Deployment Script: Oracle Java Runtime 1.7.0.51

Topics: Archive - Deployment Scripts
Jan 23, 2014 at 2:55 PM
Edited Jan 24, 2014 at 8:41 AM
Hi, here is my take on Java 7 updating. What do you Think?

Pre-Installation:
#*===============================================
#* PRE-INSTALLATION
If ($deploymentType -ne "uninstall") { $installPhase = "Pre-Installation"
#*===============================================

    # Store number of running browserprocesses to determine if we need to use Show-InstallationProgress
    $processCount = (Get-Process iexplore,chrome,firefox -ErrorAction SilentlyContinue)

    # If powerpoint is running in presentationmode AND we have running browsers, abort Java upgrade.
    #If ((Test-PowerPoint) -and ($processCount.Count -ne $null)) { It turned out that the Test-PowerPoint function doesen't work at the moment, hopefully fixed in future PADT verions.
    If ((Get-Process "powerpnt" -ErrorAction SilentlyContinue) -and ($processCount.Count -ne $null)) { #Using this limited workaround until Test-PowerPointfunction works.
    Write-Log "Detected Powerpointsession in presentationmode, aborting script with exitcode 5001 to avoid annoyed user."
    Exit-Script -ExitCode "5001"
    } 
    
     # Show Welcome Message, close web browsers if required, and verify there is enough disk space to complete the install
    Show-InstallationWelcome -CloseApps "iexplore=Internet Explorer,chrome,firefox" -CheckDiskSpace -PersistPrompt -AllowDeferCloseApps -DeferDays "1" -DeferTimes "1" -CloseAppsCountdown "6000"

    # Show Progress Message (with the default message) if any browserprocesses were running and Show-InstallationWelcome triggered
    If ($processCount.Count -ne $null) {
        Write-Log "Running Show-InstallationProgress"
        Show-InstallationProgress
    }
    
    # Remove Application tag from registry
    Remove-RegistryKey -Key "HKEY_LOCAL_MACHINE\SOFTWARE\CompanyName\ManagedClient\WSUSCustomUpdates\$appVendor\$appName" -ContinueOnError
    
    # Uninstall any previous JRE version
    # Remove-MSIApplications "Java(TM) 6 Update"
    Remove-MSIApplications "Java 7 Update"
Installation:
#*===============================================
#* INSTALLATION 
$installPhase = "Installation"
#*===============================================

    # Perform installation tasks here

    # Install Java with .exe
    Execute-Process -FilePath "jre-7u51-windows-i586.exe" -Arguments "/s WEB_JAVA_SECURITY_LEVEL=M /L $env:windir\Logs\Software\Java7U51Setup.log" -WindowStyle Hidden -IgnoreExitCodes "3010"
Post-Installation:
#*===============================================
#* POST-INSTALLATION
$installPhase = "Post-Installation"
#*===============================================

    # Perform post-installation tasks here

    # Cleanup start menu shortcuts.
    Remove-Item -Force -Path "$env:ALLUSERSPROFILE\microsoft\windows\start menu\programs\java\Check For Updates.lnk" -ErrorAction SilentlyContinue
    Remove-Item -Force -Path "$env:ALLUSERSPROFILE\microsoft\windows\start menu\programs\java\Configure Java.lnk" -ErrorAction SilentlyContinue
       
    # Uninstall Java Auto Updater to avoid automatic updates on clients. -ContinueOnError required because uninstall throws error 1603.
    Execute-MSI -Action Uninstall -Path "{4a03706f-666a-4037-7777-5f2748764d10}" -ContinueOnError
    
    # Create/Recreate Java configurationfiles.
    New-Item -force -Path "$env:windir\Sun\Java\Deployment\deployment.properties" -ItemType file -ErrorAction SilentlyContinue
    New-Item -force -Path "$env:windir\Sun\Java\Deployment\deployment.config" -ItemType file -ErrorAction SilentlyContinue
    
    # Add configuration to deployment.config.
    Add-Content -path "$env:windir\Sun\Java\Deployment\deployment.config" -value "deployment.system.config.mandatory=true" -ErrorAction SilentlyContinue
    Add-Content -path "$env:windir\Sun\Java\Deployment\deployment.config" -value "deployment.system.config=file:///$env:SystemDrive/Windows/Sun/Java/Deployment/deployment.properties" -ErrorAction SilentlyContinue
    
