Java

Java Silent Update Part 4 – The Deployment with Script

Last week, I described how to deploy Java via Group Policy.  When this isn’t an option, you will be turning to a deployment program / service or scripting.  In this point, I will go into details on how to script this deployment from a location that is accessible on your network.  Please take this advice and make it your own and fit it to your design needs.

After deciding what works best for you environment, you will be able to put everything together. We created a filed called INSTALL.CMD and used this for the task. We then combined the commands from previous posts into this file in the following configuration:

@echo off

taskkill /F /IM iexplorer.exe

taskkill /F /IM iexplore.exe

taskkill /F /IM firefox.exe

taskkill /F /IM chrome.exe

taskkill /F /IM javaw.exe

taskkill /F /IM jqs.exe

taskkill /F /IM jusched.exe

REM Uninstall Java

wmic product where "name like 'java%% 6%%'" call uninstall /nointeractive

wmic product where "name like 'java%% 7%%'" call uninstall /nointeractive

wmic product where "name like 'java%% 8%%'" call uninstall /nointeractive

REM Install JRE x86

msiexec.exe /QN /i "\\server\share\Java\jre1_8_0_65\x86\jre1.8.0_65.msi" TRANSFORMS="\\server\share\Java\jre1_8_0_65\x86\KD_Custom.mst" REBOOT=ReallySuppress

if not errorlevel 0 goto failed

REM Install JRE x64

msiexec.exe /QN /i "\\server\share\Java\jre1_8_0_65\x64\jre1.8.0_65.msi" TRANSFORMS="\\server\share\Java\jre1_8_0_65\x64\KD_Custom.mst" REBOOT=ReallySuppress

if not errorlevel 0 goto failed

REM Return the exit code to Deployment Software

exit /B %EXIT_CODE%

:failed

echo %computername% errored on %date% at %time%>>"\\server\Share\Java\failedinstalls.txt"

exit /B %EXIT_CODE%

Stepping though the script:

Kill tasks that use Java
Uninstall previous version
Install current versions
Send codes back to deployment software

For all of this, you need to make sure that your method of deployment has access to the shared location. You will also want to make sure that the correct files are all living next to each other just as mentioned in previous posts.

Once tested in your environment, you should be able to use your favorite method of deployment to successfully upgrade to the newest version of Java. Please share and comment if you were able to use this information in a successful deployment!

Tips are also appreciated – BTC 1zALFY18ky39ne63Q9SMNFhzJZS6CARFH

Tagged , , , , , , , , ,

Java Silent Update Part 3 – The Deployment with GPO

Last week, I described how to prepare for deployment of Java to an organization. With those pieces, we were able to deploy the software silently in several different ways. In this post, I will go into the details on how we deployed software with Group Policy.

First stop would be to upload the files to a location. We deployed to a smaller organization and simply used the location \\TheDomain\NETLOGON and created a folder for Java with a folder under that for versions and an additional folder for both x86 and x64. This may be overkill for your needs but helps with separation and troubleshooting in the future.  This also gives you the ability to add another version prior to removing a previous version, which is discussed at the end of this post.

Example Folder Layout

Example Folder Layout

Once the folders are created, upload the .MSI, .MST, and .CFG files for each installation to the appropriate locations.

Example File Layout

Example File Layout

Once uploaded, Navigate to Control Panel –> System and Security –> Administrative Tools –> Group Policy Management and navigate to a test Organizational Unit. Right click on the OU and select “Create a GPO in this domain, and Link it here…”

Create GPO

Create GPO

Name the new GPO and leave Source Starter GPO as none.

Name GPO

Once created, right click on the GPO and select “Edit”

Java GPO Edit

Next, navigate to Computer Configuration –> Policies –> Software Settings –> Software installation. Once there, right click in the right pane and select New –> Package…

Package Creation

A window will appear and you will be able to select the MSI package for Java.

Select Java MSI

Select Java MSI

At Deploy Software, select Advanced and push OK.

Deploy Software

Deploy Software

There will be a short pause while the MSI info is read into the system. A properties box will appear with much of the needed info already filled in. The setting to edit are on the Deployment and Modifications tabs. First, add a check in Deployment for “Uninstall this application when it falls out of the scope of management.”

Deployment Tab Options

Deployment Tab Options

Next, go to the Modifications tab and click Add. Navigate to the MST file and click OK to open.

Select MST

Select MST

Select OK one more time and you have selected this version of Java.

Now that you have done this for one architecture, do the same for the other (x86 or x64)

Once completed for both architectures, wait or force replication between all sites.  Once replicated, a forced test can be accomplished by running the following from a computer within the test OU:

gpupdate /force

Once ran, a reboot will be required.  If everything was successful, the software (s) should install prior to allowing users to login. Once successfully tested, apply this GPO to other OUs by right clicking on OU within Group Policy Management and selecting “Link an Existing GPO…”

Link Existing GPO

Link Existing GPO

A popup gives you an option to select the newly created Java GPO.

Select GPO to Link

Now that you have deployed the software, what happens next week when either Java releases a new version or you are ready to move to the next supported version?

To start, leave the original GPO in place until you are ready to replace that version in production.  This will prevent the software from being “Upgraded” which can cause issues.  It also ensures that you don’t push the next versions directly to production when it should be tested first.

