1. PDQ Deploy & Inventory Help Center
  2. Community
  3. PDQ Deploy
 

Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Java JRE 7 update 55 ignores security level flag during deployment

Avatar
Matthew Austin

Hi folks, I wonder if you've been able to crack this nut.  

Trying to deploy JRE 7 u55 using the WEB_JAVA_SECURITY_LEVEL=M flag to force medium security instead of the default "high" setting.  

I've tried using the MSI with just the WEB_JAVA_SECURITY_LEVEL=M in the parameters section.    

I've tried doing a custom install by executing the following:  

jre1.7.0_55.msi JAVAUPDATE=0 JU=0 AUTOUPDATECHECK=0 SYSTRAY=0 REBOOT=ReallySuppress WEB_JAVA_SECURITY_LEVEL=M /qb-!

I've tried using a batch file from /u/vocatus and adding the WEB_JAVA_SECURITY_LEVEL=M into his code, and nothing. 

In each of the cases it seems to be completely ignored.  

We need the default security to be medium on deployment due to several internal applications.  Is it possible?  

I've been reading online and it seems like this is a bug in their installer, but I'm wondering if anybody had figured out an adequate workaround for those of us for whom deploying java with the high security default is a major pain.  

Thanks!  I'm loving the software.  Currently we're just in the pro trials for Deploy and Inventory, but I will be pushing hard soon to get the annual funding for the enterprise versions of both.  (but it can be tough, working for a nonprofit).  

0

Comments

3 comments
Date Votes
  • Avatar
    Matthew Austin

    It would appear I missed this blog post by hours:  http://www.adminarsenal.com/admin-arsenal-blog/managing-javas-control-panel-exception-site-list

    I tried the steps outlined there to copy the three files over but it still appears to be ignoring the security flag on my test system.  

    Here's what my deployment.properties file looks like: 

    #deployment.properties
    deployment.webjava.enabled=true
    deployment.security.level=M
    deployment.security.level.locked
    deployment.user.security.exception.sites=c\:/Windows/Sun/Java/Deployment/exception.sites

    Exactly like the example.  

    My install seems to be picking up on this file because after applying, the security area in the java control panel is completely greyed out and won't allow changes (based on the deployment.security.level.locked flag).  But it's locked to HIGH!

    I'm attaching my two files (the exceptions.sites file is blank, and wouldn't attach a 0 byte file) if anyone can help point out what I'm doing wrong, I'd be extremely grateful.  

    Thanks!

    0
  • Avatar
    Matthew Austin

    I think I am missing an "edit" button somewhere, sorry for the double-posting.  

    Anyway I figured it out, it was a simple fix.  

    It was a problem with the screenshot examples in the blog post.

    In the deployment.properties file, I had it set to

    deployment.security.level=M

    based on the screenshot showing a line that read

    deployment.security.level=S

    What it wanted was the full string:

    deployment.security.level=MEDIUM

    which does work.

    0
  • Avatar
    Matthew Austin

    Grr--the screenshot in the blog post said "L" not "S", sorry about that. 

    0