To totally unlock this section you need to Log-in
Login
By default, an installation of Java will check for updates and then will prompt the end user to install the update whether or not the user has Admin rights.
In a small environment, this may not be a problem, but in a larger environment, this can generate a lot of unnecessary support requests when a user that doesn’t have Admin rights gets a UAC prompt that wants Admin credentials. Here’s how to disable the Java update checks so that your end users don’t see messages like this:
This tutorial is intended for systems administrators that are using some kind of systems management product for updating 3rd party software like SCCM, Landesk, etc. Many of the security flaws in 3rd party software can lead to malware infections and/or compromised computers.
If you disable the update notifications, you still need to keep the software up to date!
This tutorial applies to 32-bit Java running on a 32-bit Operating System or 64-bit Java running on 64-bit Operating System.
Disabling the Java update notifications is actually pretty easy. There’s a registry setting in HKEY_LOCAL_MACHINE that will allow you to completely disable both update notifications and the update functionality. The full path of the key is HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy.
The registry entry is named EnableJavaUpdate and is a DWORD value that defaults to 1 for the update functionality to be enabled. Setting the value to 0 disables updates. Here’s what it looks like in the Windows Registry with updates enabled:
You could set this manually, but there’s actually a much easier way to do this in Group Policy. First off you will need a Group Policy Object (GPO) that applies to your computers that need to have the updater disabled. In my example, it is an empty GPO, but there’s no reason why you can’t add this to an existing GPO.
In your GPO, go to Computer Configuration > Preferences > Windows Settings > Registry. Right-click and choose New > Registry Item.
If you have Java installed on your management station, you can browse the registry to the setting you will be changing. (If you don't, you can skip the next couple of steps and copy the entry manually.) In the window that opens, click the “...” button next to Key Path.
Browse down to HKEY_LOCAL_MACHINE > SOFTWARE > JavaSoft > Java Update > Policy. In the bottom window, you should see EnableJavaUpdate.
Click on it and then click Select.
When you’re taken back to the last window, it should look something like the screenshot below. If you didn't have Java installed on your management station, you can enter the following:
Action: Update
Hive: HKEY_LOCAL_MACHINE
Key Path: SOFTWARE\JavaSoft\Java Update\Policy
Value name: EnableJavaUpdate
Value type: REG_DWORD
Value data: 00000000 (that’s 8 zero’s)
When you click OK, it should look something like this in the Group Policy Management Editor:
All that is left is to let Group Policy refresh on your test systems (or you can run a gpupdate.exe manually). If you open the Registry Editor, you should see the setting changed:
If you’re on a 32-bit OS, you can go to the Control Panel, run the Java Control Panel tool, and you’ll see that the Update tab is now gone. (For some reason, the 64-bit version of Java on a 64-bit OS doesn’t have the Update tab.)
Java updates have (at least in my experience) been kind enough to wipe out this setting after install. As long as your Action is set to Update, you should be good... Group Policy will recreate the entry at the next refresh.
NOTE: this solution has been tested against Java 6/7/8 and it works on Windows Server 2003/2008/2012 on Windows 7/8 clients.
Disable 32-bit Java updates on 64-bit Windows with Group Policy
If you’ve installed 32-bit/x86 Java on your 64-bit/x64 Operating System, the normal method of disabling Java updates with Group Policy isn’t going to work. You’ll need to add a Registry key in the Wow6432Node area of HKEY_LOCAL_MACHINE.
x86 Java stores the setting that you need to disable updates in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java\UpdatePolicy in 64-bit Windows.
The registry entry is named EnableJavaUpdate and is a DWORD value that defaults to 1 for the update functionality to be enabled. Setting the value to 0 disables updates. Here’s what it looks like in the Registry with updates enabled:
You could set this manually, but there’s actually a much easier way to do this in Group Policy. First off you’ll need a Group Policy Object (GPO) that applies to your computers that need to have the updater disabled. In my example, it is an empty GPO, but there’s no reason why you can’t add this to an existing GPO.
In your GPO, go to Computer Configuration > Preferences > Windows Settings > Registry. Right-click and choose New > Registry Item.
If you have the 32-bit Java installed on your management station (running 64-bit Windows), you can browse the registry to the setting you’ll be changing. (If you don’t, you can skip the next couple of steps and copy the entry manually.) In the window that opens, click the “...” button next to Key Path.
Browse down to HKEY_LOCAL_MACHINE > SOFTWARE > Wow6432Node > JavaSoft > Java Update > Policy. In the bottom window, you should see EnableJavaUpdate. Click on it and then click Select.
When you're taken back to the last window, it should look something like the screenshot below. If you didn’t have Java installed on your management station, you can enter the following:
Action: Update
Hive: HKEY_LOCAL_MACHINE
Key Path: SOFTWAREWow6432NodeJavaSoftJava UpdatePolicy
Value name: EnableJavaUpdate
Value type: REG_DWORD
Value data: 00000000 (that’s 8 zero’s)
When you click OK, it should look something like this in the Group Policy Management Editor:
All that is left is to let Group Policy refresh on your test systems (or you can run a gpupdate.exe manually).
 |  |