Scribd Logo
Upload

Welcome to Scribd!

  • 319 views

    Centralized Management of Java Exception Site List

    Uploaded by

    Amit Shukla
    This document discusses centralized management of Java exceptions across an organization using Group Policy. It provides steps to create a WMI filter for computers with Java 7 installed, place an exceptions file on the domain sysvol share, and deploy that file to each user's profile using Group Policy. The exceptions file lists URLs of unsigned applets that should be allowed to run. This centralized approach ensures all clients have a consistent set of exceptions without users adding their own.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Centralized Management of Java Exception Site List

    Uploaded by

    Amit Shukla
    319 views7 pages
    This document discusses centralized management of Java exceptions across an organization using Group Policy. It provides steps to create a WMI filter for computers with Java 7 installed, place an exceptions file on the domain sysvol share, and deploy that file to each user's profile using Group Policy. The exceptions file lists URLs of unsigned applets that should be allowed to run. This centralized approach ensures all clients have a consistent set of exceptions without users adding their own.

    Original Description:

    Technical document how to configure java.

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses centralized management of Java exceptions across an organization using Group Policy. It provides steps to create a WMI filter for computers with Java 7 installed, place an exceptions file on the domain sysvol share, and deploy that file to each user's profile using Group Policy. The exceptions file lists URLs of unsigned applets that should be allowed to run. This centralized approach ensures all clients have a consistent set of exceptions without users adding their own.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    319 views7 pages

    Centralized Management of Java Exception Site List

    Uploaded by

    Amit Shukla
    This document discusses centralized management of Java exceptions across an organization using Group Policy. It provides steps to create a WMI filter for computers with Java 7 installed, place an exceptions file on the domain sysvol share, and deploy that file to each user's profile using Group Policy. The exceptions file lists URLs of unsigned applets that should be allowed to run. This centralized approach ensures all clients have a consistent set of exceptions without users adding their own.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 7

    Centralized management of Java Exception

    Site List Simple version


    Recently weve started to update Java in our environment to
    version 7.1 update 67 but then we realized that there is a
    little issue with this update Java plugin wont run unsigned
    applets anymore. Instead it displays the message Application
    blocked by security settings and you cant do anything to
    bypass it.
    Of course the best method would be to get working, digitally
    signed applet version, but unfortunately in most cases it not
    up to us.
    Second way, which I followed is to create a centralized
    Exception Site List for all Java installed clients. And this seems
    to be working just fine. Only problem here is that users wont
    be able to add any permanent exceptions on their own
    anymore.

    So, our goal here is to create single exceptions list which is


    deployed to all computers with Java installed.
    There are two options to achieve it:
    Deployment per user: File exception.sites has to be copied
    to the profile directory of each user located under:
    Windows XP %APPDATA%\Sun\Java\Deployment\security
    Windows 7 %USERPROFILE
    %\AppData\LocalLow\Sun\Java\Deployment\security

    Deployment for all users: File exception.sites has to be


    defined by declaring its path in the %windir
    %\Sun\Java\Deployment\deployment.properties.
    Example: deployment.user.security.exception.sites=C:/Win
    dows/Sun/Java/Deployment/exception.sites
    We gonna deploy exception.sites to each user using Group
    Policies. First of all we have to create a WMI filter so we can
    apply policy only to computers with Java 7 installed.
    Step 1: Open up Group Policy Management Console and go to
    WMI Filters, right click, create a new one, type in a name and
    following query:

    SELECT * FROM win32_Directory WHERE (name="c:\\Program Files\\Java\\jre7" OR


    name="c:\\Program Files (x86)\\Java\\jre7")

    Be aware of that this query points only to Java 7 installation on


    default system drive C. If any of these differs in your

    environment,

    adjust

    this

    query

    to

    make

    it

    work.

    Step 2: Open up Sysvol fileshare for your domain:


    \\contoso.com\sysvol\contoso.com (replace contoso.com with
    your domain name) and create new directory called for
    example JavaPolicy. Inside this directory create new file
    named exception.sites this file will contain your domain-wide
    exceptions. Heres sample content:

    As you can see above one URL address per line. As simple as
    that.

    Step 3: In GPMC create new group policy linked to selected OU


    (might be just under the domain so it applies to all OUs) and set
    its WMI Filtering to use filter created in Step 1.

    Step 4: Now when our new policy applies to all computers with
    Java 7 installed, we have to make sure our exception.sites file is
    copied to all userprofiles on that PCs. Edit your policy and go to
    the following setting:
    User -> Configuration -> Preferences ->Windows Settings ->
    Files -> Create new file

    Action: Replace (we want to make sure file is being


    updated every time, if we would select Update option it
    will only update attributes of the file, not contents which is
    actually more important for us).

    Source
    files(s): \\contoso.com\sysvol\contoso.com\JavaPolicy\exc
    eption.sites (Path to file we created in Step 2)
    Destination
    File: %USERPROFILE
    %\AppData\LocalLow\Sun\Java\Deployment\security\except
    ion.sites
    Common Tab -> Mark Run in logged-on userss security
    context (user policy option)
    Click OK to save the policy. At the end your policy should look
    like that:

    Step 5: Run gpupdate /force on any computer, log off, log on


    and then open up Control Panel -> java and check if exceptions
    from your centrally managed file appeared.
    I hope this article will help you managing Java in domain

    environment!
    If you need details on deploying
    exceptions file for All Users profile (second method) please
    leave a comment, Ill try to describe that in spare time.
    07.05.2015 Update! Since theres already version 8 of java I
    tried to use same policy for both java 7 and 8 at the same
    time and it works just fine! One thing I had to do it is change

    WMI filter you can either change (Step1) jre7 to jre8 or just
    like I did remove jre7 and stick to Program Files\Java
    therefore policy will apply to all versions of java.

    You might also like