    # Add configuration to deployment.properties
    Add-Content -path "$env:windir\Sun\Java\Deployment\deployment.properties" -value "deployment.expiration.check.enabled=false" -ErrorAction SilentlyContinue # Disable Java Expiration warning (JRE 7u30+)
    Add-Content -path "$env:windir\Sun\Java\Deployment\deployment.properties" -value "deployment.security.mixcode=HIDE_RUN" -ErrorAction SilentlyContinue # Suppress warning dialog if potentially unsafe components are detected.
    Add-Content -path "$env:windir\Sun\Java\Deployment\deployment.properties" -value "deployment.security.level=MEDIUM" -ErrorAction SilentlyContinue # Set Java securitylevel to MEDIUM, otherwise unsigned applets won't run.
    Add-Content -path "$env:windir\Sun\Java\Deployment\deployment.properties" -value "deployment.security.level.locked" -ErrorAction SilentlyContinue # Lock Java securitylevelslider in Java Controlpanel to prevent users from changing it.
    Add-Content -path "$env:windir\Sun\Java\Deployment\deployment.properties" -value "deployment.insecure.jres=NEVER" -ErrorAction SilentlyContinue # Untrusted content will always run with the default JRE
    Add-Content -path "$env:windir\Sun\Java\Deployment\deployment.properties" -value "deployment.javaws.shortcut=NEVER" -ErrorAction SilentlyContinue # No Shortcuts  
  
    # Tag registry
    Set-RegistryKey -Key "HKEY_LOCAL_MACHINE\SOFTWARE\CompanyName\ManagedClient\WSUSCustomUpdates\$appVendor\$appName" -Name "AppVersion" -Value "$appVersion" -Type String -ContinueOnError
    Set-RegistryKey -Key "HKEY_LOCAL_MACHINE\SOFTWARE\CompanyName\ManagedClient\WSUSCustomUpdates\$appVendor\$appName" -Name "DeploymentScriptVersion" -Value "$appScriptVersion" -Type String -ContinueOnError
    Set-RegistryKey -Key "HKEY_LOCAL_MACHINE\SOFTWARE\CompanyName\ManagedClient\WSUSCustomUpdates\$appVendor\$appName" -Name "AppArchitecture" -Value "$appArch" -Type String -ContinueOnError
    Set-RegistryKey -Key "HKEY_LOCAL_MACHINE\SOFTWARE\CompanyName\ManagedClient\WSUSCustomUpdates\$appVendor\$appName" -Name "AppLanguage" -Value "$appLang" -Type String -ContinueOnError
    Set-RegistryKey -Key "HKEY_LOCAL_MACHINE\SOFTWARE\CompanyName\ManagedClient\WSUSCustomUpdates\$appVendor\$appName" -Name "DeploymentEngineVersion" -Value "$deployAppScriptVersion" -Type String -ContinueOnError
 
I use WSUS Package Publisher and ServiceUI.exe to update java on 15 000 + clients pretty effortsless thanks to your excellent tool!


:-)
Coordinator
Jan 24, 2014 at 4:15 PM
Nice job. I haven't seen this used with WSUS before - really interesting use case!
Jan 27, 2014 at 12:23 PM
Are you creating an mst file as well to disable java autoupdate etc? or are you setting everything in the deployment.properties?
I haven't seen this before..

Can you explain what it's doing?
Jan 29, 2014 at 6:36 PM
I install Java with the standard .exe file from oracle.com, no .msi and no .mst anymore, then to disable Java autoupdate i simply uninstall the autoupdate msi feature with this commandline:
# Uninstall Java Auto Updater to avoid automatic updates on clients. -ContinueOnError required because uninstall throws error 1603.
    Execute-MSI -Action Uninstall -Path "{4a03706f-666a-4037-7777-5f2748764d10}" -ContinueOnError
The GUID {4a03706f-666a-4037-7777-5f2748764d10} is the same for all Java versions(so far). The updatetab in the Java controlpanel disapears aswell after this uninstall.

Mandatory settings are handled with the deployment.properties file as explained in the Java deploymentguide.

For example, to set the security level to Medium and lock the securityslider in Java controlpanel so that users are unable to change it i use these lines:
 Add-Content -path "$env:windir\Sun\Java\Deployment\deployment.properties" -value "deployment.security.level=MEDIUM" -ErrorAction SilentlyContinue # Set Java securitylevel to MEDIUM, otherwise unsigned applets won't run.
    Add-Content -path "$env:windir\Sun\Java\Deployment\deployment.properties" -value "deployment.security.level.locked" -ErrorAction SilentlyContinue # Lock Java securitylevelslider in Java Controlpanel to prevent users from changing i
Mar 6, 2014 at 5:39 PM
Hi Jerre,

Really interesting script you have here.
There is a problem though; when I run it I get this error message:

"Missing an argument for parameter 'ContinueOnError'. Specify a parameter of type 'System.Boolean' and try again.()"

Do you have any idea what is going on?

