Java 7 Preferences

andrew_stenehje
Contributor

I'm looking at trying to manage some of the settings for the new Oracle Java environment; like turning off the pref that looks for updates. Anybody already doing this and have any good information? Haven't had a chance to see if this doc applies yet or not:

http://docs.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/properties.html

57 REPLIES 57

bmak
Contributor
Contributor

I'm also looking for a way to manage the auto update feature.
i'd also like to disable it either vai MCX or script and policy...

andrew_stenehje
Contributor

OK, I've got a script that seems to be working. It creates the necessary file (deployment.properties) to manage all user preferences, and turns off the "Check for Updates" preference for all users in Java 7, update 13. Let me know if you find any problems with it... it's worked so far in my testing. If you want to still allow the user to turn auto update on, remove the .locked line.

(Edited 3-2-13. Now includes suppressing the update prompt when opening a Java app, as well as removal of the Launch Agent)

#!/bin/bash


####################################################################################################
# Creates pref file for Java 7 that has setting which turns off the auto update check feature
# Created by AS (3-2-13)
####################################################################################################
####################################################################################################



/bin/echo "Beginning running disable_java_updates script"


####################################################################################################
# Get number variable needed to set suppression of update reminder
####################################################################################################

NUMBER=`/bin/cat /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Enabled.plist |grep ';deploy=' |cut -d"=" -f2 |cut -d"<" -f1`

    echo The number for suppression of this version of Java is "$NUMBER"


    # Verify that it received a numeric value

        case "$NUMBER" in 
        [0-9]*) 
                echo "Entry is a numeric value.  Continuing..."
                ;;
        * ) 
                echo "Error: This entry is not a number.  Will fail to properly suppress update pop up."
                ;;
        esac



####################################################################################################
# Remove Updater Launch Agent Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Agent sym link exists..."

        if [ -f /Library/LaunchAgents/com.oracle.java.Java-Updater.plist ]; then

            /bin/echo "Launch Agent exists.  Removing."

            /bin/rm /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

            /bin/echo "Removed Update Launch Agent Sym Link"

        else
                    /bin/echo "Launch Agent does not exist."

        fi


####################################################################################################
# Remove Updater Launch Daemon Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Daemon sym link exists..."

        if [ -f /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist ]; then

            /bin/echo "Launch Daemon exists.  Removing."

            /bin/rm /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

            /bin/echo "Removed Update Launch Daemon Sym Link"

        else
                    /bin/echo "Launch Daemon does not exist."

        fi


####################################################################################################
####################################################################################################


        # Check to see if Java Plugin exists
        if [ -d /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home ]; then


                echo "Java Plugin is installed, continuing..."


                        if [ ! -f /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties ]; then

                                /bin/echo "The deployment.properties file does not yet exist.  Will create..."


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER".locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER"=true >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER".locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER"=later >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file.  Have a wonderful day."

                                else


                                            /bin/echo "deployment.properties file already exists.  Removing and building new version..."


                                    # Delete existing version of the file
                                            /bin/rm -f /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Deleted previous deployment.properties file"


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER".locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER"=true >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER".locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER"=later >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file.  Have a wonderful day."


                        fi

        else
                echo "Error: Failure to find Java Plugin path.  Either Java is not installed, or the path within the plugin has changed. Exiting"

        fi



/bin/echo "Finished running disable_java_updates script"

####################################################################################################
####################################################################################################

timsutton
Contributor

There seem to be a few places you can set deployment.macosx settings in the deployment.properties files.

Have you verified that this actually prevents the Sparkle Java updater dialog from popping up at the time that's scheduled in /Library/LaunchAgents/com.oracle.Java.Java-Updater.plist? In my tests, it doesn't.

