admin adventure

the ongoing struggle: man vs machine

Java JRE Deployment via Group Policy

In this post I will detail my experience deploying Java Runtime Environment 7 update 4 to my mixed 32bit and 64bit environment.

My goals are:

  • Deploy 32bit and 64bit Java via a single GPO. Since I have previously deployed Java 6 update 29 to my PCs I will use my existing GPO titled “Oracle Java Runtime Env”.
  • Prior versions of Java will be removed before the new version is installed.

Step 1 – Obtain the Appropriate Files

This step is very important, as java is often bundled with additional software that we don’t wish to deploy in our enterprise environment.

Instead of going to to download java, use the oracle site, as these files are suited to enterprise deployment.

I used

Make sure you download both the 32bit and 64bit offline versions of the JRE.


Step 2 – Extract the MSI

To extract the MSI package from the exe file downloaded above:-

Double-click the exe file and leave the installation window open.

Whilst the window is still open, go to the following location and copy the files to your staging area.


Repeat for the 64bit exe file. The path will be


Step 3 – Generate the Transform (MST) file to Customise the Install

Auto Update is a great idea for home users, but can cause problems or annoyance for enterprises.

In enterprise networks, your everyday users should not be Administrators of their local machines. Administrator privileges are required to install java updates. java will helpfully advise your users that an update is available, and prompt them to install it. Users will be unable to install the update and may be regularly prompted regarding it.

This is annoying to your users, and you will quickly begin to see helpdesk requests to update java. The better solution is to deploy updates through Group Policy, once you have tested the update in your environment. Consequently, you will want to disable the auto update function.

We will also make changes to the MSI to configure Java with settings appropriate to our environment.


  1. Open up the MSI file in Orca
  2. Click Transform>New Transform
  3. Scroll down the left hand tables window and click the “Property” Table.
  4. In the right hand window, edit the values for the properties you wish to change.

orca java

5. When you have finished making changes, go to Transform>Generate Transform
6. Save the transform file in the same location as the MSI file.
7. Close Orca
8. Repeat for the 64bit MSI file.


Step 4 – Add the Package and Transform to Group Policy

1. Open Group Policy Management Console, right-click the existing GPO and select Edit.
2. Under Computer Configuration>Software Settings>Software installation, Right click on the blank right-hand window and select New>Package.
3. Select the 32-bit package. I like to ensure that a UNC path to the package is used, but it is up to you.
4. Select the “Advanced” option and click OK. The package properties window will appear.
5. Change the name of the package to distinguish that it is 32bit. I used “Oracle Java 7 u4 x32 – Deployed”.
6. Click the Deployment Tab>Advanced and check the option “Make this 32-bit X86 application available to Win64 machines”. This is because both the 32 and 64bit editions will be installed on 64bit PCs. In this way, the user can use either the 32 or 64bit editions of IE and still have full java functionality.
7. On the same screen, I usually check “Ignore language when deploying this package”. This prevents differences between US English and Australian English from preventing the install from occurring, but this is a personal preference.
8. On the upgrades tab, clear anything that has been added to the list, then click add, and select all versions of java previously distributed by Group Policy that you wish to upgrade. I choose the option to uninstall the previous versions, rather than attempt an upgrade.


9. Click the modifications tab and add in the MST file you generated with ORCA.
10. Click OK.

Repeat the above process from step 4 part d for the 64bit package with the following changes.

  • Make sure you name the package to distinguish that it’s 64bit
  • Do not check the option to “Make this 32-bit X86 application available to Win64 machines”.  It will not be available.
  • On the upgrades tab, the 32bit version may be listed. Group Policy has incorrectly assumed that we wish to upgrade the 32bit package with the 64bit package. This is not the case. Remove any entries on the upgrade tab, and add entries only applicable to 64bit upgrades.

Note: Group Policy is intelligent enough to not deploy the 64bit package to 32bit machines.

Congratulations, you are now deploying Java

Useful Links

Java download location


3 responses to “Java JRE Deployment via Group Policy

  1. Pingback: Deploying Java 7 to the Enterprise via GPO | my world of IT

  2. Johnd26 22/05/2014 at 11:01 PM

    Magnificent website. Lots of useful information here. Im sending it to some friends ans also sharing in delicious. And obviously, thanks for your sweat! badkgfcebdkk

  3. seandale2 06/01/2015 at 4:01 PM

    Good steps for us.You guide totally helps me,thanks.Can you write more about Java JRE Deployment?I am very interested in it.Waiting for your new post.
    java barcode creator

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: