Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.
CCA Badge CJA Badge CMA Badge
57

Java 7 Preferences

Posted: 2/5/13 at 9:34 AM by andrew_stenehjem

I'm looking at trying to manage some of the settings for the new Oracle Java environment; like turning off the pref that looks for updates. Anybody already doing this and have any good information? Haven't had a chance to see if this doc applies yet or not:

http://docs.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/properties.html

57
CCA Badge CCE Badge CJA Badge JAMFBadge

Posted: 2/6/13 at 7:41 PM by bmak

I'm also looking for a way to manage the auto update feature.
i'd also like to disable it either vai MCX or script and policy...

CCA Badge CJA Badge CMA Badge

Posted: 2/8/13 at 11:50 PM by andrew_stenehjem

OK, I've got a script that seems to be working. It creates the necessary file (deployment.properties) to manage all user preferences, and turns off the "Check for Updates" preference for all users in Java 7, update 13. Let me know if you find any problems with it... it's worked so far in my testing. If you want to still allow the user to turn auto update on, remove the .locked line.

(Edited 3-2-13. Now includes suppressing the update prompt when opening a Java app, as well as removal of the Launch Agent)

#!/bin/bash


####################################################################################################
# Creates pref file for Java 7 that has setting which turns off the auto update check feature
# Created by AS (3-2-13)
####################################################################################################
####################################################################################################



/bin/echo "Beginning running disable_java_updates script"


####################################################################################################
# Get number variable needed to set suppression of update reminder
####################################################################################################

NUMBER=`/bin/cat /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Enabled.plist |grep ';deploy=' |cut -d"=" -f2 |cut -d"<" -f1`

    echo The number for suppression of this version of Java is "$NUMBER"


    # Verify that it received a numeric value

        case "$NUMBER" in 
        [0-9]*) 
                echo "Entry is a numeric value.  Continuing..."
                ;;
        * ) 
                echo "Error: This entry is not a number.  Will fail to properly suppress update pop up."
                ;;
        esac



####################################################################################################
# Remove Updater Launch Agent Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Agent sym link exists..."

        if [ -f /Library/LaunchAgents/com.oracle.java.Java-Updater.plist ]; then

            /bin/echo "Launch Agent exists.  Removing."

            /bin/rm /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

            /bin/echo "Removed Update Launch Agent Sym Link"

        else
                    /bin/echo "Launch Agent does not exist."

        fi


####################################################################################################
# Remove Updater Launch Daemon Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Daemon sym link exists..."

        if [ -f /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist ]; then

            /bin/echo "Launch Daemon exists.  Removing."

            /bin/rm /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

            /bin/echo "Removed Update Launch Daemon Sym Link"

        else
                    /bin/echo "Launch Daemon does not exist."

        fi


####################################################################################################
####################################################################################################


        # Check to see if Java Plugin exists
        if [ -d /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home ]; then


                echo "Java Plugin is installed, continuing..."


                        if [ ! -f /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties ]; then

                                /bin/echo "The deployment.properties file does not yet exist.  Will create..."


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER".locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER"=true >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER".locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER"=later >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file.  Have a wonderful day."

                                else


                                            /bin/echo "deployment.properties file already exists.  Removing and building new version..."


                                    # Delete existing version of the file
                                            /bin/rm -f /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Deleted previous deployment.properties file"


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER".locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER"=true >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER".locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER"=later >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file.  Have a wonderful day."


                        fi

        else
                echo "Error: Failure to find Java Plugin path.  Either Java is not installed, or the path within the plugin has changed. Exiting"

        fi



/bin/echo "Finished running disable_java_updates script"

####################################################################################################
####################################################################################################

Posted: 2/21/13 at 1:25 PM by timsutton

There seem to be a few places you can set deployment.macosx settings in the deployment.properties files.

Have you verified that this actually prevents the Sparkle Java updater dialog from popping up at the time that's scheduled in /Library/LaunchAgents/com.oracle.Java.Java-Updater.plist? In my tests, it doesn't.

Oracle changed the update mechanism to one that's much more clever starting in Update 11, and I'm convinced that it has zero connection to any of these Java-style properties configuration files.

