Skip to content

How to manage Java’s control panel & Exception Site List

company JJB
JJ Bateman|Updated May 26, 2021
Managing Java's Control Panel Exception Site List
Managing Java's Control Panel Exception Site List

With the introduction of the Exception Site List in Java 7, many users have experienced havoc trying to manage all the exceptions needed for end-users in their environments. Through exhaustive research, I have found a way to manage Java’s control panel and Exception Site List from a system-level and have all the settings managed from a network share. I will show you how to collaborate your Java settings and Exception Site List into a couple of Packages to deploy throughout your environment using PDQ Deploy. These same steps work with Java 8.

First, let’s understand how the Java Control Panel settings are managed with a default installation of Java. The file is installed in a non-configurable location here:


The Java Control Panel and the Exception Site List can both be managed from the file, but the changes reflect only on a per user basis. However, the user level file can be bypassed if a deployment.config file is created that also points to a system-level file. By default, the system-level deployment.config, and files are not created. (Only the User level file.)

So, how do we set up the system-level settings for Java? First, we will need to create the three files needed to manage the Java Control Panel settings. The three files once created, will go in the %WINDIR%\SUN\JAVA\Deployment directory which if it doesn’t exist, will need to be created.

deployment.config file

The deployment.config file is used to specify the location of the file in your environment. Whether the file is located on the local machine or on a network share, the deployment.config file will only contain two properties:

deployment.system.config and deployment.system.config.mandatory

The deployment.system.config property is the file path to the system-level (enterprise-wide) file. (Utilize the file protocol for the file path)

The deployment.system.config.mandatory is a Boolean value. The default value for this property is false. If left as the default value, there will be an attempt to load the file specified in the deployment.system.config path. If the property is set to true, the attempt to access the file will still be made; however, if the file cannot be found or loaded, nothing will be allowed to run.

Here are two examples of the contents in the deployment.config file. The first points to the file on the local (target) machines.

deployment.system.config=file\:C\:/Windows/Sun/Java/Deployment/ deployment.system.config.mandatory=true

This example points to a file on the HQ-Svr1 server in the deploy share.

deployment.system.config=file\://HQ Svr1/deploy/Sun/Java/Deployment/ deployment.system.config.mandatory=true file

The file is used to manage the settings in Java Control Panel. A complete list of available settings and values that can be used is found here:

In addition, the exception.sites file path is set here as well.

Here are two example deployment.config files. The first example shows the contents of a file which points to a local (on each target machine) exception.sites file. deployment.webjava.enabled=true\:/Windows/Sun/Java/Deployment/exception.sites

The second example points to a network share on a computer named HQ-Svr1 with a Windows shared directory called Deploy. deployment.webjava.enabled=true

exception.sites file

The exception.sites file is a one URL per line list of sites that you want in the Exception Site List field found in the Java Control Panel. Nothing else goes in this file.

Now that we have the three files we need, it is time to put them to good use. Depending on the set up desired (files on the local machine or a network share), it will determine where you will place your files. For our first example, we will be deploying our files out to the local machine. In this case, copy the three files you created into your repository or any other location on your machine you desire.

Create a new PDQ Deploy package

Now that your three files are in your repository or another location on your machine, open PDQ Deploy and create a new package. Create a command step and delete the default install step. In the command field, we need to enter a command that will copy the three files needed into the %WINDIR%\Sun\Java\Deployment directory and also create the directory if it does not exist (only the deployment.config files needs to be copied over if you are storing the and the exception.sites files on a network share). We will use an xcopy command with a /I and a /Y to accomplish the copy task for us.(Type xcopy /? in a command prompt for a usage statement)

xcopy /I /Y "\\DEPLOY-SVR\Repository\SUN\JAVA\Deployment" %WINDIR%\SUN\JAVA\Deployment
java files package

That is all there is to it. Push out the packages to the respective machines and be amazed as the Java Control Panel properties and exception list conform to your desires. If you open the Java Control Panel and click on the Security Tab, you should see the changes you specified in the and exception.sites files are set. Remember the user’s file will be bypassed by the system-level properties. If the system-level properties are removed, Java will revert to the users settings.


  1. If you store your Java configuration files on a network share make sure your users have Read access to the shared files. 

  2. If your exception.sites file is set to READ ONLY then the exception.sites list in the Control Panel will not be able to be modified.

  3. The command step created to change the Java Control Panel settings and Exception Site List can be added to our Java 7 Update 51(and later) Packages in the Package Library, to install Java and have the settings applied all in one package. Trials to PDQ Deploy do not include full access to our package library. The trial does include access to some packages for testing purposes. To see the different levels available, see our Package Library page.

company JJB
JJ Bateman

JJ is a technical creative. He finds joy in programming, automation, and in participating in the artistic sides of things. You'll often find him drinking on Thursdays on the PDQ webcast, rambling and raging remotely at the Bermuda Triangle/heisenbug-tier tech at the studio in SLC.

Related articles