Java: Let’s Configure System-Wide Settings

Java: Configuring System-Wide Settings

Java can be pain for system administrators. It seems to release a new version every few months that are almost required due to security issues, and there used to not be a good way to configure computer-wide policies for the platform. Starting with at least Java 7 update 45, Oracle changed this. Now administrators can deploy two files to machines to control all sorts of settings.

This article will detail those two files and their locations, as well as provide a guide for all of the settings.

File 1: Enforce System Policies

First, we have a two line file that tells the Java runtime to look for a file that will apply to the entire machine. Create a new text file on your desktop called deployment.config. Be sure to remove the .txt extension from the text file. Open this file with Notepad and add these lines:



This file MUST be copied to “C:\Windows\Sun\Java\Deployment”. This folder does not exist by default. You made need to modify the first line to point to your properties file. I elected to keep it in the same folder for simplicity.

File 2: Properties File

Next, we have the file that actually contains our Java settings. This file is the one referenced in line 1 of our config file. To create this file, add a new text document to your desktop and rename it (once again remembering to remove the .txt extension). This file will contain a list of properties and their definition. You can also add the same line and add “.locked” to the end to make it so that users cannot change it back. I will illustrate this later.

There are many properties that you can define. I would suggest going through the Java control applet in the Windows Control Panel and setting your properties. Then, you can go to your personal file and copy it to the rest of your machines. When you have your properties defined, go to “C:\Users\<username>\AppData\LocalLow\Sun\Java\Deployment” and copy the file from this directory. There are some properties that cannot be defined from the Control Panel applet, so will have to added later.

Here is what two lines from my file look like. These lines are two that cannot be modified from the Control Panel applet, so I had to add them manually.


These two lines disable the expiration check in Java. As you can see, I’m also locking the setting using the method stated above.

For a full list of configurable properties, see this Oracle document:

File Delivery

Finally, I would recommend delivering the deployment.config file with you Java package. With SCCM, you can either script a file copy after the installation of Java, or modify the MSI to include this file.

For the file, I would recommend either delivering this file via Group Policy to the location that I use, or save it to a file share and have very computer reference that. The only issue with this method, as you might imagine, is if the computer is not connected to your network. If Java cannot see the file, it will not load it, meaning that there may be session that are not controlled by your policy. The advantage to either of these methods is that you can have a dynamic file – one that you change be sure your clients get the updates.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.