CCA Badge CJA Badge CMA Badge

Posted: 2/21/13 at 3:08 PM by andrew_stenehjem

If you trash that Launch Agent, does it get re-created at some point? In a quick test, it doesn't look like it gets created at reboot.

Posted: 2/21/13 at 3:20 PM by rtrouton

The launch agent will be re-installed (unless Oracle changes this) with the next Java update.

Posted: 2/21/13 at 3:21 PM by timsutton

No, it doesn't. My current method of disabling the updater is to remove the symlink it creates in /Library/LaunchAgents, so that it doesn't run this anymore on a reboot. It would be nice if there

Also a correction: this new "Helper-Tool" rewrite-the-LaunchAgent trickery shipped with Update 10, not 11. I posted to MacE about this when it was released, posting one method and amending it a week later when I realized it would break future versions from correctly installing due to a naïve assumption by the installer's postinstall script:

https://groups.google.com/forum/#!topic/macenterprise/Vjoe-qo1ttA/discussion

CCA Badge CJA Badge CMA Badge

Posted: 2/21/13 at 6:03 PM by andrew_stenehjem

So, for the Sparkle pop up, it sounds like the way to go is to also remove the Launch Agent after every Java update- as long as they continue to throw it in there as part of the install. Is that what you're doing?

Posted: 2/21/13 at 6:46 PM by timsutton

Yes. But I only remove the symlink, leaving the original files alone.

CCA Badge CJA Badge CMA Badge

Posted: 2/21/13 at 9:11 PM by andrew_stenehjem

Here's a revised version that will remove the Launch Agent if it exists, as well as create the deployment.properties file if it doesn't exist. This could be run after you run the Java updates because it will exit if the deployment.properties file already exists.

I edited the script above as well to include this.

(Edited and modified on 3-2-13 to include suppressing the update prompt when using a Java app)

#!/bin/bash


####################################################################################################
# Creates pref file for Java 7 that has setting which turns off the auto update check feature
# Created by AS (3-2-13)
####################################################################################################
####################################################################################################



/bin/echo "Beginning running disable_java_updates script"


####################################################################################################
# Get number variable needed to set suppression of update reminder
####################################################################################################

NUMBER=`/bin/cat /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Enabled.plist |grep ';deploy=' |cut -d"=" -f2 |cut -d"<" -f1`

    echo The number for suppression of this version of Java is "$NUMBER"


    # Verify that it received a numeric value

        case "$NUMBER" in 
        [0-9]*) 
                echo "Entry is a numeric value.  Continuing..."
                ;;
        * ) 
                echo "Error: This entry is not a number.  Will fail to properly suppress update pop up."
                ;;
        esac



####################################################################################################
# Remove Updater Launch Agent Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Agent sym link exists..."

        if [ -f /Library/LaunchAgents/com.oracle.java.Java-Updater.plist ]; then

            /bin/echo "Launch Agent exists.  Removing."

            /bin/rm /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

            /bin/echo "Removed Update Launch Agent Sym Link"

        else
                    /bin/echo "Launch Agent does not exist."

        fi


####################################################################################################
# Remove Updater Launch Daemon Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Daemon sym link exists..."

        if [ -f /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist ]; then

            /bin/echo "Launch Daemon exists.  Removing."

            /bin/rm /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

            /bin/echo "Removed Update Launch Daemon Sym Link"

        else
                    /bin/echo "Launch Daemon does not exist."

        fi


####################################################################################################
####################################################################################################


        # Check to see if Java Plugin exists
        if [ -d /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home ]; then


                echo "Java Plugin is installed, continuing..."


                        if [ ! -f /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties ]; then

                                /bin/echo "The deployment.properties file does not yet exist.  Will create..."


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER".locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER"=true >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER".locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER"=later >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file.  Have a wonderful day."

                                else


                                            /bin/echo "deployment.properties file already exists.  Removing and building new version..."


                                    # Delete existing version of the file
                                            /bin/rm -f /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Deleted previous deployment.properties file"


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER".locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER"=true >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER".locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER"=later >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file.  Have a wonderful day."


