Deploy Java Updates using WSUS and Windows Updates

microsoft black logo

Are you looking to deploy Java updates using WSUS? Want to then push them out to your end users through Windows Update? Then this guide is for you!

The end user problem

After having a number of issues with end users complaining about getting Java update alerts, but not being able to download and install them (no local admin rights), we decided it was time to do something about it, so where better to look for the help than our WSUS server.

The idea was simple, we push out Windows Updates and Adobe Updates to all users, so why not deploy Java updates?. So I started looking into it and it turned out to be much simpler than I thought.

Using a combination of SCUP, WSUS, WSUS self-cert and our own GPO‘s, I got it setup and working to all clients.

The how to deploy Java updates guide


The below guide assumes that you have your WSUS self-cert setup and distributed to your clients using GPOs and that you also have your GPO’s setup to allow assigned updates – if you have no idea what this means or need help with it, go to this post about self-signed certs. These updates will not work without having this done first.

Note that to use SCUP you must have an installed, licensed System Center for your business as per the pre-reqs for downloading SCUP.

Please also note that this is for Java 7 Update 5 as you will probably see, this should work in the same way with future updates by just changing the number (5 to 6 for example..).

Something else to note is that you should not push this update to Java Clients lower than version 7, if you do, this will install and leave behind the old version and screw up your Java. If you run it on this version, it will successfully upgrade.

You will need to ensure that you have SCUP (System Center Updates Publisher) installed (can be downloaded by clicking here) on your WSUS server.

You will also need to download the latest Java Update from HERE

The setup process

Once setup, open the SCUP program and click Create Software Updates:

SCUP to deploy Java updates

You then need to browse to the location where you saved the downloaded Java Update.

Then make sure that you tick the box labelled Use a local source to publish software update content.

The command line

The other boxes are optional but you need to put the following into the Command Line box:

/s "IEXPLORER=1 MOZILLA=1" /quiet

So the first box should look similar to this:

Recommended...  Exchange Shell - Export all shared mailbox permissions to CSV
Deploy Java Updates using WSUS and Windows Updates 1

Then click Next and on the next page you can give your update a name and description etc, again this is all optional so put what you like here, mine is as below:

Deploy Java Updates using WSUS and Windows Updates 2

Click next, again on this page is mostly optional, but mine looks like this:

Deploy Java Updates using WSUS and Windows Updates 3

For the next two pages you can just click Next (Prerequisites & Superseded Updates) as you do not need to input any information here.

The installation rules

The most important part of this sequence is the next two steps so be very careful to get this right.

Create your installable rules so that they are exactly the same as below:

SCUP to deploy Java updates command lines

This means that the update will look to see if the registry key exists – if it does, Java is installed so there may be an update that needs to be applied. But it also looks to see if the update is already installed (second row), so if it is (NOT:) means do not run the update.

Click Next and move onto the Installed Rules page. You will need to make these page exactly the same as below:

Deploy Java Updates using WSUS and Windows Updates 4

This means that the update will look at this registry key and if it is there, the update has already been applied and this update does not need to be installed.

You can then click through the rest of the wizard as there is not any more critical information that you need to input.

Deploy Java updates to your user machines

Now, you need to distribute this update. To do this, go to the update, right click and click Publish. Then, select Full Content and complete the wizard.

This should be all you need to do, now, once your WSUS and fully synchronised, your clients should see this Java update using Windows Updates and be installed.

Please feel free to share this page wherever you want, but please make sure you source me if you use the information elsewhere.


We would love to hear your feedback on this article so come and join us on Facebook or Twitter and let us know what you think!

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Feedback is critical to our site so please, if this has helped you out, give the article a star rating above, it only takes one click! Thank You!

About A.J. Armstrong

Founder of TechyGeeksHome and Head Editor for over eight years! IT expert in multiple areas for over 21 years. Sharing experience and knowledge whenever possible! Making IT Happen.

View all posts by A.J. Armstrong

2 Comments on “Deploy Java Updates using WSUS and Windows Updates”

  1. Do I need to enable anything in WSUS options, so that it will see the updates I create in Publisher? Perhaps enable a particular item in Products or Classifications tabs?

  2. Do I need to enable anything in WSUS options, so that it will see the updates I create in Publisher? Perhaps enable a particular item in Products or Classifications tabs?

Leave us a message...

This site uses Akismet to reduce spam. Learn how your comment data is processed.