Oracle changed the update mechanism to one that's much more clever starting in Update 11, and I'm convinced that it has zero connection to any of these Java-style properties configuration files.

andrew_stenehje
Contributor

If you trash that Launch Agent, does it get re-created at some point? In a quick test, it doesn't look like it gets created at reboot.

rtrouton
Release Candidate Programs Tester

The launch agent will be re-installed (unless Oracle changes this) with the next Java update.

timsutton
Contributor

No, it doesn't. My current method of disabling the updater is to remove the symlink it creates in /Library/LaunchAgents, so that it doesn't run this anymore on a reboot. It would be nice if there

Also a correction: this new "Helper-Tool" rewrite-the-LaunchAgent trickery shipped with Update 10, not 11. I posted to MacE about this when it was released, posting one method and amending it a week later when I realized it would break future versions from correctly installing due to a naïve assumption by the installer's postinstall script:

https://groups.google.com/forum/#!topic/macenterprise/Vjoe-qo1ttA/discussion

andrew_stenehje
Contributor

So, for the Sparkle pop up, it sounds like the way to go is to also remove the Launch Agent after every Java update- as long as they continue to throw it in there as part of the install. Is that what you're doing?

timsutton
Contributor

Yes. But I only remove the symlink, leaving the original files alone.

andrew_stenehje
Contributor

Here's a revised version that will remove the Launch Agent if it exists, as well as create the deployment.properties file if it doesn't exist. This could be run after you run the Java updates because it will exit if the deployment.properties file already exists.

I edited the script above as well to include this.

(Edited and modified on 3-2-13 to include suppressing the update prompt when using a Java app)

#!/bin/bash


####################################################################################################
# Creates pref file for Java 7 that has setting which turns off the auto update check feature
# Created by AS (3-2-13)
####################################################################################################
####################################################################################################



/bin/echo "Beginning running disable_java_updates script"


####################################################################################################
# Get number variable needed to set suppression of update reminder
####################################################################################################

NUMBER=`/bin/cat /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Enabled.plist |grep ';deploy=' |cut -d"=" -f2 |cut -d"<" -f1`

    echo The number for suppression of this version of Java is "$NUMBER"


    # Verify that it received a numeric value

        case "$NUMBER" in 
        [0-9]*) 
                echo "Entry is a numeric value.  Continuing..."
                ;;
        * ) 
                echo "Error: This entry is not a number.  Will fail to properly suppress update pop up."
                ;;
        esac



####################################################################################################
# Remove Updater Launch Agent Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Agent sym link exists..."

        if [ -f /Library/LaunchAgents/com.oracle.java.Java-Updater.plist ]; then

            /bin/echo "Launch Agent exists.  Removing."

            /bin/rm /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

            /bin/echo "Removed Update Launch Agent Sym Link"

        else
                    /bin/echo "Launch Agent does not exist."

        fi


####################################################################################################
# Remove Updater Launch Daemon Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Daemon sym link exists..."

        if [ -f /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist ]; then

            /bin/echo "Launch Daemon exists.  Removing."

            /bin/rm /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

            /bin/echo "Removed Update Launch Daemon Sym Link"

        else
                    /bin/echo "Launch Daemon does not exist."

        fi


####################################################################################################
####################################################################################################


        # Check to see if Java Plugin exists
        if [ -d /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home ]; then


                echo "Java Plugin is installed, continuing..."


                        if [ ! -f /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties ]; then

                                /bin/echo "The deployment.properties file does not yet exist.  Will create..."


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER".locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER"=true >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER".locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER"=later >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file.  Have a wonderful day."

                                else


                                            /bin/echo "deployment.properties file already exists.  Removing and building new version..."


                                    # Delete existing version of the file
                                            /bin/rm -f /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Deleted previous deployment.properties file"


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER".locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision.suppression."$NUMBER"=true >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER".locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.decision."$NUMBER"=later >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file.  Have a wonderful day."


                        fi

        else
                echo "Error: Failure to find Java Plugin path.  Either Java is not installed, or the path within the plugin has changed. Exiting"

        fi



/bin/echo "Finished running disable_java_updates script"

####################################################################################################
####################################################################################################

andrew_stenehje
Contributor

So it's become apparent that trying to suppress all of the different update prompt mechanisms that Oracle is using will be an ongoing, trial and error battle... until they change things. Previously, the script was unchecking the "Check for Updates" option and removing the Launch Agent that checks for updates periodically. However, if you were still on an older version of the plugin, it would prompt to update when you opened a Java app.