                        fi

        else
                echo "Error: Failure to find Java Plugin path.  Either Java is not installed, or the path within the plugin has changed. Exiting"

        fi



/bin/echo "Finished running disable_java_updates script"

####################################################################################################
####################################################################################################
CCA Badge CJA Badge CMA Badge

Posted: 3/3/13 at 12:40 AM by andrew_stenehjem

So it's become apparent that trying to suppress all of the different update prompt mechanisms that Oracle is using will be an ongoing, trial and error battle... until they change things. Previously, the script was unchecking the "Check for Updates" option and removing the Launch Agent that checks for updates periodically. However, if you were still on an older version of the plugin, it would prompt to update when you opened a Java app.

I updated the script now to add some more keys to the deployment.properties file. This appears to suppress the update prompt when opening a Java app. The keys use a version specific number, so I'm grabbing that number from a file within the plugin and using as a variable... hopefully allowing us to be able to continue using the script every time we roll out a new version of Java. Unfortunately, we have to run the script after every Java update. Hopefully Oracle will give us some better options for controlling this in the future.

Let me know if anyone has any better ideas, or ways to improve on this way of doing it. Any time I update/modify the script, I'm editing the previous versions on this thread in case people grab those copies. For the updated version that also suppresses the prompt when using an app, see either of the previous posts containing the script.

Posted: 5/7/13 at 10:56 AM by CasperSally

Anyone know if the script above from @andrew_stenehjem disables java auto update on current version (7u21)?

Thanks!

Posted: 5/7/13 at 12:39 PM by timsutton

@CasperSally:

It should. If you read the script, you'll see that much of the work it does involves inserting a value into the preferences file that's dynamically derived from the version string (somewhere) in the installed version. So, since there's no hardcoded version it should work for every version until they change their versioning mechanism/location.

CCT Badge CCA Badge CMA Badge JAMFBadge

Posted: 6/3/13 at 9:55 AM by krichterjr

Thanks for sharing this.

Does anyone happen to have an EA that reports whether the "Check for Updates" box is checked or not? If not I can try to weed may way through this to see if I can create one.

Posted: 9/11/13 at 10:58 AM by jtrater

It looks like the method for disabling automatic updates has changed again in Java 7 Update 40 and the old fixes no longer seem to work. Has anyone had any luck?

CCA Badge

Posted: 9/12/13 at 9:51 AM by jconte

I am having the same problem disabling the updates in Java 7 Update 40. If I figure it out I will post here.
Thanks

Posted: 9/12/13 at 1:44 PM by jtrater

I'm not sure if all the changes to deployment.properties are still needed, but doing the following seems to work (at least it un-checks the Check for Updates Automatically box.)

sudo defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

Important
I had issues when I tried to unload and delete the Launch Agent/Daemons like I have done in the past. Maybe I did something incorrectly ( or in the wrong order ) but when I attempted to remove the launch items, the Java preferences would take forever to load and the updates checkbox would remain checked.

CCA Badge CJA Badge CMA Badge

Posted: 9/12/13 at 4:41 PM by andrew_stenehjem

Good call jtrater. I added the defaults command to the existing script and it worked for me. I also don't know if we still need to do all of the modification to the deployment.properties file.

Posted: 9/13/13 at 9:22 AM by ega

So this defaults command seems to stop checking for updates. Does anyone know the settings needed for automatic, unattended, silent update? With Flash we can get this using mms.cfg effectively making Flash silently and continuously update itself (automated patch management)... I would love to have this for Java. Ideas?

Posted: 9/13/13 at 2:16 PM by kstrick

Thumbs up on jtrater's input

CCA Badge

Posted: 9/16/13 at 9:52 AM by atrivas

I am new to editing scripts, where exactly in the script do I need to edit jtrater's fix to turn off auto updates for Java 7 Update 40?

Thanks,

Andrew

Posted: 9/16/13 at 4:05 PM by josaxo

jtrater \- Your plist update worked for me! Appreciate the info.

CCA Badge CJA Badge

Posted: 9/17/13 at 1:26 PM by ctangora

Just for my two cents, this seemed to be having issues, so I went the sneaky route and pointed the software update URL to the machine. Sparkle fails quietly now, user only sees that it couldn't connect to the server. There's more to the script (I took the sledgehammer approach), but here's the relevant lines. I consider it my backup to my backup of the disabling script.

