Next, change the JAVAUPDATE property from 1 to 0 to prevent Jusched.exe from running at startup for all users. Lastly, I recommend you also change the SYSTRAY property from 1 to 0 to prevent JRE from displaying an icon in the system tray, but this is optional. Each updated property value is outlined with a green border.
After making these changes, choose Transform, then Generate Transform from the Orca menu to create the .mst file. Browse to the C:\JavaDeployment directory, enter a filename (e.g., jre1.6.0_06.mst), and click Save. This will change Orca's title bar text to reflect the transform file's name. Close Orca.
Finally, copy the JRE .msi file and the transform file (jre1.6.0_06.msi and jre1.6.0_06.mst in this example) to a central location that's accessible to the computers that will be installing the software. If you've used GPO software distribution before, you probably already have a location set up. If not, create a share and grant the Domain Computers group read access to the files.
Step 4: Create or Update a GPO to Install JRE
To install JRE, you can either create a GPO or update an existing one. For this example, create a new GPO named Install JRE and link it to the organizational unit (OU) where you want to install JRE. (If you're unfamiliar with how to create GPOs, see the Learning Path for a link to information about this topic.) Edit the GPO and navigate to Computer Configuration/Software Settings/Software installation. Right-click the Software installation node and choose New, then Package. Browse to your software distribution share, find the JRE .msi file, and click Open. Make sure that you browse to the package's location using a Universal Naming Convention (UNC) path, not a drive letter. When the GPO console prompts you for the deployment method, select Advanced, then click OK:
The GPO console will display a properties dialog box for the package. Select the Modifications tab and click the Add button to add a transform file to the package. Browse to your software distribution share and select the transform file you just created. The pathname to this file will appear in the dialog box. Finally, click OK to save your changes to the GPO. After saving the changes, the package name, version, and filename will appear in the GPO console. After the package is assigned in the GPO, Group Policy will automatically install the package onto the computers after you reboot them.
Step 5: Implement a Custom Registry Policy to Hide the Update Tab
After installing JRE, the HKLM\Software\JavaSoft\Java Update\Policy registry subkey contains a REG_DWORD value called EnableJavaUpdate. If this value is set to 1, the Update tab is visible. If it's set to 0, the update tab is hidden. After the JRE installation completes, the EnableJavaUpdate value is always set to 1. I tried setting this value to 0 by adding a row to the Registry table in the transform file, but this technique didn't work due to how Sun builds the JRE database. To solve this problem, I wrote a custom GPO administrative template (.adm) file named JavaUpdate.adm, which you can download by clicking the Download the Code Here button at the top of the page. The JavaUpdate.adm template lets you configure the EnableJavaUpdate registry value by enabling or disabling the setting from a GPO.
To add this template to the GPO you created in Step 4, navigate to Computer Configuration/Administrative Templates. Right-click the Administrative Templates node and choose Add/Remove Templates. Next, click the Add button to browse to the JavaUpdate.adm file and click Open. The JavaUpdate template will appear in the list. Click Close. You'll see the Sun Java JRE node in the left pane of the GPO console.
Because the JavaUpdate.adm template updates a registry value outside the standard policy subkey locations, the GPO console won't display its settings by default. To remedy this, click View, then Filtering from the GPO console's menu bar. Uncheck the Only show policy settings that can be fully managed check box and click OK:
Next, navigate to Computer Configuration/Administrative Templates/Sun Java JRE in the GPO console. This will display the Java Update setting in the right pane. The setting default is Enabled, so double-click the Java Update setting and select Disabled, then click OK:
If you're using Windows Server 2008 or Windows Vista to manage your Group Policy templates, you can convert the JavaUpdate.adm file to an ADMX template file. For more information about ADMX templates, see Darren Mar-Elia's article "Windows Vista and Server 2008 Group Policy Enhancements."
If you find that the EnableJavaUpdate registry value doesn't change from 1 to 0, even after a Group Policy refresh cycle or a reboot, you'll need to modify another Group Policy setting to enforce the change. To make this change, edit the GPO you created in Step 4 and navigate to Computer Configuration/Administrative Templates/System/Group Policy. Double-click the Registry policy processing setting, set it to Enabled, select the Process even if the Group Policy objects have not changed option, then click OK.
A Simple But Effective Solution
With the five-step solution I just described, you can use a GPO deploy the latest JRE with its automatic update feature disabled. And this GPO even hides JRE's Update tab.
)
Register
Thank you for posting this article. I have gone through these settings on my network but when PCs or Servers are rebooting they are stuck at applying setting and then " installing managed java update 11" before letting me log in again.
Could you tell me if there is some thing wrong.
shaz408 January 22, 2009 (Article Rating: