INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Java Security Setting - Help Needed

Java Security Setting - Help Needed

(OP)
Hello,

Our desktops run XP. Java is also installed, the current release being update 27.

A small group of users runs a java-based app that seems to work well only when the Mixed code setting in the Java control panel is set to "Disable verification (not recommended)."

One can navigate to it from Control Panel by opening the Java Control Panel, clicking Advanced > Security > Mixed Code.

That setting is retained on a per-user basis only, it appears.

I am looking to make this a per-machine setting instead of per-user; is this possible?  Yes, I am aware of the security vulnerability here, but these users are processing company-internal data, with no internet access.

Thanks for your help,

thefourthwall

RE: Java Security Setting - Help Needed

Just checked and the line you are interested in is as follows:

deployment.security.mixcode=DISABLE

So you need to have this in the system wide properties file.  Just open the user one first to take a look at what is in there.  You might need to remove the deployment.properties file from people who have already logged into the machine for this to take effect.  I'd have to try this myself to be 100% sure.

Cheers,
Scott

RE: Java Security Setting - Help Needed

Ok, so I had a play with this myself.  You have to be *very* precise with the URL for the properties file, so if it's a local file you need to give it file:///<path>

As an example this is what I used:

The file 'C:\Windows\Sun\Java\Deployment\deployment.config' has the following content:

deployment.system.config=file:///C:/Program Files/Java/jre7/lib/deployment.properties

The file: 'C:\Program Files\Java\jre7\lib\deployment.properties' has the content:

deployment.security.mixcode=DISABLE
deployment.security.mixcode.locked

This overrides the users settings and prevents them from changing them.

Hopefully this helps.

Cheers,
Scott


 

RE: Java Security Setting - Help Needed

(OP)
Hi folks,

Thank you so much for your support!  I just finished imaging a pc and will give this a go now.  Will report back with my findings this afternoon, I hope.

RE: Java Security Setting - Help Needed

(OP)
Good morning Scott,

It took some trial and error (due mainly to my typing errors), but I was able to implement your solution on one PC - it works! I was rather lost, and your assistance was absolutely vital.  Thank you.

From the documentation links you provided, I think it will be necessary to delete the users' "<User Application Data Folder>\Sun\Java\Deployment\deployment.properties" files, and then copy over the deployment.config and deployment.properties files and restart the PC's.  But that should be the easy part.

Thanks again,
Lawrence

RE: Java Security Setting - Help Needed

Hi Lawrence,

Whilst playing around, I found that you can override the user settings with the .locked entry, even if they have already created a personal deployment.properties file.  So if you look at my example above, I used the following:

deployment.security.mixcode=DISABLE
deployment.security.mixcode.locked

The second one causes the deployment.security.mixcode setting to override the user settings.  You can see the options greyed out in the control panel.  This will actually prevent the user from changing the settings on the machine, so you may want to do this anyway to prevent them inadvertently modifying it.  It worked for me without a reboot or even a logout, just a restart of the java application. It also means you don't have to delete the users deployment.properties file.

Cheers,
Scott

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close