports .EXE’s (and we have an .MSI) and RUNAS does not support switches (I think)
- Create a new temporary user in Active Directory with minimal admin rights… just enough to install on local PC’s
- Copy the following script into a .CMD file, adjusting the paths and username (as is obvious)
@runas /noprofile /user:yourdomain\yourtempuser “\\your-server\admin tools$\software\java6-25\install-java-silently.cmd”
- Copy the following script into a .CMD file, name that file install-java-silently.cmd and adjust paths where it is obivous
“\\your-server\admin tools$\Software\java6-25\jre1.6.0_25.msi” /passive
The /PASSIVE will give your users only a status bar for the install. If you want the install to be completely silent use /QUIET.
Email your staff a link to the first script; they will be prompted for the password and to approve the install then bingo bongo, its done!
You may find THIS link helpful if you have questions.