I updated the script now to add some more keys to the deployment.properties file. This appears to suppress the update prompt when opening a Java app. The keys use a version specific number, so I'm grabbing that number from a file within the plugin and using as a variable... hopefully allowing us to be able to continue using the script every time we roll out a new version of Java. Unfortunately, we have to run the script after every Java update. Hopefully Oracle will give us some better options for controlling this in the future.

Let me know if anyone has any better ideas, or ways to improve on this way of doing it. Any time I update/modify the script, I'm editing the previous versions on this thread in case people grab those copies. For the updated version that also suppresses the prompt when using an app, see either of the previous posts containing the script.

CasperSally
Valued Contributor II

Anyone know if the script above from @andrew_stenehjem disables java auto update on current version (7u21)?

Thanks!

timsutton
Contributor

@CasperSally:

It should. If you read the script, you'll see that much of the work it does involves inserting a value into the preferences file that's dynamically derived from the version string (somewhere) in the installed version. So, since there's no hardcoded version it should work for every version until they change their versioning mechanism/location.

krichterjr
Contributor

Thanks for sharing this.

Does anyone happen to have an EA that reports whether the "Check for Updates" box is checked or not? If not I can try to weed may way through this to see if I can create one.

TheStick
New Contributor

It looks like the method for disabling automatic updates has changed again in Java 7 Update 40 and the old fixes no longer seem to work. Has anyone had any luck?

jconte
Contributor II

I am having the same problem disabling the updates in Java 7 Update 40. If I figure it out I will post here.
Thanks

TheStick
New Contributor

I'm not sure if all the changes to deployment.properties are still needed, but doing the following seems to work (at least it un-checks the Check for Updates Automatically box.)

sudo defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

Important
I had issues when I tried to unload and delete the Launch Agent/Daemons like I have done in the past. Maybe I did something incorrectly ( or in the wrong order ) but when I attempted to remove the launch items, the Java preferences would take forever to load and the updates checkbox would remain checked.

andrew_stenehje
Contributor

Good call jtrater. I added the defaults command to the existing script and it worked for me. I also don't know if we still need to do all of the modification to the deployment.properties file.

ega
Contributor III

So this defaults command seems to stop checking for updates. Does anyone know the settings needed for automatic, unattended, silent update? With Flash we can get this using mms.cfg effectively making Flash silently and continuously update itself (automated patch management)... I would love to have this for Java. Ideas?

kstrick
Contributor III

Thumbs up on jtrater's input

atrivas
New Contributor

I am new to editing scripts, where exactly in the script do I need to edit jtrater's fix to turn off auto updates for Java 7 Update 40?

Thanks,

Andrew

josaxo
New Contributor

jtrater - Your plist update worked for me! Appreciate the info.

ctangora
Contributor III

Just for my two cents, this seemed to be having issues, so I went the sneaky route and pointed the software update URL to the machine. Sparkle fails quietly now, user only sees that it couldn't connect to the server. There's more to the script (I took the sledgehammer approach), but here's the relevant lines. I consider it my backup to my backup of the disabling script.

#!/bin/sh
disabledPlistPath="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Disabled"
enabledPlistPath="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Enabled"

   defaults write "${disabledPlistPath}" SUFeedURL "http://127.0.0.1"
   defaults write "${enabledPlistPath}" SUFeedURL "http://127.0.0.1"

Kumarasinghe
Valued Contributor

@andrew_stenehjem

There's a new key introduced;

deployment.expiration.check.enabled

http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/properties.html

I think this will replace the deployment.expiration.decision.xxxx key since Java 7 Update 40.

asditsupport
New Contributor III

Ok, I'm just wondering....
You can install Java, make the changes after a snapshot then package it as a .dmg and enable FEU and FUT (as per need). Wouldn't that work too? I have done something similar where in I had to enter a site to the allow list of Flash for a bunch of carts. I followed the above workflow and it worked.

andrew_stenehje
Contributor

Thanks @Kumarasinghe. Currently, our deployment properties file gets the following keys:

#deployment.properties
deployment.macosx.check.update.locked
deployment.macosx.check.update=false
deployment.expiration.decision.suppression.10.40.2.locked
deployment.expiration.decision.suppression.10.40.2=true
deployment.expiration.decision.10.40.2.locked
deployment.expiration.decision.10.40.2=later

Any idea if the new key needs to have the version number included (hopefully not), and whether they replace all of the deployment.expiration.decision entries including the "suppression" entry? For example, is this what we'd like to now include in the deployment.properties file?

