This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Java 7 Update 51 - Populating the Exception Site List on upgrade deployment?

So Java 7u51 is out with a new feature, Exception Site List. This is stored in C:\Users\username\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites.

Any ideas on how to populate this for all users during the upgrade via Patch Manager? C:\Users\Public\AppData doesn't exist, so that's out...

Upcoming Exception Site List in 7u51 (Java Platform Group, Product Management blog)

Thanks

Parents
  • Because the whitelist is hosted in the %userprofile%, there's no way that Patch Manager can help, because the WUAgent won't have access to individual user profiles on a system.

    Perhaps the best way to approach this scenario is to create a single master whitelist on an Intranet Web server or file server, and copy that file to the local user profile using Group Policy and a Logon Script. This will ensure that a user has the current copy of the whitelist at each logon, and addresses the consideration that the contents of this file will change on a regular basis.

    Additional thought: It seems that the contents of this 'whitelist' are actually accessible by the end-user via the Java Control Panel. Which means, without implementing some sort of central-source refresh, individual users can override the security value of this feature at will ...  there might as well not even be such a feature since end-users won't really care as long as they can get to where they want to go.

Reply
  • Because the whitelist is hosted in the %userprofile%, there's no way that Patch Manager can help, because the WUAgent won't have access to individual user profiles on a system.

    Perhaps the best way to approach this scenario is to create a single master whitelist on an Intranet Web server or file server, and copy that file to the local user profile using Group Policy and a Logon Script. This will ensure that a user has the current copy of the whitelist at each logon, and addresses the consideration that the contents of this file will change on a regular basis.

    Additional thought: It seems that the contents of this 'whitelist' are actually accessible by the end-user via the Java Control Panel. Which means, without implementing some sort of central-source refresh, individual users can override the security value of this feature at will ...  there might as well not even be such a feature since end-users won't really care as long as they can get to where they want to go.

Children