#!/bin/sh
disabledPlistPath="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Disabled"
enabledPlistPath="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Enabled"

   defaults write "${disabledPlistPath}" SUFeedURL "http://127.0.0.1"
   defaults write "${enabledPlistPath}" SUFeedURL "http://127.0.0.1"
CCA Badge CJA Badge CMA Badge

Posted: 10/8/13 at 1:23 AM by Kumarasinghe

@andrew_stenehjem

There's a new key introduced;

deployment.expiration.check.enabled

http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/properties.html

I think this will replace the deployment.expiration.decision.xxxx key since Java 7 Update 40.

Posted: 10/8/13 at 4:12 AM by asditsupport

Ok, I'm just wondering....
You can install Java, make the changes after a snapshot then package it as a .dmg and enable FEU and FUT (as per need). Wouldn't that work too? I have done something similar where in I had to enter a site to the allow list of Flash for a bunch of carts. I followed the above workflow and it worked.

CCA Badge CJA Badge CMA Badge

Posted: 10/8/13 at 9:15 AM by andrew_stenehjem

Thanks @Kumarasinghe. Currently, our deployment properties file gets the following keys:

#deployment.properties
deployment.macosx.check.update.locked
deployment.macosx.check.update=false
deployment.expiration.decision.suppression.10.40.2.locked
deployment.expiration.decision.suppression.10.40.2=true
deployment.expiration.decision.10.40.2.locked
deployment.expiration.decision.10.40.2=later

Any idea if the new key needs to have the version number included (hopefully not), and whether they replace all of the deployment.expiration.decision entries including the "suppression" entry? For example, is this what we'd like to now include in the deployment.properties file?

#deployment.properties
deployment.macosx.check.update.locked
deployment.macosx.check.update=false
deployment.expiration.check.enabled.locked
deployment.expiration.check.enabled=false
CCA Badge CJA Badge CMA Badge

Posted: 10/10/13 at 1:40 AM by Kumarasinghe

@andrew_stenehjem
I'm not too sure. I haven't tested it thoroughly yet but this is a thread from Java for Windows with that option.
http://www.labareweb.com/java-1-7-auto-update-deployment-with-sccmmdt/

CCA Badge CJA Badge CMA Badge

Posted: 10/10/13 at 8:59 AM by andrew_stenehjem

Looks like we don't need the version included with the new key: http://www.oracle.com/technetwork/java/javase/7u40-relnotes-2004172.html#newft

I'm gonna go with this for now and see how it works when the next update is released:

#!/bin/bash


####################################################################################################
# Creates pref file for Java 7 that has setting which turns off the auto update check feature
# Created by AS (10-10-13)
####################################################################################################
####################################################################################################



/bin/echo "Beginning running disable_java_updates script"

####################################################################################################
# Remove Updater Launch Agent Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Agent sym link exists..."

        if [ -f /Library/LaunchAgents/com.oracle.java.Java-Updater.plist ]; then

            /bin/echo "Launch Agent exists.  Removing."

            /bin/rm /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

            /bin/echo "Removed Update Launch Agent Sym Link"

        else
                    /bin/echo "Launch Agent does not exist."

        fi


####################################################################################################
# Remove Updater Launch Daemon Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Daemon sym link exists..."

        if [ -f /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist ]; then

            /bin/echo "Launch Daemon exists.  Removing."

            /bin/rm /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

            /bin/echo "Removed Update Launch Daemon Sym Link"

        else
                    /bin/echo "Launch Daemon does not exist."

        fi


####################################################################################################
####################################################################################################


        # Check to see if Java Plugin exists
        if [ -d /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home ]; then


                echo "Java Plugin is installed, continuing..."


                        if [ ! -f /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties ]; then

                                /bin/echo "The deployment.properties file does not yet exist.  Will create..."


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                        # New key as of update 40
                                        /bin/echo deployment.expiration.check.enabled.locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.check.enabled=false >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file."

                                else


                                            /bin/echo "deployment.properties file already exists.  Removing and building new version..."


                                    # Delete existing version of the file
                                            /bin/rm -f /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Deleted previous deployment.properties file"


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                        # New key as of update 40
                                        /bin/echo deployment.expiration.check.enabled.locked >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.check.enabled=false >> /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file."