#deployment.properties
deployment.macosx.check.update.locked
deployment.macosx.check.update=false
deployment.expiration.check.enabled.locked
deployment.expiration.check.enabled=false

Kumarasinghe
Valued Contributor

@andrew_stenehjem
I'm not too sure. I haven't tested it thoroughly yet but this is a thread from Java for Windows with that option.
http://www.labareweb.com/java-1-7-auto-update-deployment-with-sccmmdt/

andrew_stenehje
Contributor

Looks like we don't need the version included with the new key: http://www.oracle.com/technetwork/java/javase/7u40-relnotes-2004172.html#newft

I'm gonna go with this for now and see how it works when the next update is released:

#!/bin/bash


####################################################################################################
# Creates pref file for Java 7 that has setting which turns off the auto update check feature
# Created by AS (10-10-13)
####################################################################################################
####################################################################################################



/bin/echo "Beginning running disable_java_updates script"

####################################################################################################
# Remove Updater Launch Agent Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Agent sym link exists..."

        if [ -f /Library/LaunchAgents/com.oracle.java.Java-Updater.plist ]; then

            /bin/echo "Launch Agent exists.  Removing."

            /bin/rm /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

            /bin/echo "Removed Update Launch Agent Sym Link"

        else
                    /bin/echo "Launch Agent does not exist."

        fi


####################################################################################################
# Remove Updater Launch Daemon Sym Link that gets created during updates
####################################################################################################

    /bin/echo "Checking to see if Launch Daemon sym link exists..."

        if [ -f /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist ]; then

            /bin/echo "Launch Daemon exists.  Removing."

            /bin/rm /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

            /bin/echo "Removed Update Launch Daemon Sym Link"

        else
                    /bin/echo "Launch Daemon does not exist."

        fi


####################################################################################################
####################################################################################################


        # Check to see if Java Plugin exists
        if [ -d /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home ]; then


                echo "Java Plugin is installed, continuing..."


                        if [ ! -f /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties ]; then

                                /bin/echo "The deployment.properties file does not yet exist.  Will create..."


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                        # New key as of update 40
                                        /bin/echo deployment.expiration.check.enabled.locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.check.enabled=false >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file."

                                else


                                            /bin/echo "deployment.properties file already exists.  Removing and building new version..."


                                    # Delete existing version of the file
                                            /bin/rm -f /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Deleted previous deployment.properties file"


                                    # Create deployment.properties file
                                        /usr/bin/touch /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Created deployment.properties file"


                                    # Change ownership on this new file
                                        /usr/sbin/chown root:wheel /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed ownership on deployment.properties file"


                                    # Change permissions on this file
                                        /bin/chmod 755 /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Changed permissions on deployment.properties file"


                                    # Write contents of this file
                                        /bin/echo '#deployment.properties' > /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update.locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.macosx.check.update=false >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                        # New key as of update 40
                                        /bin/echo deployment.expiration.check.enabled.locked >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties
                                        /bin/echo deployment.expiration.check.enabled=false >> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deployment.properties

                                            /bin/echo "Wrote content to deployment.properties file."


                        fi

        else
                echo "Error: Failure to find Java Plugin path.  Either Java is not installed, or the path within the plugin has changed. Exiting"

        fi



        # Change the auto updater preference
        /usr/bin/defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

            /bin/echo "Changed the auto updater preference file.  Have a wonderful day."



/bin/echo "Finished running disable_java_updates script"

####################################################################################################
####################################################################################################

musat
Contributor III

Thanks for this, not if there were only something similar to disable the Google updates.

micmil
New Contributor III

As jconte pointed out, I believe there is a change in the way 7.40 behaves with updates. I could not get the deployment.macosx.check.update=false command to disable the updates on 7.40, but it did work with 7.25. (Well, maybe it did work on 7.40, but the infamous checkbox remained.)

