Manage Java JRE using Group Policy
Manage Java Control Panel Applet and the Java JRE using Group Policy
Ah, Java. You love it, you hate it.
You know you need it, but don’t know how you can manage it for all the computers in your enterprise.
Thank goodness for PolicyPak.
PolicyPak has a pre-configured pak for Java JRE which makes configuring the Java client on your desktops super duper easy.
You want to prevent it updating on a collection of users? Bam! Done.
Need to set security options for one group of users different than another group (users vs. developers)? That’s Cake!
Check out this video to see how it’s done:
There’s simply no way to manage Java the way your enterprise needs in a controlled way.
Our PolicyPak software snaps-in to the Group Policy Editor and mimics the user interface of the Java Applet itself. You can set key settings (like disabling Java from updating), like what is seen here:
'))
You can ensure that the Java Console doesn’t start, like what is seen here:
'))
Or ensure your users don’t download the JRE / Auto-Download, like what’s seen here:
'))
Right now, you’ve got sand through your fingers – everyone is on their own and you’ve got no way to manage them correctly. With PolicyPak, you’ve got the problem bottled up, and you’re in charge.
Besides, once you’re using PolicyPak to manage Java JRE, you’ll also get to manage all your other enterprise desktop applications the same way:Flash, WinZip, Firefox, and any custom applications you have. They’re 100% included – absolutely free.
It’s all included when you’re a PolicyPak Professional customer.
PolicyPak was designed by Group Policy MVP Jeremy Moskowitz – who “wrote the book” on Group Policy, runs GPanswers.com, and lives and breathes Group Policy and enterprise software deployments and desktop lockdown.
When you’re ready to get serious about managing the Java applet and the JRE today, PolicyPak is ready for you. Unless you want your users to continue to see this.
'))
Manage Java JRE with Group Policy Video Transcript
Hi, this is Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software.In this demonstration, we’re going to learn about how to configure the Java Control Panel applet and JRE using PolicyPak and Group Policy.
Let’s take a lookat the average user experience here with Java. If they go to “Control Panel” and type in “java” here, it’s a confusing nest of possibilities and updates for them. I know the first thing you probably want to do is to turn off update. Wouldn’t it be great if that “Update” tab would just magically go away? We’ll go ahead and see how to do that in just a minute.
Also some other settings that you probably want to make more secure like “Advanced” here and if we take a look at the “Java console,” a lot of times you probably want to set this up to “Do not start console.” Or when it comes to the “JRE Auto-Download,” you want to force it so that it’s“Never Auto-Download.” So these are the kinds of things that you’ll be able to do using PolicyPak.
Let’s go ahead and see how easy it is to do. What we’ll do here is first and foremost you’ll download the PreConfigured PolicyPaks from PolicyPak Software. Then there’s the “Java JRE.” As we’ve done in other demonstrations, you’re going to copy the PreCompiled PolicyPakDLL, which is the “pp-java.dll.” You’re going to just copy that over to your “C:\Program Files\PolicyPak\Extensions” folder.
Once that’s all done, it’s as simple as copying a file. We’ll “Create a GPO in this domain, and link it here…” to our East Sales. We’ll call this “Lock down Java.” We’ll right click, go to “Edit” here. Like other PolicyPaks, you just dive down under “PolicyPak/Applications/New/Application,” and there’s PolicyPak for Java Control Panel.”
Let’s go ahead and click that guy. This one doesn’t look quite as nice as it could, but we’re working on it all the time. So all the features and functionality of the Java Control Panel applet are here, and we’re working on making this even better. Let’s go right for the jugular. Let’s go right for “Updates” and uncheck the “Check for updates automatically” panel. Once we do that, well, we’ll see what happens. Go ahead and click that.
The next thing we’re going to want to do is click over in “Advanced.” We don’t want to start the console here, that’s what we said before, so let’s check “Do not start console.” Then if we click over on “Advanced 2,” we want to “Never Auto-Download” the Java JRE. So we’re making three changes. Go ahead and click “OK” here.
We’ll go back to this machine. It doesn’t matter who I’m logged in as. I’m logged in as some regular user here. We’ll run GPUpdate. We’ll wait for this to update real fast. Now by the way, of course, the user could be logging in for the first time, or they could be changing job roles or anything like that.
We’ll go ahead and click on “Java” here. See what happens? Hey, look at that, no more “Updates” tab. Now Java will not update, which is probably exactly what you’re after. If we click on “Advanced” and we click on the “Java console” here, it was set to “Hide” or “Show,” I can’t remember. It’s definitely now set to “Do not start console.” If we were to go to the “JRE Auto-Download,” it’s now set to “Never Auto-Download.”
If a user decides they want to do something they shouldn’t do and they try to work around our settings and click “Apply,” the very next time they log on here or Group Policy is refreshed in the background or they change job roles, anything like that, Group Policy is always working to enforce those settings for us.
There we go. We’ll go ahead and click on “Java” again, and we’ll check those settings out. Of course, “Updates” is gone. Go back to “Java console,” that’s changed back. Go back to “JRE Auto-Download,” that’s all fixed again as well.
That’s it. So when you’re ready to manage your Java across your enterprise, PolicyPakis the way to do it. Happy locking things down, and we’ll talk to you soon.
