Oracle has released "Java Platform, Standard Edition 7 Update 40" also know as 'Java Runtime Environment Version 7.0 Update 40'.

This update release contains several enhancements and changes including the following:

Oracle added a Deployment Rule Set to JRE to enable an enterprise to establish a whitelist of known applications.

The rule set is an XML file that must be named ruleset.xml. Use any text editor to create this file. The rule set defined in the ruleset.xml file must be packaged in a signed JAR file named DeploymentRuleSet.jar. The JAR file must be signed with a valid certificate from a trusted certificate authority. For information about creating and signing a JAR file, see the lesson Packaging Programs in JAR Files in the Java Tutorials.

Install the DeploymentRuleSet.jar file on your users' systems in the following directories:

    On Windows platforms, install the file in the <Windows-directory>\Sun\Java\Deployment directory, for example, c:\Windows\Sun\Java\Deployment.
    On Mac OS X and UNIX platforms, install the file in the /etc/.java/deployment directory.

To view the active rule set, see the Security section of Java Control Panel.

For more information, see Setting the Level of Security for the Java Client and Java Control Panel.

First of all download and run either jre-7u40-windows-i586.exe for Windows 7 / XP 32-bit or jre-7u40-windows-x64.exe for Windows 7 / XP 64-bit. If you use 32-bit and 64-bit browsers interchangeably, you will need to install both 32-bit and 64-bit Java in order to have the Java plug-in for both browsers. These offline installers are available in the Java SE Runtime Environment 7 Downloads section of Oracle's Java website.

When the License Agreement screen pops up, look in the "c:\Documents and Settings\<username>\Local Settings\Application Data\Sun\Java\jre1.7.0_40 directory" when you're using Windows XP or "C:\Users\<username>\AppData\LocalLow\Sun\Java\jre1.7.0_40\" when your're using Windows 7.

For the x64 version look in the "C:\Users\<username>\AppData\LocalLow\Sun\Java\jre1.7.0_40_x64\" directory. In that directory you will find the 'jre1.7.0_40.msi' and a file. The jre1.7.0_40 msi file is the one we can use to deploy "Java Runtime Environment Version 7.0 Update 40" by using MSI technology.

Don't forget because this is an uncompressed msi:

Start up the AdminStudio Tuner and create a response transform file. It's as simple as that if you want to do a default deployment. For an advanced deployment you can further tweak you J2RE configuration two ways:

  • by changing the 'Setup Properties'
  • by changing registry settings

The result is the same. You can change some basic 'Setup Properties' in the Tuner:

  • AUTOUPDATECHECK - Java Update mechanism - on {1} or off {0}
  • EULA - popup the EULA when you first start a Java applet - on {1} or off {0}
  • IEXPLORER - indicates that the Plug-in should be registered with the Internet Explorer browser - on {1} or off {0}
  • JAVAUPDATE - indicates that the Java Update feature should be disabled (the Update tab in the Java Plug-in Control Panel will not appear) - on {1} or off {0}

    However, it seems that using the property doesn't work anymore and that you have to set this registry key additionally:

    [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy]

  • MOZILLA - indicates that the Plug-in should be registered with Mozilla 1.1 and later browsers - on {1} or off {0}
  • WEB_JAVA - if used, disables any Java application from running in the browser. WEB_JAVA=1, the default, enables Java applications in the browser. This field is available as of the 7u10 release. For more information, see Setting the Security Level of the Java Client.
  • WEB_JAVA_SECURITY_LEVEL, if used, sets the security level of unsigned Java apps running in a browser. The possible values for this field are V (very high), H (high), M (medium, the default) or L (low). This field is available as of the 7u10 release. For more information, see Setting the Security Level of the Java Client.

... but you can also collect the JRE's registry settings to tweak the JRE a little more.

Launch the "Java Control Panel" (available in c:\Program Files\Java\jre7\bin\javacpl.exe). Most settings you will change by using this utility will then be stored in the registry in [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft]. Some examples:

  • Click on the "Update" tab. If you uncheck the "Check for Update Automatically" you will shutdown the Java Update mechanism. This may be wise, because we want to deploy newer versions by using ZENworks and not automatically by using the Java Update mechanism.

  • If you want to disable the 'Update' tab, then use this registry setting to enable (00000001) or disable it (00000000):

    [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy]

  • Click on the "Advanced" tab. If you open up the "Miscellaneous" node by clicking on the + sign, you can uncheck "Place Java icon in system tray". Which just does what is says. Now it has become more difficult for users to fiddle around with the J2RE configuration. If you change this setting, this registry setting is changed:

    [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in\1.7.0_40


Some settings however are stored somewhere else. Some examples:

  • Click on the "General" tab. Click on 'Network Settings'. The settings you configure here are stored in:

    C:\Documents and Settings\%USERNAME%\Application Data\Sun\Java\Deployment\

    This '' file is used for storing and retrieving deployment configuration properties in the Java Control Panel. They are also used for customizing runtime behavior for both Java Plug-in and Java Web Start. There is always a User-Level file. Its location, which is non-configurable, is described here. There may also be an (optional) System-Level file. If it exists, its location is determined by a System Administrator through the deployment.config file as described here.