The suggestion from jrater on using the "sudo defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false" command were spot on. That disabled the checkbox and disabled the automatic update check. Doing this also creates a PLIST file that makes remote deployment a breeze.

Any suggestions on using this same PLIST to change the default security settings or expiration check? I would ideally like to just deploy the single PLIST file instead of also using the deployment.properties file. Is there a way to see exactly what "defaults" options are available?

Hopefully this is a sign that Oracle is adopting the standard PLIST settings deployment that everyone else uses...

acdesigntech
Contributor II

Ay ideas for those of us still on 1.7.0_11 that are just now starting to get the update prompt again? It's been suppressed for 7 months now, and just last week I started getting Sparkle update pop-ups again :(

Would the old client utilize these new keys?

EDIT: After some more testing, it seems like it's defaulting to using the deployment.properties file in ~/Library/App Support/Oracle/Java/Deployment. How can I get it to NOT do that?

Contents of this file:

#deployment.properties
#Fri Oct 18 16:42:23 EDT 2013
deployment.modified.timestamp=1382128943721
deployment.version=7.0
deployment.expiration.decision.timestamp.10.11.2=10/18/2013 16:34:38
#Java Deployment jre's
#Fri Oct 18 16:42:23 EDT 2013
deployment.javaws.jre.0.registered=false
deployment.javaws.jre.0.platform=1.7
deployment.javaws.jre.0.osname=Mac OS X
deployment.javaws.jre.0.path=/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
deployment.javaws.jre.0.product=1.7.0_11
deployment.javaws.jre.0.osarch=x86_64
deployment.javaws.jre.0.location=http://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.enabled=true
deployment.javaws.jre.0.args=

I did add the deployment.properties file from the script above into the user template, and java is still overwriting it and prompting for an update.

antoinekinch
New Contributor III

Does this work for deploying a Safari white list in Safari 6.1 and enabling websites to run in unsafe mode?

acostj
New Contributor II

Looks as if the documentation Oracle provides to manage enterprise level Macs is inaccurate. Just took me all of Friday to dig in and correctly setup system wide settings. Using the script already provided I have added some tweaks and also the creation of system wide config and properties file.

If you look at the documentation link below, you can add/remove options that get written to properties file.
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/properties.html

Note that the system wide config location is incorrect and correct one should be under /Library and not ~/Library in Oracle's documentation.

Also please note the properties file can be placed anywhere on the local Mac the location I chose is inside the same config location.

Script below:

#!/bin/sh

# Java Plugin Location 
javaPlugin="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin"

# Config File Location
configFile="/Library/Application Support/Oracle/Java/Deployment/deployment.config"

# Properties File Location
propFile="/Library/Application Support/Oracle/Java/Deployment/deployment.properties"

# Checks if Java Plugin is installed
if [ -e "$javaPlugin" ]; then

    /bin/echo "Java Plugin is installed..."

    # Checks if config file is present
    if [ ! -f "$configFile" ]; then

        /bin/echo "The deployment.config file does not yet exist.  Will create..."

            # Create deployment.config file
            /usr/bin/touch "$configFile"

            /bin/echo "Created deployment.config file"

            # Change ownership on this new file
            /usr/sbin/chown root:wheel "$configFile"

            /bin/echo "Changed ownership on deployment.config file"

            # Write contents of this file
            /bin/echo deployment.system.config=file://$propFile >> "$configFile"
            /bin/echo deployment.system.config.mandatory=false >> "$configFile"

            /bin/echo "Wrote content to deployment.config file."

    else

        /bin/echo "deployment.config file already exists.  Removing and building new version..."

            # Delete existing version of the file
            /bin/rm -f "$configFile"

            /bin/echo "Deleted previous deployment.config file"

            # Create deployment.config file
            /usr/bin/touch "$configFile"

            /bin/echo "Created deployment.config file"

            # Change ownership on this new file
            /usr/sbin/chown root:wheel "$configFile"

            /bin/echo "Changed ownership on deployment.config file"

            # Write contents of this file
            /bin/echo deployment.system.config=file://$propFile >> "$configFile"
            /bin/echo deployment.system.config.mandatory=false >> "$configFile"

            /bin/echo "Wrote content to deployment.config file."

    fi

    # Checks if properties file is present
    if [ ! -f "$propFile" ]; then

        /bin/echo "The deployment.properties file does not yet exist.  Will create..."

