Java: Let’s Configure System-Wide Settings

Java: Configuring System-Wide Settings

Java can be pain for system administrators. It seems to release a new version every few months that are almost required due to security issues, and there used to not be a good way to configure computer-wide policies for the platform. Starting with at least Java 7 update 45, Oracle changed this. Now administrators can deploy two files to machines to control all sorts of settings.

This article will detail those two files and their locations, as well as provide a guide for all of the settings.

File 1: Enforce System Policies

First, we have a two line file that tells the Java runtime to look for a file that will apply to the entire machine. Create a new text file on your desktop called deployment.config. Be sure to remove the .txt extension from the text file. Open this file with Notepad and add these lines:

Deployment.system.config=file:///C:/Windows/Sun/Java/Deployment/deployment.properties

Deployment.system.config.mandatory=true

This file MUST be copied to “C:\Windows\Sun\Java\Deployment”. This folder does not exist by default. You made need to modify the first line to point to your properties file. I elected to keep it in the same folder for simplicity.

File 2: Properties File

Next, we have the file that actually contains our Java settings. This file is the one referenced in line 1 of our config file. To create this file, add a new text document to your desktop and rename it deployment.properties (once again remembering to remove the .txt extension). This file will contain a list of properties and their definition. You can also add the same line and add “.locked” to the end to make it so that users cannot change it back. I will illustrate this later.

There are many properties that you can define. I would suggest going through the Java control applet in the Windows Control Panel and setting your properties. Then, you can go to your personal deployment.properties file and copy it to the rest of your machines. When you have your properties defined, go to “C:\Users\<username>\AppData\LocalLow\Sun\Java\Deployment” and copy the deployment.properties file from this directory. There are some properties that cannot be defined from the Control Panel applet, so will have to added later.

Here is what two lines from my file look like. These lines are two that cannot be modified from the Control Panel applet, so I had to add them manually.

Untitled-1

These two lines disable the expiration check in Java. As you can see, I’m also locking the setting using the method stated above.

For a full list of configurable properties, see this Oracle document: https://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/properties.html.

File Delivery

Finally, I would recommend delivering the deployment.config file with you Java package. With SCCM, you can either script a file copy after the installation of Java, or modify the MSI to include this file.

For the deployment.properties file, I would recommend either delivering this file via Group Policy to the location that I use, or save it to a file share and have very computer reference that. The only issue with this method, as you might imagine, is if the computer is not connected to your network. If Java cannot see the file, it will not load it, meaning that there may be session that are not controlled by your policy. The advantage to either of these methods is that you can have a dynamic file – one that you change be sure your clients get the updates.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 005
Cyber Security

WME Security Briefing 15 April 2024

E-Commerce Security Alert: Unveiling Magecart’s Persistent Backdoor Overview Malicious activities by Magecart attackers have been reported. They are targeting Shopify’s content delivery network (CDN) by creating fake Shopify stores. The backdoor method has enabled them to

Read More »
WME Cybersecurity Briefings No. 004
Cyber Security

WME Security Briefing 11 April 2024

Mispadu Trojan Exploits Windows Vulnerability to Target Financial Data Overview The Mispadu banking trojan has intensified its operations as it’s exploiting an already patched Windows SmartScreen flaw. Since its initial identification in 2019, Mispadu has primarily preyed on

Read More »
WME Cybersecurity Briefings No. 003
Cyber Security

WME Security Briefing 29 March 2024

Russian hackers escalating their cyber warfare, deploying TinyTurla-NG to breach European NGOs. Cisco Talos reveals a targeted attack against organizations advocating democracy and supporting Ukraine. With their sophisticated methods, these cyber attackers are bypassing antivirus defenses

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=