Windows Group Policy: Block Java Auto-Updates
This procedure will setup a group policy object (GPO) to prevent Java auto-updates from running on workstations.
First, create WMI filters for 32-bit and 64-bit systems through the Group Policy Management Console.
Create a 64-bit WMI filter:
1. Right-click on WMI Filters and select the option to create a new filter. Call it "64-bit OS" or some other convenient name.
2. Click the button to add a query. Browse to the location "root\CIMv2."
3. In the query field, enter the following:
SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth ='64'
4. Save the filter.
Create a 32-bit WMI filter:
1. Right-click on WMI Filters and select the option to create a new filter. Call it "32-bit OS" or some other convenient name.
2. Click the button to add a query. Browse to the location "root\CIMv2."
3. In the query field, enter the following:
SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth ='32'
4. Save the filter.
Second, create the GPOs and link the WMI filters to them.
Create a GPO for 32-bit Java on a 64-bit operating system:
1. Create a GPO and link it to the desired Active Directory Organizational Unit. Give it a convenient name such as "Block Java Auto-Update, 64-bit OS."
2. Drill-down through Computer Configuration > Preferences > Windows Settings > Registry.
3. Right-click Registry to create a new Registry Item.
4. Set Action = Update.
5. Set Hive = HKEY_LOCAL_MACHINE.
6. Click the three dots next to Key Path. In the top portion of the window that appears,
drill down to and select HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy.
7. In the lower portion of the window, select EnableJavaUpdate and click OK.
8. Verify that the type is REG_DWORD.
9. Set the Value Data to 00000000 in hexadecimal format and click OK.
10. Close the Group Policy Management Editor.
11. Back in the general properties of the GPO, set the WMI option to the 64-bit filter that you created earlier in this tip.
Create a GPO for 32-bit Java on a 32-bit operating system:
1-5. Use the same procedure as above (for the 64-bit OS) for steps 1-5, though giving the GPO a name that reflects the 32-bit OS, such as "Block Java Auto-Update, 32-bit OS."
6. Click the three dots next to Key Path. In the top portion of the window that appears,
drill down to and select HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy.
7-10. Use the same procedure as above (for the 32-bit OS) for steps 7-10.
11. Back in the general properties of the GPO, set the WMI option to the 32-bit filter that you created earlier in this tip.
Once you've created the GPO and WMI objects and worktstations have had a chance to pick up the new policy, Java auto-update will no longer run and the option to do so will even be removed from the Java control panel applet.
Updates will need to be manually installed.
0 commenti:
Post a Comment
Give me you feedback!