            # Create deployment.properties file
            /usr/bin/touch "$propFile"

            /bin/echo "Created deployment.properties file"

            # Change ownership on this new file
            /usr/sbin/chown root:wheel "$propFile"

            /bin/echo "Changed ownership on deployment.properties file"

            # Write contents of this file
            /bin/echo '#deployment.properties' > "$propFile"
            /bin/echo deployment.security.validation.ocsp=false >> "$propFile"
            /bin/echo deployment.security.validation.ocsp.locked >> "$propFile"
            /bin/echo deployment.macosx.check.update=false >> "$propFile"
            /bin/echo deployment.macosx.check.update.locked >> "$propFile"
            /bin/echo deployment.expiration.check.enabled=false >> "$propFile"
            /bin/echo deployment.expiration.check.enabled.locked >> "$propFile"                                                             
            /bin/echo deployment.console.startup.mode=HIDE >> "$propFile"

            /bin/echo "Wrote content to deployment.properties file."

    else

        /bin/echo "deployment.properties file already exists.  Removing and building new version..."

            # Delete existing version of the file
            /bin/rm -f "$propFile"

            # Create deployment.properties file
            /usr/bin/touch "$propFile"

            /bin/echo "Created deployment.properties file"

            # Change ownership on this new file
            /usr/sbin/chown root:wheel "$propFile"

            /bin/echo "Changed ownership on deployment.properties file"

            # Write contents of this file
            /bin/echo '#deployment.properties' > "$propFile"
            /bin/echo deployment.security.validation.ocsp=false >> "$propFile"
            /bin/echo deployment.security.validation.ocsp.locked >> "$propFile"
            /bin/echo deployment.macosx.check.update=false >> "$propFile"
            /bin/echo deployment.macosx.check.update.locked >> "$propFile"
            /bin/echo deployment.expiration.check.enabled=false >> "$propFile"
            /bin/echo deployment.expiration.check.enabled.locked >> "$propFile"                                                             
            /bin/echo deployment.console.startup.mode=HIDE >> "$propFile"

            /bin/echo "Wrote content to deployment.properties file."

    fi

    # Change the auto updater preference
    /usr/bin/defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

    /bin/echo "Changed the auto updater preference file."
    /bin/echo "Java settings have been deployed. Exiting"

else

    echo "Error: Failure to find Java Plugin path.  Either Java is not installed, or the path within the plugin has changed. Exiting"
    exit 1

fi

Kumarasinghe
Valued Contributor

@acostj please check your script. /usr/bin/touch "$configFile" wouldn't work as the Deployment folder doesn't exist in "/Library/Application Support/Oracle/Java/"

Thanks

haircut
Contributor

Just to throw my hat in the ring, here's the template I use to install a particular version of Java 7, set the deployment preferences and ensure the updater will not run:

https://github.com/bmwarren/oracle-java-deployment

Basically a Packages project with a postflight script that installs Java itself and deployment prefs. You'll need to bring your own Java installer, and instructions are in the README.

antoinekinch
New Contributor III

Given the new Java 7 update 51, the default security level is HIGH. Is there a way to just set the security level to Medium with a simple script?

sudo defaults write /Library/Application Support/Oracle/Java/Deployment/deployment.properties deployment.security.level -bool MEDIUM or WEB_JAVA_SECURITY_LEVEL=M or something like that?

Thanks.

johnnasset
Contributor

Okay so I ran this script on my own machine to test. Seemed to execute fine but the box to check for auto-updates is still checked in the Java control panel. Is that anything to be concerned with?

antoinekinch
New Contributor III

To disable auto updates run this command:

sudo defaults write /Library/Preferences/com.oracle.java.Java-Updater JavaAutoUpdateEnabled -bool false

@johnnasset

jthurwood
New Contributor III

Hey

Just pulling up this thread, ive noticed Java 7 Update 55 has been released today. What was the best method to disable the Auto updating, via the script or command above?

grahamfw
New Contributor III

Likewise. I'm looking for a way to disable Auto updating in Update 55. GUI method doesn't appear to work.