• State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 22 subscribers
  • Views 7172 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Java 7 Update 51 - Populating the Exception Site List on upgrade deployment?

patchitnow

So Java 7u51 is out with a new feature, Exception Site List. This is stored in C:\Users\username\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites.

Any ideas on how to populate this for all users during the upgrade via Patch Manager? C:\Users\Public\AppData doesn't exist, so that's out...

Upcoming Exception Site List in 7u51 (Java Platform Group, Product Management blog)

Thanks

Parents
  • 0

    Because the whitelist is hosted in the %userprofile%, there's no way that Patch Manager can help, because the WUAgent won't have access to individual user profiles on a system.

    Perhaps the best way to approach this scenario is to create a single master whitelist on an Intranet Web server or file server, and copy that file to the local user profile using Group Policy and a Logon Script. This will ensure that a user has the current copy of the whitelist at each logon, and addresses the consideration that the contents of this file will change on a regular basis.

    Additional thought: It seems that the contents of this 'whitelist' are actually accessible by the end-user via the Java Control Panel. Which means, without implementing some sort of central-source refresh, individual users can override the security value of this feature at will ...  there might as well not even be such a feature since end-users won't really care as long as they can get to where they want to go.

  • 0 in reply to LGarvin

    The issue I see with the GPO approach is that users will no longer have control of their whitelist. I will not necessarily know all  URLs that need an exception for the enterprise.

    Thanks

Reply Children
  • 0 in reply to patchitnow

    The issue I see with the GPO approach is that users will no longer have control of their whitelist.

    Well.. that's a decision that you have to make.

    Do you want centralized control (which is the implication of your original question) or do you want the user's to have individual control.

    You can't have both. :-)

    Well, actually, you can, if the end-user can always overwrite the centralized file by loading up the Java Control Panel.

  • 0 in reply to LGarvin

    I was wondering if a file could be included as part of the upgrade (the file/directory doesn’t exist prior to users having this version) which would provide a “starting point” for the exceptions list. There are only a few known exceptions at this point.

    Can PackageBoot be used to copy a file to a path that includes a wildcard?

    C:\Users\*\AppData\LocalLow\Sun\Java\etc…

    Thanks

  • 0 in reply to patchitnow

    Can PackageBoot be used to copy a file to a path that includes a wildcard?

    C:\Users\*\AppData\LocalLow\Sun\Java\etc…

    No, it cannot

    But *maybe* you could invoke a PowerShell script that would run a FOREACH $profile IN C:\Users.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.