Assuming you have tested and deployed a new version, we can now navigate to the old version.  We did not upgrade any elements so there should be no dependencies to cause issues.  You are also protected if the computer goes to a different OU that has a different version as it will uninstall since we selected the “Uninstall this application when it falls out of the scope of management.”  To uninstall, right click and edit the desired version’s GPO.  Navigate to the software to be uninstall by going to Computer Configuration –> Policies –> Software Settings –> Software installation.  From there, right click and choose All Tasks –> Remove.

Software to uninstall

Software to uninstall

A pop up is displayed, select “Immediately uninstall the software from users and computers”

Immediately Uninstall

Immediately Uninstall

Once the policy has replicated to all sites, again force a Group Policy to update on the endpoint and restart.  The software should uninstall prior to login.

A few words of advice and caution.

First, this will work if you are using a Direct Access VPN, computer authenticated wireless LAN or wired LAN.  Direct Access VPN works best with Windows 8.1 or better.

Second, deploying through GPO can cause slowness upon startup for users.  This is hardly noticed upon a modern LAN but can be significant on older WLANs or on slower Direct Access VPN connections.

Third, try to avoid upgrading from version to version within the same GPO.  I discovered that the version that was upgraded from did not uninstall.

Fourth, this deployment style works well but do not provide easily accessible reporting nor a way to remove all previous versions.  You can use WMIC commands to remove software BUT you are not able to easily remove and deploy all in one place.

Lastly, I can’t stress how important testing is before large scale deployments.  Testing will help prevent end user complaints as well as extra time for IT staff.

Thanks for viewing and stay tuned from a scripted version that can accomplish a remove of ALL previous versions prior to installation of new version.  Please comment if you have questions, comments, or requests!

Tips are appreciated – BTC 1NTuVYMcGUMSYZ6tkhg7qMEr7XP2fcQJjL

Tagged , , , ,

Java Silent Update Part 2 – The Preparation

Previously, I described how to uninstall Java. Now that you have uninstalled Java, you need to install the most recent release. While the uninstall was discovered largely in house, we had to search Google to complete the task properly.

Firstly, we were able to run the following

jre-8u65-windows-i586.exe /s

which was silent. This may suit your needs but we found that this did not meet the needs of the organization. The install is silent, it did not prevent auto updating and all of the other pesky pieces of Java. Because of this, we decided to prepare a proper solution and at this point seek further assistance.

Java’s site isn’t freely available for information on what route we needed to go but there were plenty of other sites that were more than helpful. Two of the most helpful sites are the following

http://www.klaus-hartnegg.de/gpo/msi_java8.html

https://maddog2050.wordpress.com/2015/09/09/gpo-deploying-java-8-update-60/

The highlights as to what you need to look for and configure are:

You will need a software for MSI DB editing. We used Orca.

The change to the CustomAction – installexe – Value=3090 and I have confirmed that it does work on JRE8u65 x86 & x64.

These settings were successful within the java.settings.cfg file that you MUST create:


INSTALL_SILENT=Enable
AUTO_UPDATE=Disable
WEB_ANALYTICS=Disable
REBOOT=Disable
SPONSORS=Disable

I would also recommend generating a transform and applying it to the MSI and not just editing the MSI directly. While editing the MSI directly means you don’t have to apply a transform, it increases the risk of issues with the MSI and needing to keep or retrieve the version at a later date.

Following the guidance provided in the above sites, we were able to prepare a silent install package. We were also able to confirm that the procedures work for JRE8u65 x86 & x64.

In the next article, I will discuss deployment option to ensure success within your environment.

Tips are appreciated – BTC 19HwWXXuihiWPVCXLtimfngtJGz7ntZPke

Tagged , , , , , , , , , ,

Java Silent Update Part 1 – The Uninstall

Recently I was tasked with updating the organizations Java. With the help of some colleagues and Google, we were able to put together a fully functional and silent uninstall of all previous versions prior to installation of the newest version. In this edition, we will discuss the uninstall.

First, let me preface this caution as some of these commands can cause issues with running or install programs if proper testing is not performed prior to deployment.

The first step to uninstalling Java is stopping any programs that might currently be using the software. This is a starting point to which you can expand depending on the applications used in your environment.

taskkill /F /IM iexplorer.exe

taskkill /F /IM iexplore.exe

taskkill /F /IM firefox.exe

taskkill /F /IM chrome.exe

taskkill /F /IM javaw.exe

taskkill /F /IM jqs.exe

taskkill /F /IM jusched.exe

These commands will stop all the above processes instantly and without option to save. This can be used to force an install or prevent users from starting a program with installation is performed upon login.

Once all programs have been closed, you can proceed with uninstall of Java. There are two ways to proceed with the uninstall, targeted or complete. For a complete uninstall, run the following

wmic product where "name like 'java%%'" call uninstall /nointeractive

which will uninstall ALL versions of Java, both x86 and x64.

For a more focused and targeted uninstall, run the following

wmic product where "name like 'java%% 8%%'" call uninstall /nointeractive

which will uninstall ALL Java 8 version, both x86 and x64.

Please check back soon for part 2 in which we silently install the most recent version of Java, JRE8u65.

Tips are appreciated – BTC 1EiKhcZYRkapENTXmEXoYxdYheM1otuW7b

Tagged , , , , , , , , , , ,