2 Replies Latest reply on Oct 28, 2014 11:17 AM by chrisl

    Java 8u25 Security Setting

    chrisl

      We are using patch manager in conjunction with ConfigMgr 2007 to deploy Java updates.  As I just found out that Java 8 does not have the option to change the setting to Medium.  But it has an "Exception Site List" that we can add sites to allowed to run.

      Solarwind.JPG

      Is there a way to add site lists as part of that Java 8 package in patch manager?

       

      Thanks for your time.

        • Re: Java 8u25 Security Setting
          KMSigma

          On my system, the site exception file is stored at %UserProfile%\AppData\LocalLow\Sun\Java\Deployment\security in the exception.sites file.  Because this is within the "user profile," you would probably need to have an edited file deployed to the "Default User" folder and all existing user profile folders. This is not the idea solution.

           

          However, in the Deployment Configuration Properties page on the Java site, there is a procedure to force settings like this system-wide.

           

          Using those documents, I tested a few things on my machine*. From those documents, it looks like you could change a few things to make these setting "mandatory" for all by copying and editing your deployment.config file to %WINDIR%\Sun\Java\Deployment\deployment.config which identifies a different file for the exception sites.

           

          Here's the contents of my %WINDIR%\Sun\Java\Deployment\deployment.config file:

          #deployment.properties
          #Tue Oct 28 08:56:55 CDT 2014
          deployment.modified.timestamp=1414504615707
          deployment.version=8
          install.disable.sponsor.offers=true
          deployment.browser.path=C\:\\Program Files\\Internet Explorer\\iexplore.exe
          #Java Deployment jre's
          #Tue Oct 28 08:56:55 CDT 2014
          deployment.javaws.jre.0.registered=true
          deployment.javaws.jre.0.platform=1.8
          deployment.javaws.jre.0.osname=Windows
          deployment.javaws.jre.0.path=C\:\\Program Files (x86)\\Java\\jre1.8.0_25\\bin\\javaw.exe
          deployment.javaws.jre.0.product=1.8.0_25
          deployment.javaws.jre.0.osarch=x86
          deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
          deployment.javaws.jre.0.enabled=true
          deployment.javaws.jre.0.args=
          deployment.user.security.exception.sites=C\:\\Program Files (x86)\\Java\\jre1.8.0_25\\lib\\security\\exception.sites

          The last line was added so that the environment looks for the exception.sites file within the installer location. This can be anywhere. You can even point it to the same location as the deployment.properties file.

           

          Here's the contents of my "C:\Program Files (x86)\Java\jre1.8.0_25\lib\security\exception.sites" file:

          https://thwack.solarwinds.com/
          http://dnd.kmsigma.com/
          http://wedding.kmsgima.com/
          http://blog.kmsigma.com/

          All four of these entries were new.

           

          I renamed the original files from %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties and %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites to %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties.orig and %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites.orig respectively.     I then launched the Java Configuration program again and it has my new entries.  Note that if you run the Java Control Panel as an Administrator, you can edit these entries, but you cannot if you run as a regular user.

           

          JavaSecuritySettings.png

           

          * This has just been tested on one machine and your mileage may vary.