Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Java Security Setting - Help Needed 1

Status
Not open for further replies.

thefourthwall

IS-IT--Management
Feb 26, 2002
387
US
Hello,

Our desktops run XP. Java is also installed, the current release being update 27.

A small group of users runs a java-based app that seems to work well only when the Mixed code setting in the Java control panel is set to "Disable verification (not recommended)."

One can navigate to it from Control Panel by opening the Java Control Panel, clicking Advanced > Security > Mixed Code.

That setting is retained on a per-user basis only, it appears.

I am looking to make this a per-machine setting instead of per-user; is this possible? Yes, I am aware of the security vulnerability here, but these users are processing company-internal data, with no internet access.

Thanks for your help,

thefourthwall
 
Just checked and the line you are interested in is as follows:

deployment.security.mixcode=DISABLE

So you need to have this in the system wide properties file. Just open the user one first to take a look at what is in there. You might need to remove the deployment.properties file from people who have already logged into the machine for this to take effect. I'd have to try this myself to be 100% sure.

Cheers,
Scott
 
Ok, so I had a play with this myself. You have to be *very* precise with the URL for the properties file, so if it's a local file you need to give it file:///<path>

As an example this is what I used:

The file 'C:\Windows\Sun\Java\Deployment\deployment.config' has the following content:

deployment.system.config=file:///C:/Program Files/Java/jre7/lib/deployment.properties

The file: 'C:\Program Files\Java\jre7\lib\deployment.properties' has the content:

deployment.security.mixcode=DISABLE
deployment.security.mixcode.locked

This overrides the users settings and prevents them from changing them.

Hopefully this helps.

Cheers,
Scott


 
Hi folks,

Thank you so much for your support! I just finished imaging a pc and will give this a go now. Will report back with my findings this afternoon, I hope.
 
Good morning Scott,

It took some trial and error (due mainly to my typing errors), but I was able to implement your solution on one PC - it works! I was rather lost, and your assistance was absolutely vital. Thank you.

From the documentation links you provided, I think it will be necessary to delete the users' "<User Application Data Folder>\Sun\Java\Deployment\deployment.properties" files, and then copy over the deployment.config and deployment.properties files and restart the PC's. But that should be the easy part.

Thanks again,
Lawrence
 
Hi Lawrence,

Whilst playing around, I found that you can override the user settings with the .locked entry, even if they have already created a personal deployment.properties file. So if you look at my example above, I used the following:

deployment.security.mixcode=DISABLE
deployment.security.mixcode.locked

The second one causes the deployment.security.mixcode setting to override the user settings. You can see the options greyed out in the control panel. This will actually prevent the user from changing the settings on the machine, so you may want to do this anyway to prevent them inadvertently modifying it. It worked for me without a reboot or even a logout, just a restart of the java application. It also means you don't have to delete the users deployment.properties file.

Cheers,
Scott
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top