                        fi

        else
                echo "Error: Failure to find Java Plugin path.  Either Java is not installed, or the path within the plugin has changed. Exiting"

        fi



        # Change the auto updater preference
        /usr/bin/defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

            /bin/echo "Changed the auto updater preference file.  Have a wonderful day."



/bin/echo "Finished running disable_java_updates script"

####################################################################################################
####################################################################################################

Posted: 10/17/13 at 8:31 AM by musat

Thanks for this, not if there were only something similar to disable the Google updates.

Posted: 10/18/13 at 12:06 PM by micmil

As jconte pointed out, I believe there is a change in the way 7.40 behaves with updates. I could not get the deployment.macosx.check.update=false command to disable the updates on 7.40, but it did work with 7.25. (Well, maybe it did work on 7.40, but the infamous checkbox remained.)

The suggestion from jrater on using the "sudo defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false" command were spot on. That disabled the checkbox and disabled the automatic update check. Doing this also creates a PLIST file that makes remote deployment a breeze.

Any suggestions on using this same PLIST to change the default security settings or expiration check? I would ideally like to just deploy the single PLIST file instead of also using the deployment.properties file. Is there a way to see exactly what "defaults" options are available?

Hopefully this is a sign that Oracle is adopting the standard PLIST settings deployment that everyone else uses...

Posted: 10/18/13 at 2:18 PM by acdesigntech

Ay ideas for those of us still on 1.7.0_11 that are just now starting to get the update prompt again? It's been suppressed for 7 months now, and just last week I started getting Sparkle update pop-ups again :(

Would the old client utilize these new keys?

EDIT: After some more testing, it seems like it's defaulting to using the deployment.properties file in \~/Library/App Support/Oracle/Java/Deployment. How can I get it to NOT do that?

Contents of this file:

#deployment.properties
#Fri Oct 18 16:42:23 EDT 2013
deployment.modified.timestamp=1382128943721
deployment.version=7.0
deployment.expiration.decision.timestamp.10.11.2=10/18/2013 16\:34\:38
#Java Deployment jre's
#Fri Oct 18 16:42:23 EDT 2013
deployment.javaws.jre.0.registered=false
deployment.javaws.jre.0.platform=1.7
deployment.javaws.jre.0.osname=Mac OS X
deployment.javaws.jre.0.path=/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
deployment.javaws.jre.0.product=1.7.0_11
deployment.javaws.jre.0.osarch=x86_64
deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.enabled=true
deployment.javaws.jre.0.args=

I did add the deployment.properties file from the script above into the user template, and java is still overwriting it and prompting for an update.

CCA Badge CJA Badge

Posted: 10/23/13 at 4:22 PM by antoinekinch

Does this work for deploying a Safari white list in Safari 6.1 and enabling websites to run in unsafe mode?

Posted: 11/18/13 at 4:02 PM by acostj

Looks as if the documentation Oracle provides to manage enterprise level Macs is inaccurate. Just took me all of Friday to dig in and correctly setup system wide settings. Using the script already provided I have added some tweaks and also the creation of system wide config and properties file.

If you look at the documentation link below, you can add/remove options that get written to properties file.
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/properties.html

Note that the system wide config location is incorrect and correct one should be under /Library and not \~/Library in Oracle's documentation.

Also please note the properties file can be placed anywhere on the local Mac the location I chose is inside the same config location.

Script below:

#!/bin/sh

# Java Plugin Location 
javaPlugin="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin"

# Config File Location
configFile="/Library/Application Support/Oracle/Java/Deployment/deployment.config"

# Properties File Location
propFile="/Library/Application Support/Oracle/Java/Deployment/deployment.properties"

# Checks if Java Plugin is installed
if [ -e "$javaPlugin" ]; then

    /bin/echo "Java Plugin is installed..."

    # Checks if config file is present
    if [ ! -f "$configFile" ]; then

        /bin/echo "The deployment.config file does not yet exist.  Will create..."

            # Create deployment.config file
            /usr/bin/touch "$configFile"

            /bin/echo "Created deployment.config file"

            # Change ownership on this new file
            /usr/sbin/chown root:wheel "$configFile"

            /bin/echo "Changed ownership on deployment.config file"

            # Write contents of this file
            /bin/echo deployment.system.config=file\://$propFile >> "$configFile"
            /bin/echo deployment.system.config.mandatory=false >> "$configFile"

            /bin/echo "Wrote content to deployment.config file."

    else

        /bin/echo "deployment.config file already exists.  Removing and building new version..."

