8 Replies Latest reply on Aug 20, 2015 11:11 AM by netadmin@medcompnet.com

    How to freeze Java version on a computer?

    netadmin@medcompnet.com

      We have several hundred computers, and one of those machines must not be upgraded above Java 1.6. I have the machine in its own targeting group- How do I stop future Java updates?

        • Re: How to freeze Java version on a computer?
          frgpugs

          If its in its own target group just do not approve any java updates for that target group

            • Re: How to freeze Java version on a computer?
              netadmin@medcompnet.com

              Sorry- I forgot to include this information: All critical updates are automatically applied to all groups- and the Java updates are usually critical. Is there a way to filter or prevent just updates that have to o with Java from installing on just one machine?

                • Re: How to freeze Java version on a computer?
                  frgpugs

                  No, its a definite downside to using the third party automatic publishing.  You will have to disable that or create a new OU with a download and notify GPO and then just manually update that PC and uncheck the box for Java.  Personally I dont like the second way because its way too easy to forget to remove that checkbox since out of hundreds of times you would update its way to easy to forget one time.

                   

                  If you mean critical updates get applied automatically by WSUS then Java is not included in that, only if you use the auto third party publishing.

                    • Re: How to freeze Java version on a computer?
                      netadmin@medcompnet.com

                      Thanks... So how/can I disable the third-party patching in PM but keep WSUS updates working on that computer? It's already in a target group, so I guess the real question is how to stop the third-party patches from installing on this machine?

                        • Re: How to freeze Java version on a computer?
                          frgpugs

                          The way patch manager works is you attach it over the top of your WSUS server and then patch manager also can import other catalogs for third party software like the solarwinds catalog which contains most of the available third party updates or the adobe catalogs.

                          When there is an update available in those catalogs WSUS will publish microsoft updates automatically but you have to publish any third party updates manually.

                          Then the updates can become available to approve for target groups if they are needed.

                          You select an update and approve it or not for any target group you have set up.

                          WSUS has the ability to auto approve critical updates.

                          Patch manager has recently gotten the same ability for third party updates but you have to have set it up to do so.  If you have not set up automatic publishing for third party updates then you dont have to worry about that.

                          As long as you dont approve an update for the target group you dont want to get updates it wont get the update.

                            • Re: How to freeze Java version on a computer?
                              netadmin@medcompnet.com

                              OK, thanks for the answer- Very helpful! I just started in this position and PM was already setup by the previous admin- that's why I am not fully versed in it (yet) . It sounds like I don't need to do anything except make sure that I exclude the target group for the computer I don't want to receive the third-party patches when I approve and publish them- I do recall seeing a window where you can make that distinction. Let me know if I am missing something. Thanks again for all your help!