Silently Disable Java Auto Update on All Computers

Hey sysdmins, do you still have computers in your company that have Java Auto Update enabled? Well, worry not. We’ll show you how you can A) use PDQ Inventory to find the computers that have it enabled and B) use PDQ Deploy to disable Java Auto Update.

In order to perform all of these steps you’ll need to have PDQ Inventory and PDQ Deploy both running in Pro mode or higher. (You can get a free trial of PDQ Inventory and PDQ Deploy.)

Oracle stores the Auto Update configuration in the Windows Registry. This means we need to scan the registries on our Windows computers.

Step One: Add two Registry scanners to a new or existing Scan Profile. In this example, we use the existing Applications scan profile.

Go to File > Preferences > Scan Profiles in PDQ Inventory. Double click on Applications. Click the Add button and select Registry. Use the HKEY_LOCAL_MACHINE Hive and enter the following for the path:

HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy

spc-20140618-RegistryScanner

Save the scanner. Add another Registry scanner and use this path (for 64-bit Windows):

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy

Click OK. If you added these scanners to the Applications scan profile it would look like this:

spc-20140618-ApplicationsScanProfile

Close the Scan Profile and Preferences windows.

Scan your computers using the scan profile containing the new Registry scanners.

Step Two: Create a new Dynamic Collection

For this example, we used the default Group Filter (All) and created 4 Value Filters. See image.

spc-20140618-JavaAutoUpdateCollection

 

As long as you have scanned your computers with the Scan Profile you created / modifed above any computer that has Java Auto Update enabled will now be a member of this collection.

Use PDQ Deploy to Delete the Java Update Registry Key

In PDQ Deploy create a new Package. Add two new Command steps. Delete the default Install Step. 

The command for the first step should be:

%SystemRoot%\System32\Reg.exe DELETE "HKLM\SOFTWARE\JavaSoft\Java Update" /f

The command for the second step should be:

%SystemRoot%\System32\Reg.exe DELETE "HKLM\SOFTWARE\Wow6432Node\JavaSoft\Java Update" /f

On the first step go to the Conditions tab. Change the Arcitecture condition to 32-bit. On the second step change the Architecture condition to 64-bit

 spc-20140618-DisableJavaAutoUpdatePackage

Now you can deploy this package to the computers in your Java Auto Update collection. View the video below to see an example of accomplishing these tasks. Note that the video also shows how you can create a PDQ Inventory Report as well as a collection. 

You can watch a tutorial that follows these steps on disabling java update below. Just click play to see all three parts played in order.

 

Try PDQ Deploy