            # Delete existing version of the file
            /bin/rm -f "$configFile"

            /bin/echo "Deleted previous deployment.config file"

            # Create deployment.config file
            /usr/bin/touch "$configFile"

            /bin/echo "Created deployment.config file"

            # Change ownership on this new file
            /usr/sbin/chown root:wheel "$configFile"

            /bin/echo "Changed ownership on deployment.config file"

            # Write contents of this file
            /bin/echo deployment.system.config=file\://$propFile >> "$configFile"
            /bin/echo deployment.system.config.mandatory=false >> "$configFile"

            /bin/echo "Wrote content to deployment.config file."

    fi

    # Checks if properties file is present
    if [ ! -f "$propFile" ]; then

        /bin/echo "The deployment.properties file does not yet exist.  Will create..."

            # Create deployment.properties file
            /usr/bin/touch "$propFile"

            /bin/echo "Created deployment.properties file"

            # Change ownership on this new file
            /usr/sbin/chown root:wheel "$propFile"

            /bin/echo "Changed ownership on deployment.properties file"

            # Write contents of this file
            /bin/echo '#deployment.properties' > "$propFile"
            /bin/echo deployment.security.validation.ocsp=false >> "$propFile"
            /bin/echo deployment.security.validation.ocsp.locked >> "$propFile"
            /bin/echo deployment.macosx.check.update=false >> "$propFile"
            /bin/echo deployment.macosx.check.update.locked >> "$propFile"
            /bin/echo deployment.expiration.check.enabled=false >> "$propFile"
            /bin/echo deployment.expiration.check.enabled.locked >> "$propFile"                                                             
            /bin/echo deployment.console.startup.mode=HIDE >> "$propFile"

            /bin/echo "Wrote content to deployment.properties file."

    else

        /bin/echo "deployment.properties file already exists.  Removing and building new version..."

            # Delete existing version of the file
            /bin/rm -f "$propFile"

            # Create deployment.properties file
            /usr/bin/touch "$propFile"

            /bin/echo "Created deployment.properties file"

            # Change ownership on this new file
            /usr/sbin/chown root:wheel "$propFile"

            /bin/echo "Changed ownership on deployment.properties file"

            # Write contents of this file
            /bin/echo '#deployment.properties' > "$propFile"
            /bin/echo deployment.security.validation.ocsp=false >> "$propFile"
            /bin/echo deployment.security.validation.ocsp.locked >> "$propFile"
            /bin/echo deployment.macosx.check.update=false >> "$propFile"
            /bin/echo deployment.macosx.check.update.locked >> "$propFile"
            /bin/echo deployment.expiration.check.enabled=false >> "$propFile"
            /bin/echo deployment.expiration.check.enabled.locked >> "$propFile"                                                             
            /bin/echo deployment.console.startup.mode=HIDE >> "$propFile"

            /bin/echo "Wrote content to deployment.properties file."

    fi

    # Change the auto updater preference
    /usr/bin/defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

    /bin/echo "Changed the auto updater preference file."
    /bin/echo "Java settings have been deployed. Exiting"

else

    echo "Error: Failure to find Java Plugin path.  Either Java is not installed, or the path within the plugin has changed. Exiting"
    exit 1

fi
CCA Badge CJA Badge CMA Badge

Posted: 11/19/13 at 10:45 PM by Kumarasinghe

@acostj please check your script. /usr/bin/touch "$configFile" wouldn't work as the Deployment folder doesn't exist in "/Library/Application Support/Oracle/Java/"

Thanks

CSE Badge

Posted: 11/21/13 at 1:11 PM by bmwarren

Just to throw my hat in the ring, here's the template I use to install a particular version of Java 7, set the deployment preferences and ensure the updater will not run:

https://github.com/bmwarren/oracle-java-deployment

Basically a Packages project with a postflight script that installs Java itself and deployment prefs. You'll need to bring your own Java installer, and instructions are in the README.

