We are using patch manager in conjunction with ConfigMgr 2007 to deploy Java updates. As I just found out that Java 8 does not have the option to change the setting to Medium. But it has an "Exception Site List" that we can add sites to allowed to run.
Is there a way to add site lists as part of that Java 8 package in patch manager?
Thanks for your time.
On my system, the site exception file is stored at %UserProfile%\AppData\LocalLow\Sun\Java\Deployment\security in the exception.sites file. Because this is within the "user profile," you would probably need to have an edited file deployed to the "Default User" folder and all existing user profile folders. This is not the idea solution.
However, in the Deployment Configuration Properties page on the Java site, there is a procedure to force settings like this system-wide.
Using those documents, I tested a few things on my machine*. From those documents, it looks like you could change a few things to make these setting "mandatory" for all by copying and editing your deployment.config file to %WINDIR%\Sun\Java\Deployment\deployment.config which identifies a different file for the exception sites.
Here's the contents of my %WINDIR%\Sun\Java\Deployment\deployment.config file:
#deployment.properties #Tue Oct 28 08:56:55 CDT 2014 deployment.modified.timestamp=1414504615707 deployment.version=8 install.disable.sponsor.offers=true deployment.browser.path=C\:\\Program Files\\Internet Explorer\\iexplore.exe #Java Deployment jre's #Tue Oct 28 08:56:55 CDT 2014 deployment.javaws.jre.0.registered=true deployment.javaws.jre.0.platform=1.8 deployment.javaws.jre.0.osname=Windows deployment.javaws.jre.0.path=C\:\\Program Files (x86)\\Java\\jre1.8.0_25\\bin\\javaw.exe deployment.javaws.jre.0.product=1.8.0_25 deployment.javaws.jre.0.osarch=x86 deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se deployment.javaws.jre.0.enabled=true deployment.javaws.jre.0.args= deployment.user.security.exception.sites=C\:\\Program Files (x86)\\Java\\jre1.8.0_25\\lib\\security\\exception.sites
The last line was added so that the environment looks for the exception.sites file within the installer location. This can be anywhere. You can even point it to the same location as the deployment.properties file.
Here's the contents of my "C:\Program Files (x86)\Java\jre1.8.0_25\lib\security\exception.sites" file:
https://thwack.solarwinds.com/ http://dnd.kmsigma.com/ http://wedding.kmsgima.com/ http://blog.kmsigma.com/
All four of these entries were new.
I renamed the original files from %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties and %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites to %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties.orig and %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites.orig respectively. I then launched the Java Configuration program again and it has my new entries. Note that if you run the Java Control Panel as an Administrator, you can edit these entries, but you cannot if you run as a regular user.
* This has just been tested on one machine and your mileage may vary.
