|Remote update Java|
Websites sometimes requires Java to run correctly, so nowadays Java is widely used. Unfortunately evil websites also use Java and it's vulnerabilities to install virus, malware and all kind of trojans.
The only way to keep the system safe is to update Java regularly. There are two simple ways to do it, get to the Java website, download and install the new version, or click on the system tray Java icon and accept to install the new update.
Java trojans in action
The question is, what to do when you are a system administrator with some computers at your charge?
Business users never want to click on any updates, they don't want to break anything and it's a waste of time for the sysadmin to go computer by computer in order to download and install lastest Java version.
In this article we are going to silently deploy latest Java version in all our domain network easily and without GPO and domain directives, just .bat scripts.
This is not the usual way to do it, may be it's more like the hacker way, instead of the standard sysadmin procedure, but sometimes the line between hacker and sysadmin is quite slim.
.bat scripts are powerful
The books say that to deploy a software across a domain network, we must get a .msi file, configure a GPO, apply it to users and it will run on the next boot.
But why do we must wait until tomorrow or tell users to reboot now?
We want to do it right now!
First step, download latest Java version and install on a single computer as usual.
When writing this article, there are two Java versions, 6 and 7.
We prefer to download the Windows Offline package.
Java 6 can be downloaded at:
Java 7 can be downloaded at:
Java version 7 will be ok, but if for some kind of compatibility we prefer version 6 it's ok too. We downloaded version 7 Update 9 for this article.
Install it, obliviously with a user with admin rights, and then go to folder:
On Windows 7:
On Windows XP:
c:\documents and settings\YOURUSERNAMEHERE\application data\sun\java\jre1.7.0_09
Copy all the files in that folder and paste them to:
We need also to create a new subfolder under the new created updates folder to put all the batch files that we are going to build
For the remote updates we need the psexec.exe file that can be downloaded from microsoft from:
Copy psexec.exe to c:\update
Also we need to share the c:\update folder for all the users be able to read it, also remember the computer name that we will need later on.
Now go into c:\update\bats-java and create some text files:
The main script is this:
Now the script called by updatelist.bat to do the work:
Now the script to install the package:
Now the list of PC names we are going to update:
Be carefull because file update.bat contains the administrator password, this is not safe, we do know, also file java.bat refers to the jre1.7.0_09.msi file, that is different depending on the java version, we must change it according to our downloaded file.
To run the script, it's important to login as administrator and then run (Win + R) the command like this:
Do not run it from c:\update\bats-java , that's because of the way paths are implemented in the script.
A log file for every computer listed will be created in the bats-java folder so we can check for installation errors.
All the computers that we are going to update must be in the list.txt file and turned on. It will not reboot or request for it and users may be working while the update is in progress.
Windows XP and Windows 7 have been tested with this script.
Some antivirus detects psexec.exe as a harmful application, it's not, but we may need to temporally disable it.
The script files can be downloaded from here, self-extracting file:
Remember to download psexec.exe into the same folder c:\update
Don't waste your time, do it now and do it fast
Quick steps for the impatient:
Install java on a computer and copy the files we need.
Download update.exe, run it and extract to c:\
Now we have a folder c:\update
Share that folder
Download psexec.exe and save it in c:\update
Edit with notepad the files:
c:\update\bats-java\list.txt to include the computer names to update.
c:\update\bats-java\update.bat to change the computer name, shared folder, domain name, administrator password.
c:\update\bats-java\java.bat to change the .msi file name depending on the downloaded version.
Check the log files on \\computername\update\bats-java\log-*.txt
This is only an example to update software on multiple computers remotely, this is for Java but can be applied with minor changes to other programs.
Is there a faster way to do it, and to do it right now no reboot waiting?