CCA Badge CJA Badge

Posted: 1/17/14 at 2:26 PM by antoinekinch

Given the new Java 7 update 51, the default security level is HIGH. Is there a way to just set the security level to Medium with a simple script?

sudo defaults write /Library/Application Support/Oracle/Java/Deployment/deployment.properties deployment.security.level -bool MEDIUM or WEB_JAVA_SECURITY_LEVEL=M or something like that?

Thanks.

Posted: 2/28/14 at 10:38 AM by johnnasset

Okay so I ran this script on my own machine to test. Seemed to execute fine but the box to check for auto-updates is still checked in the Java control panel. Is that anything to be concerned with?

CCA Badge CJA Badge

Posted: 3/4/14 at 9:09 AM by antoinekinch

To disable auto updates run this command:

sudo defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

@johnnasset

CCA Badge

Posted: 4/16/14 at 7:38 AM by jthurwood

Hey

Just pulling up this thread, ive noticed Java 7 Update 55 has been released today. What was the best method to disable the Auto updating, via the script or command above?

CCT Badge CCA Badge

Posted: 4/23/14 at 2:51 PM by grahamfw

Likewise. I'm looking for a way to disable Auto updating in Update 55. GUI method doesn't appear to work.

Posted: 4/23/14 at 3:04 PM by johnnasset

The above command still works in update 55:

sudo defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

CCA Badge CCE Badge CMA Badge

Posted: 5/9/14 at 6:38 PM by dderusha

@bajankinch did you get this working?

sudo defaults write /Library/Application Support/Oracle/Java/Deployment/deployment.properties deployment.security.level -bool MEDIUM or WEB_JAVA_SECURITY_LEVEL=M or something like that?

trying to accomplish the same, but it seems as if this setting is set on the \~/Library/Preferences/com.oracle.javadeployment.plist

I'm having troubles getting the Key deployment.security.level with the string MEDIUM placed in the /com/oracle/javadeployment/ dictionary

Posted: 5/12/14 at 6:04 AM by jtrater

There, may be an easier way, but we are deploying a Java preferences package that contains

/Library/Application Support/Oracle/Java/Deployment/deployment.properties

deployment.properties has a line that reads deployment.security.level=MEDIUM

You could also create that file via a script.

CCA Badge CCE Badge CJA Badge

Posted: 6/13/14 at 4:22 PM by jrserapio

@maktime
I tried a combo of the suggestions on this thread. I have only tested on a couple machines, but this seems to work. create MCX based off of the defaults command here
/Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

Computer level enforced
Value com.oracle.java.Java-Updater Key JavaAutoUpdateEnabled
bool false

To get this to work, i had to run the defaults command once to create the plist file. After that, the MCX would revert the setting of the check box, if checked again. I have not tested long enough to see if i get a pop up prompt though, but it looks like a step in the right direction.

Posted: 8/12/14 at 6:52 PM by gpalau

@bmwarren

Just to throw my hat in the ring, here's the template I use to install a particular version of Java 7

how can I add my own deployment.properties file? I saw you included the source file for Oracle_Java_Preferences, but how I convert that into a pkg?

CSE Badge

Posted: 8/12/14 at 11:20 PM by bmwarren

@gpalau

You'll need to build it as a pkg yourself using your favorite packaging tool; since we're already using Packages it makes since to use that here too. Composer will also work.

You can see my deployment.properties at https://github.com/haircut/oracle-java-deployment/blob/master/deployment_preferences/Oracle_Java_Preferences/ROOT/Library/Application%20Support/Oracle/Java/Deployment/deployment.properties

Build your package to install your deployment.properties to the correct path (/Library/Application Support/Oracle/Java/Deployment) with your customized file. If you're using Composer, create a snapshot, move the file to the correct path, then build your package making sure it only includes deployment.properties and deployment.config.

