Java Runtimes JRE7 - Your Java version is insecure popup
This one has been pain in the ass to find out… Since Java 7 (1.7_xx) the security and setting management is a total nightmare. This is so messy you can’t find a reliable information on Oracle website… The worse thing is all the mechanism seems to change between versions… from 1.7_01 to _11 is one way to do thing and version after it’s done another way…
Here is the ugly pop up I want to eliminate from the user interface on the XenApp Desktop.
To do so, I had to check every change within files, registry to finally find out everything was located in the registry for this version of java, JRE7 1.7_13… So I wanted to create a GPP to target user connected on the XenApp servers, here is my xml file created from a registry export :
<?xml version="1.0" encoding="UTF-8"?>
<Collection clsid="{53B533F5-224C-47e3-B01B-CA3B3F3FF4BF}" name="reg">
<Collection clsid="{53B533F5-224C-47e3-B01B-CA3B3F3FF4BF}" name="HKEY_CURRENT_USER">
<Collection clsid="{53B533F5-224C-47e3-B01B-CA3B3F3FF4BF}" name="Software">
<Collection clsid="{53B533F5-224C-47e3-B01B-CA3B3F3FF4BF}" name="AppDataLow">
<Collection clsid="{53B533F5-224C-47e3-B01B-CA3B3F3FF4BF}" name="Software">
<Collection clsid="{53B533F5-224C-47e3-B01B-CA3B3F3FF4BF}" name="JavaSoft">
<Collection clsid="{53B533F5-224C-47e3-B01B-CA3B3F3FF4BF}" name="DeploymentProperties">
<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="deployment.modified.timestamp" status="deployment.modified.timestamp" image="7" changed="2013-10-11 07:38:28" uid="{1C780ADB-891C-1BEC-06C7-4FC281612390}">
<Properties action="U" displayDecimal="0" default="0" hive="HKEY_CURRENT_USER" key="SoftwareAppDataLowSoftwareJavaSoftDeploymentProperties" name="deployment.modified.timestamp" type="REG_SZ" value="1381415837129"/>
<Filters/>
</Registry>
<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="deployment.expiration.decision.10.13.2" status="deployment.expiration.decision.10.13.2" image="7" changed="2013-10-11 07:38:28" uid="{B4DBC605-68F5-A440-1196-724E6001512C}">
<Properties action="U" displayDecimal="0" default="0" hive="HKEY_CURRENT_USER" key="SoftwareAppDataLowSoftwareJavaSoftDeploymentProperties" name="deployment.expiration.decision.10.13.2" type="REG_SZ" value="later"/>
<Filters/>
</Registry>
<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="deployment.expiration.decision.suppression.10.13.2" status="deployment.expiration.decision.suppression.10.13.2" image="7" changed="2013-10-11 07:38:28" uid="{1297F911-3EEB-997E-7EF5-8C767ED53399}">
<Properties action="U" displayDecimal="0" default="0" hive="HKEY_CURRENT_USER" key="SoftwareAppDataLowSoftwareJavaSoftDeploymentProperties" name="deployment.expiration.decision.suppression.10.13.2" type="REG_SZ" value="true"/>
<Filters/>
</Registry>
<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="deployment.version" status="deployment.version" image="7" changed="2013-10-11 07:38:28" uid="{A9608F24-1256-B865-97D6-1652C4039605}">
<Properties action="U" displayDecimal="0" default="0" hive="HKEY_CURRENT_USER" key="SoftwareAppDataLowSoftwareJavaSoftDeploymentProperties" name="deployment.version" type="REG_SZ" value="7.0"/>
<Filters/>
</Registry>
<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="deployment.expired.version" status="deployment.expired.version" image="7" changed="2013-10-11 07:38:28" uid="{8410910C-81D2-9F6B-99F1-75C753B5A060}">
<Properties action="U" displayDecimal="0" default="0" hive="HKEY_CURRENT_USER" key="SoftwareAppDataLowSoftwareJavaSoftDeploymentProperties" name="deployment.expired.version" type="REG_SZ" value="10.13.2"/>
<Filters/>
</Registry>
<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="deployment.expiration.decision.timestamp.10.13.2" status="deployment.expiration.decision.timestamp.10.13.2" image="7" changed="2013-10-11 07:38:28" uid="{385BCE4C-8C4D-D22E-D443-43451D22D3DD}">
<Properties action="U" displayDecimal="0" default="0" hive="HKEY_CURRENT_USER" key="SoftwareAppDataLowSoftwareJavaSoftDeploymentProperties" name="deployment.expiration.decision.timestamp.10.13.2" type="REG_SZ" value="10/10/2013 16:37:16"/>
<Filters/>
</Registry>
</Collection>
</Collection>
</Collection>
</Collection>
</Collection>
</Collection>
</Collection>Next, I wanted to filter this GPP with a WMI filter, this WMI Query will look for locations of the JRE7 Folder on the System and if found it will apply the policy.
Select * From win32_Directory where (name="c:YourPrimaryInstallationFolderJavajre7" or name="c:YourSecondInstallationFolderJavajre7")
And this works ! I didn’t need to do anything with deployment.properties and deployment.config as described everywhere on the Oracle website… (This website is really pain in the ass to find good documentation…)
I hope it will help, and I hope Oracle will stop to change the way we need to use to manage Java configuration….
