Deploy Java Updates using WSUS and Windows Updates

microsoft black logo

Last updated on April 16th, 2023 at 11:24 pm

Read Time:3 Minute, 57 Second

Are you looking to deploy Java updates using WSUS? Want to then push them out to your end users through Windows Update? Then this guide is for you!

The end user problem

After having a number of issues with end users complaining about getting Java update alerts, but not being able to download and install them (no local admin rights), we decided it was time to do something about it, so where better to look for the help than our WSUS server.

The idea was simple, we push out Windows Updates and Adobe Updates to all users, so why not deploy Java updates?. So I started looking into it and it turned out to be much simpler than I thought.

Using a combination of SCUP, WSUS, WSUS self-cert and our own GPO‘s, I got it setup and working to all clients.

The how to deploy Java updates guide

Prerequisites

The below guide assumes that you have your WSUS self-cert setup and distributed to your clients using GPOs and that you also have your GPO’s setup to allow assigned updates – if you have no idea what this means or need help with it, go to this post about self-signed certs. These updates will not work without having this done first.

Note that to use SCUP you must have an installed, licensed System Center for your business as per the pre-reqs for downloading SCUP.

Please also note that this is for Java 7 Update 5 as you will probably see, this should work in the same way with future updates by just changing the number (5 to 6 for example..).

Something else to note is that you should not push this update to Java Clients lower than version 7, if you do, this will install and leave behind the old version and screw up your Java. If you run it on this version, it will successfully upgrade.

You will need to ensure that you have SCUP (System Center Updates Publisher) installed (can be downloaded by clicking here) on your WSUS server.

You will also need to download the latest Java Update from HERE

The setup process

Once setup, open the SCUP program and click Create Software Updates:

SCUP to deploy Java updates

You then need to browse to the location where you saved the downloaded Java Update.

Then make sure that you tick the box labelled Use a local source to publish software update content.

The command line

The other boxes are optional but you need to put the following into the Command Line box:

/s "IEXPLORER=1 MOZILLA=1" /quiet

So the first box should look similar to this:

Deploy Java Updates using WSUS and Windows Updates 1

Then click Next and on the next page you can give your update a name and description etc, again this is all optional so put what you like here, mine is as below:

Deploy Java Updates using WSUS and Windows Updates 2

Click next, again on this page is mostly optional, but mine looks like this:

Deploy Java Updates using WSUS and Windows Updates 3

For the next two pages you can just click Next (Prerequisites & Superseded Updates) as you do not need to input any information here.

The installation rules

The most important part of this sequence is the next two steps so be very careful to get this right.

Create your installable rules so that they are exactly the same as below:

SCUP to deploy Java updates command lines

This means that the update will look to see if the registry key exists – if it does, Java is installed so there may be an update that needs to be applied. But it also looks to see if the update is already installed (second row), so if it is (NOT:) means do not run the update.

Click Next and move onto the Installed Rules page. You will need to make these page exactly the same as below:

Deploy Java Updates using WSUS and Windows Updates 4

This means that the update will look at this registry key and if it is there, the update has already been applied and this update does not need to be installed.

You can then click through the rest of the wizard as there is not any more critical information that you need to input.

Deploy Java updates to your user machines

Now, you need to distribute this update. To do this, go to the update, right click and click Publish. Then, select Full Content and complete the wizard.

This should be all you need to do, now, once your WSUS and fully synchronised, your clients should see this Java update using Windows Updates and be installed.

Please feel free to share this page wherever you want, but please make sure you source me if you use the information elsewhere.

Feedback

We would love to hear your feedback on this article so come and join us on Facebook or Twitter and let us know what you think!

Click to rate this post!
[Total: 1 Average: 5]

Free Subscription

If you want to be notified when we post more quality guides like this one, sign up to our free subscription service and you will receive an email when a new post is live.

Join 441 other subscribers.

No need to worry, we will not be filling your inbox with spam and you can unsubscribe anytime you like.


2 thoughts on “Deploy Java Updates using WSUS and Windows Updates

  1. Do I need to enable anything in WSUS options, so that it will see the updates I create in Publisher? Perhaps enable a particular item in Products or Classifications tabs?

  2. Do I need to enable anything in WSUS options, so that it will see the updates I create in Publisher? Perhaps enable a particular item in Products or Classifications tabs?

Leave us a message...

This site uses Akismet to reduce spam. Learn how your comment data is processed.