CCA Badge CCE Badge CMA Badge

Posted: 8/13/14 at 10:42 AM by dderusha

@gpalau we did almost the same as @bmwarren. We ended up packaging the deployment.properties and deployment.config in a DMG. We have the package offered in self service as well.
Path was /Library/Application Support/Oracle/Java/Deployment/

#deployment.config
#Tue May 13 20:51:30 CDT 2014
deployment.system.config=file:///Library/Application\ Support/Oracle/Java/Deployment/deployment.properties
deployment.system.config.mandatory=true

#deployment.properties
#Tue May 13 20:51:30 CDT 2014
deployment.macosx.check.update=false
deployment.macosx.check.update.locked
deployment.expiration.check.enabled=false
deployment.expiration.check.enabled.locked
deployment.security.level=MEDIUM
deployment.security.level.locked
deployment.console.startup.mode=HIDE

It's worked in the past few releases and the latest 7r 67

Dan

Posted: 8/19/14 at 12:17 PM by gpalau

You'll need to build it as a pkg yourself using your favorite packaging tool; since we're already using Packages it makes since to use that here too. Composer will also work. You can see my deployment.properties at https://github.com/haircut/oracle-java-deployment/blob/master/deployment_preferences/Oracle_Java_Preferences/ROOT/Library/Application%20Support/Oracle/Java/Deployment/deployment.properties Build your package to install your deployment.properties to the correct path (/Library/Application Support/Oracle/Java/Deployment) with your customized file. If you're using Composer, create a snapshot, move the file to the correct path, then build your package making sure it only includes deployment.properties and deployment.config.

@bmwarren one last question, how can I create a pkg (I have never done this before) of deployment.config and deployment.properties with Packages?

Posted: 8/21/14 at 6:14 PM by Ball

@gpalau][/url I still think the easiest and most flexible way is Apple Package Maker. You have to search and install the auxiliary tools for xcode off developer.apple.com. But watch this video for a quick overview, you basically make a folder called root and then under that lay out a dummy file system like on OS X. Under Root you would have Library or System and so on. Create the whole directory structure and then put the files in place and drag the folder named root or Package in the video and set the prefs and change the names and add any Read Me info or background and create the package. Not really sure why Apple gave up on Package Maker, its still my favorite to create packages with. http://youtu.be/jpP3UbKsKT0

CCA Badge CSE Badge

Posted: 1/13/15 at 9:46 AM by bmccune

I've got the deployment.config and deployment.properties files working, except Auto Update does not actually turn off. The other settings in the deployment.properties file are applied. This is on 10.9.5 using both Java 7 and Java 8 (latest releases). After some research I found this bug which is still open and unresolved. So in case anyone else is struggling to figure out what the problem is, here you go: https://bugs.openjdk.java.net/browse/JDK-8029309

CCA Badge CSE Badge

Posted: 2/19/15 at 8:30 PM by cwaldrip

All of this looks like it's for managing the auto-update and alerts (which is good, and I'm adopting). But, has someone written a script to check for and install updated Java version that I can run through Self-Service? Something like the Flash update script.

CCA Badge CJA Badge

Posted: 2/19/15 at 9:35 PM by RobertHammen

I think @rtrouton has one on his blog (http://derflounder.wordpress.com) or his github (yep, in Java 7 and Java 8 flavors):

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts

CCA Badge CSE Badge

Posted: 2/23/15 at 9:43 AM by cwaldrip

Perfect. Thanks @rtrouton and @RobertHammen!

CCA Badge CMA Badge

Posted: 6/11/15 at 1:20 PM by etippett

Does anyone know if the script above is working for v8 update 45? It seems to turn off the checkbox, but I notice that whenever I launch the Java Control Panel, it updates the last checked for updates time, which gives me pause...

@bmccune I checked on that bug and it's listed as fixed in update 60, whenever that will be released. I didn't have issues with the checkbox staying checked on 10.10.3 with java 8u45, though.

Eric

Posted: 7/10/15 at 1:45 PM by May

Hi @timsutton

I'd like to use the approach you mentioned and delete the symlink and also turn off updates using
defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

How do you unload the LaunchAgent as the logged in user before you delete it ? i'd like to run it all as a script in a policy.

I've been looking into using launchctl bsexec but cannot get it to work so far.

Cheers,
Andy

Posted: 7/14/15 at 11:17 AM by timsutton

Andy, I haven't resorted to deleting symlinks since that JavaAutoUpdateEnabled preference has been introduced.

Because Oracle does so much monkeying with those LaunchAgents/Daemons, I prefer to just leave them alone.

Posted: 7/14/15 at 11:37 AM by May

Thanks @timsutton

Sounds like the safest way to go!

Cheers,
Andy