Thanks,

Nelu
Coordinator
Mar 6, 2014 at 8:14 PM
@Nelu_G just remove the ContinueOnError switch
@Jerre, can you update the script to remove this, it's not needed
Mar 6, 2014 at 8:45 PM
Edited Mar 6, 2014 at 10:04 PM
PowerSheller wrote:
@Nelu_G just remove the ContinueOnError switch
@Jerre, can you update the script to remove this, it's not needed
Thanks for the advice, I removed "ContinueOnError" and now its working.
I have a suggestion though: on a 64bit computer you need to install both Java versions and the installer files are different:
jre-7u51-windows-i586.exe, for 32bit
and
jre-7u51-windows-x64.exe, for 64bit.

In VBScript I use a If-Then loop where I evaluate the OS architechture and if it
s Windows 7 x86 I will call "jre-7u51-windows-i586.exe", else I would call "jre-7u51-windows-x64.exe".
I`ll try to change the script to perform just that.

I think I found a solution which works for me, at least on Windows 7 64bit:
#* INSTALLATION 
$installPhase = "Installation"
#*===============================================

    # Perform installation tasks here

    # Install Java with .exe
    
    $isShell32 = [bool]((Get-Process -Id $PID | ?{$_.path -like "*SysWOW64*"}) -or !([IntPtr]::Size -eq 8))

if ($isShell32)
{ Execute-Process -FilePath "jre-7u51-windows-i586.exe" -Arguments "/s WEB_JAVA_SECURITY_LEVEL=M /L $env:windir\Logs\Software\Java7U51Setup.log" -WindowStyle Hidden -IgnoreExitCodes "3010"}
else #x64
{ Execute-Process -FilePath "jre-7u51-windows-x64.exe" -Arguments "/s WEB_JAVA_SECURITY_LEVEL=M /L $env:windir\Logs\Software\Java7U51Setup.log" -WindowStyle Hidden -IgnoreExitCodes "3010"}
    
    


#*===============================================
Please let me know what you think,

Thanks,

Nelu
Mar 14, 2014 at 7:24 AM
Nelu_G wrote:
Hi Jerre,

Really interesting script you have here.
There is a problem though; when I run it I get this error message:

"Missing an argument for parameter 'ContinueOnError'. Specify a parameter of type 'System.Boolean' and try again.()"

Do you have any idea what is going on?

Thanks,

Nelu
Hi!

Hmm, this is strange, I don't see this error?

This is from the Execute-MSI helptext, ContinueOnError is a switch param and shouldn't need any input?
.PARAMETER ContinueOnError
    Continue if an exit code is returned by msiexec that is not recognised by the App Deploy Toolkit.
/Jerre
Mar 14, 2014 at 7:36 AM
Edited Mar 14, 2014 at 7:38 AM
Regarding OS Architecture, you should be able to use the variable $envOS in your deploy-application script like this:
$envOS.OSArchitecture
On at 64-bit OS it will return "64-Bit", it is populated in then Main script in this line:
$envOS = Get-WmiObject -Class Win32_OperatingSystem -ErrorAction SilentlyContinue
For the moment we just deploy the 32-bit java since we restrict users from running the 64-bit browser


/Jerre
Coordinator
Mar 14, 2014 at 10:05 AM
Are you using the latest version of the toolkit?

Seán

Coordinator
Mar 14, 2014 at 10:38 AM
Yeah.

It looks like the continue on error things is a bit oh a problem. It was a switch, so just -ContinueOnError works. But when it's a bool you need -ContinueOnError $true.

This has broken virtually every script I've tried living from 3.0.x so 3.1.0

We either need to revert it, or communication the change.

Regards, Dan

Mar 18, 2014 at 3:08 PM
Thanks for this code!
I use it to downgrade Java 6 or 7 to Java 6 U29.

