Java: SCCM 2012 Deployment and Detection Methods

13

Most SCCM customers uses some kind of 3rd party tool or add-on (Like SCUP) when it comes to patch management of 3rd party tool, like adobe, java, etc. But what if you don’t have access to all these fancy tools?

This is a guide to how you can prepare, deploy and upgrade previous versions of Java using the Application model in System Center 2012 Configuration Manager.

Get the Source Files:

Download: http://java.com/en/download/manual.jsp

If you use a 64-bit version of Windows, you still need the 32-bit version. You should only use the 64-bit version if you plan to use the 64-bit version of Internet Explorer.

Extract Source Files to MSI:

  1. Launch the Windows Offline Installation executable (.exe) file.
  1. Navigate to LocalAppData folder (the user’s Application Data folder). The location of the LocalAppData folder differs for each Windows platform.
  2. Windows Vista, Windows 7 and Windows 8:
  3. C:\Users\<user>\AppData\LocalLow\Sun\Java\jre1.7.0_17
  4. C:\Users\<user>\AppData\LocalLow\Sun\Java\jre1.7.0_17_x64

Create the MST File

Next, we need to edit the MSI file to prevent the standard users from getting annoying popups by disabling auto update. This can be done by using Microsoft Orca (you should not save the changes directly in the MSI file, but create an mst file with the things you need to change).

We need to edit the following rows:

Property           Effect of the Property Default Value Custom Value
AUTOUPDATECHECK Prevent Auto Updates 1 0
IEEXPLORER Enable Java in Internet Explorer 0 1
JAVAUPDATE Prevent Auto Updates 1 0
JU Prevent Auto Updates 1 0
MOZILLA Enable Java in Plugin based browsers 0 1

Install command:

msiexec /i “jre1.7.0_17.msi” transforms=”jre1.7.0_17.mst” /q

Uninstall command:

msiexec /x {26A24AE4-039D-4CA4-87B4-2F83217017FF} /q

The numbers marked with bold is changing with every minor update, and represent the current version. 17017 = 17.0_17.

Detection Method

Setting Type    : Windows Installer

Product Code : {26A24AE4-039D-4CA4-87B4-2F83217017FF}

Upgrade previous versions

When you’re updating a previous version of Java using the new application model in Configuration Manager 2012, you can use application supersedence. When specifying the supersedence relationship for Java, I would recommend that you always select uninstall of the previous version as a best practice.

SNAGHTML1f5de7d3

That’s it. Happy patching…

+Ronni Pedersen

About Author

My name is Ronni Pedersen and I'm currently working as a Cloud Solution Architect at EG A/S in Denmark. My primary focus is Enterprise Client Management solutions, based on technologies like AzureAD, Intune, EMS and System Center Configuration Manager. I'm is also a Microsoft Certified Trainer and Microsoft MVP in Enterprise Mobility.

13 Comments

  1. A great guide on how to package Java runtime.
    But you have not mentioned anyhting regarding killing IE / FF.
    if those are up and running 30% chance of the installation going bad or corrupt.

    • This is a bit “dirty”, but it gets the job done 🙂

      @echo off

      taskkill /F /IM iexplorer.exe

      taskkill /F /IM iexplore.exe

      taskkill /F /IM firefox.exe

      taskkill /F /IM chrome.exe

      taskkill /F /IM javaw.exe

      taskkill /F /IM jqs.exe

      taskkill /F /IM jusched.exe

      REM Uninstall Java 7 Update 15

      msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217015FF} /qn /norestart

      REM Uninstall Java 7 Update 15×64

      msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F86417015FF} /qn /norestart

      REM Uninstall Java 7 Update 16

      msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217016FF} /qn /norestart

      REM Uninstall Java 7 Update 16×64

      msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F86417016FF} /qn /norestart

      REM Uninstall Java 7 Update 17

      msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217017FF} /qn /norestart

      REM Uninstall Java 7 Update 17×64

      msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F86417017FF} /qn /norestart

      REM Uninstall Java 7 Update 21

      msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217021FF} /qn /norestart

      REM Uninstall Java 7 Update 21×64

      msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F86417021FF} /qn /norestart

      REM Uninstall Java 7 Update 25

      msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F83217025FF} /qn /norestart

      REM Uninstall Java 7 Update 25×64

      msiexec.exe /X {26A24AE4-039D-4CA4-87B4-2F86417025FF} /qn /norestart

      REM Install JRE x86

      msiexec.exe /i “%~dp0jre1.7.0_40.msi” TRANSFORMS=”%~dp0java7u40.mst” ADDLOCAL=ALL IEXPLORER=1 REBOOT=Suppress JAVAUPDATE=0 JU=0 AUTOUPDATECHECK=0 JQS=0 SYSTRAY=0 EULA=0 WEBSTARTICON=0 /passive /norestart /l*v c:windowstempJava7x86.log

      regedit.exe /s “%~dp0DisableJavaAU_service_on_x64clients.reg”

      REM Return the exit code to SCCM

      exit /B %EXIT_CODE%

    • Ronald Perez on

      @ Sem, where do you add your script? how you run it during deployment.

      Can you please supply instructions (screenshots if possible).

      I apologies in advance for my ignorance but, I am new to SCCM 2012.

      @Ronni, where do you place the MST file? Network share, locally on the SCCM server, or Dist Point Server?

      Thank you in advance for your time and support.

  2. Hi

    Great guide… and the hack to make sure ie etc. isn’t running does the trick as well..
    there’s just 1 problem…
    Since we cannot control when java will be installed AND if we add the hack to kill browsers.. we might destroy a lot of stuff for the clients working on .. an online form, doing research etc etc etc. when we kill their browser..
    how do we avoid a lot of unhappy users losing their work?

  3. oh.. and I see my clients starting to report that they’re prompted in IE to enable or disable java ssv helper… we should handle this in the deployment as well..

  4. I’m almost spamming here…

    Found this:

    User Configuration/Administrative Templates/Windows Components/Internet Explorer/Security Features/Add-on Management

    Add-on List Enabled

    Add-on List
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 0
    {DBC80044-A445-435B-BC74-9C25C1C588A9} 0

    a GPO to disable ( 0 ) or enable ( 1 ) the java ssv helper that “pops up” in IE after installation.
    Seems strange that it cannot be handled in the installation.. but haven’t been able to find anything..

  5. Hi Ronni

    Is there any way to remove temporary internet files from java cache of all users, during older version of java removal?

    • You can always deploy the application using a wrapper like the PowerShell App Deployment Toolkit.
      That will allow you to run any command you need before or after a specific job.

  6. Ian Broadbent on

    I think a better SCCM detection method is to use the version of the java.exe file in “C:Program Files (x86)Javajre7bin” (on 64-bit Windows anyway).
    Then in the “Detection Rule” window, choose the “Version” property of the file and “Greater than or equal to” whatever version you are deploying (e.g. 7.0.670.1 for Java 7 u67).

    This has the benefit that the SCCM application will not deploy to a PC which been upgraded to a later Java version manually. Some developers are quick to upgrade Java on their PCs – it can be a while before an SCCM package for the latest Java version is created, tested and deployed.

    • Ian Broadbent on

      The detection method I described above will work for Java 7 but Java 8 has a separate folder for each version (e.g. C:Program Files(x86)Javajre1.8.0_45)

  7. Then how should we use the detection method for Java if we don’t want to have 7 installed on the machine that has 8u45? Even 8u31 has a separate install directory. What’s the best way to tackle this in a detection method can someone please explain?

Leave A Reply