/bundles/itninjaweb/img/Breadcrumb_cap_w.png
I've got a few users who have Java Development Kit installed, but KACE isn't updating the software. When I look in the Security Catalog, I see 
    Oracle Java SE Development Kit (JDK) 8 Update 151 (8.0.1510.12) (Full Install) for Windows
    Oracle Java SE Development Kit (JDK) 9.0.1 (Full Install) for Windows 
Both have a release date of 10/17/2017, but the status of them is Disabled (there are 17 versions of JDK in the Catalog, and they're all Disabled). When I try to change the status to Active, I get the message 
    Status not changed as one or more patch selected is in disabled state.

Is there a reason why they're disabled, rather than Inactive (or Active)? Is there a known issue where installing these on top of an old version will break something? Is there a reasonable way to get this working?
1 Comment   [ + ] Show comment

Comments

  • can you post your patch subscription settings?
    • In my patch subscriptions, I've got most of the publishers enabled, including Oracle Corporation. We are able to patch Java Runtime, so I know we are downloading Oracle patches. The other settings are:
      All Windows in inventory
      Locales: English
      OS Patches
      Types: All types
      Impacts: All Impacts
      Application Patches
      Types: Non-security, Security (Software Installers is NOT checked...maybe that's the problem)
      Publishers: Most of them, including Oracle Corporation
      Impacts: All impacts
      Disable Windows Embedded Patches: Unchecked
      Inactivate Superseded Patches: Checked
      Detect Disabled Patches: Unchecked

      My best guess that this point is under Application Patches, I do NOT have Software Installers checked. I'm wondering if JDK is considered a Software Installer rather than a patch. I'll have to look at this more and see if I can safely enable Software Installers. When I initially played with KACE I had that turned on and a whole bunch of junk was installed on my test computers. My may patch Smart Label explicitly blocks them, but I need to check all of the patch Smart Labels to verify that before enabling Software Installers in the patch subscription.

      FYI, in the Security Catalog I'm now seeing a new JDK, but it's also disabled.
      Package: ORCJDK:180417
      Name: Oracle Java SE Development Kit (JDK) 10.0.1 (Full Install) for Windows
      Released: 4/17/2018

      Thanks for the suggestion.
      • My understanding is that "Software Installers" are for installing a program on computers that don't have it currently, rather than regular patches that don't apply unless the program is already installed. In our environment we are not patching JDK. For JRE, we do not use the patching module but Managed installs in order to run the installs "at bootup"


Answers

0
We have "All Types" of Application Patches enabled which includes "Software Installers" so we have Java SDK as an inactive patch. I recommend un-checking the setting "Activate New Patches" under Security / Patch Management / Patch Status to keep new patches from automatically pushing and then manually enable them as desired. We use the full installers to get initial installs and then use patching to keep these titles installed and up to date:  
  • Adobe Acrobat Reader DC
  • Adobe Flash Player
  • Adobe Shockwave Player
  • Apple iTunes
  • Oracle Java Run-time Edition
Answered 06/25/2018 by: RichB
Second Degree Brown Belt

Nine Simple (but Critical) Tips for Effective Patch Management
This paper reviews nine simple tips that can make patch management simpler, more effective and less expensive.

Share