Basically added this line
Add-Content -path "$env:windir\Sun\Java\Deployment\deployment.properties" -value "deployment.javaws.autodownload=NEVER" -ErrorAction SilentlyContinue #turnoff autoupdate
Apr 24, 2014 at 1:45 AM
Edited Apr 24, 2014 at 1:46 AM
Jerre,

How do you handle the requirement for the browser to be closed before the installation proceeds? I see in the script you've just got it closing iexplore.exe, but wouldn't that be disruptive to users? Do you send out communication prior stating this will be the behaviour so the user is aware? Does the user run the script themselves with a warning prior so they know what they're in for? Just curious because this is my biggest hurdle of the Java install.
Apr 24, 2014 at 12:41 PM
Dj,
Show-InstallationWelcome
Portion of the script is what calls on an interface prompting the user to close the programs listed after
-CloseApps "iexplorer,firefox,chrome"
As listed above, if any of those are open at the time of the installation it will notify the user they first need to be close before proceeding. It will allow them to close those applications right within the interface or they can do it manually. If none of those are open, it will not display the close app notification.
May 5, 2014 at 9:43 PM
Nelu_G wrote:
PowerSheller wrote:
@Nelu_G just remove the ContinueOnError switch
@Jerre, can you update the script to remove this, it's not needed
Thanks for the advice, I removed "ContinueOnError" and now its working.
I have a suggestion though: on a 64bit computer you need to install both Java versions and the installer files are different:
jre-7u51-windows-i586.exe, for 32bit
and
jre-7u51-windows-x64.exe, for 64bit.

In VBScript I use a If-Then loop where I evaluate the OS architechture and if it
s Windows 7 x86 I will call "jre-7u51-windows-i586.exe", else I would call "jre-7u51-windows-x64.exe".
I`ll try to change the script to perform just that.

I think I found a solution which works for me, at least on Windows 7 64bit:
#* INSTALLATION 
$installPhase = "Installation"
#*===============================================

    # Perform installation tasks here

    # Install Java with .exe
    
    $isShell32 = [bool]((Get-Process -Id $PID | ?{$_.path -like "*SysWOW64*"}) -or !([IntPtr]::Size -eq 8))

if ($isShell32)
{ Execute-Process -FilePath "jre-7u51-windows-i586.exe" -Arguments "/s WEB_JAVA_SECURITY_LEVEL=M /L $env:windir\Logs\Software\Java7U51Setup.log" -WindowStyle Hidden -IgnoreExitCodes "3010"}
else #x64
{ Execute-Process -FilePath "jre-7u51-windows-x64.exe" -Arguments "/s WEB_JAVA_SECURITY_LEVEL=M /L $env:windir\Logs\Software\Java7U51Setup.log" -WindowStyle Hidden -IgnoreExitCodes "3010"}
    
    


#*===============================================
Please let me know what you think,

Thanks,

Nelu
I don't understand.

You say that on 64bits computer you have to install both version, but in your script you install 32 bits java on 32 bits OS and just 64 bits java for 64 bits OS.
May 7, 2014 at 9:44 AM
if someone has the same script to deploy a Java 1.6 I am grateful to him :)
May 7, 2014 at 11:41 AM
what is the pro/cons of using the standard setup vs the MSI+MST

lot of people on internet seems to use the MSI+MST to deploy Java with SCCM

another thing, on your PSAppDeploy script, you don't use the uninstall part ?
May 8, 2014 at 1:21 PM
Just tested, but I have a problem, deployment seems to work well, but after install, Java work in Firefox, but not in Internet Explorer
Oct 6, 2014 at 2:18 PM
"I use WSUS Package Publisher and ServiceUI.exe to update java on 15 000 + clients pretty effortless thanks to your excellent tool!"

I am trying to make use of WSUS PP and PS App DT for JAVA JDK deployments in my work area, but experiencing below problems
  1. WSUS PP is able to push the PADT package to my machine silently and then able to perform the current version of java uninstallation but this is happening in NON INTERACTIVE mode.
  2. After uninstallation, starting installation but with exit code: 1619
  3. Entire process is in non - interactive mode, no windows, no balloon tips nothing.
Kindly suggest what am I missing in here and correct procedure to make PADT to work with WPP.
Oct 14, 2014 at 11:59 AM
@rahulwithu - Did you use ServiceUI.exe in your custom WPP update to start your PADT deployment?

This should get you out of non-interactive mode.
Oct 18, 2014 at 6:57 AM
Hello Jerre,

I have not used serviceui.exe, can you please share the procedure to make of this tool.

fyi: in my environment end users do not have administrative right.
Nov 5, 2014 at 4:46 PM
I'd also add an active setup registry entry to stop java from nagging about it's out of date.
$entryD="reg add ""HKCU\Software\appdatalow\software\javasoft\deploymentproperties"" /v deployment.expiration.check.enabled /t reg_sz /d ""false"" /f"
Set-RegistryKey -Key "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\java51u" -Name "version" -Value "1" -Type String
Set-RegistryKey -Key "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\java51u" -Name "Stubpath" -Value "$entryD" -Type String