Need help creating a GPO to disable Java in Internet Explorer.
I've been following the instructions posted here: (Controlling Java in Internet Explorer - IEInternals - Site Home - MSDN Blogs)
to create a GPO to disable java for sites in Internet zones, which is fine, but the site doesn't specify how to disable OBJECT as well as APPLET elements.
Unfortunately disabling Java altogether is not an option, since we have important applications that need it to work.
Would appreciate any advice, since I'm not that experience with creating Group Policy.
The environment is Server 2008 R2 with XP desktops using IE8.
Any ideas on how to do the same in FF and Chrome would also be much appreciated!
to create a GPO to disable java for sites in Internet zones, which is fine, but the site doesn't specify how to disable OBJECT as well as APPLET elements.
Unfortunately disabling Java altogether is not an option, since we have important applications that need it to work.
Would appreciate any advice, since I'm not that experience with creating Group Policy.
The environment is Server 2008 R2 with XP desktops using IE8.
Any ideas on how to do the same in FF and Chrome would also be much appreciated!
Comments
-
crrussell3 Member Posts: 561I disabled it here: Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Java Permissions -> Disable Java
This seems to have stopped any java sites I have tested from loading.MCTS: Windows Vista, Configuration
MCTS: Windows WS08 Active Directory, Configuration -
Claymoore Member Posts: 1,637You will need additional ADMX (since you have 2008R2 DCs) templates to manage FireFox and Chrome.
FireFox AMDX Template
Chrome Template
Managing Group Policy ADMX Files Step-by-Step Guide
The FF template has an Enable Java setting in the Security section. The Chrome template has a Disabled Plugins setting, which includes an entry for Java. I am interpreting that from the ADMX xml and the registry files, so the exact wording may be different. -
Hondabuff Member Posts: 667 ■■■□□□□□□□Make a GPO and link it to an OU then edit it with Computer config-->Preferences-->Window Settings-->Registry and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\version of java you have\UseJava2IExplorer registry value to 0.
**This is for 64 bit machines***
gpupdate /force on your test machine and watch everywebsite that requires Java not work.
Just had to do this in my company due to the Zero Day exploit. I think its easier to revert back to Java 6.38 then to disable the Java Plugins.
32 bit
Change the HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in\\UseJava2IExplorer registry value to 0, where is any version of Java on your system. 10.6.2, for example.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
RKDus Member Posts: 20 ■□□□□□□□□□Thanks for the input guys, I can feel this becoming a PITA for me
Hopefully won't be pushed out in production!