Need help creating a GPO to disable Java in Internet Explorer.

RKDusRKDus Posts: 20Member ■□□□□□□□□□
I've been following the instructions posted here: (Controlling Java in Internet Explorer - IEInternals - Site Home - MSDN Blogs)

to create a GPO to disable java for sites in Internet zones, which is fine, but the site doesn't specify how to disable OBJECT as well as APPLET elements.

Unfortunately disabling Java altogether is not an option, since we have important applications that need it to work.

Would appreciate any advice, since I'm not that experience with creating Group Policy.

The environment is Server 2008 R2 with XP desktops using IE8.

Any ideas on how to do the same in FF and Chrome would also be much appreciated!

Comments

  • crrussell3crrussell3 Posts: 561Member
    I disabled it here: Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Java Permissions -> Disable Java

    This seems to have stopped any java sites I have tested from loading.
    MCTS: Windows Vista, Configuration
    MCTS: Windows WS08 Active Directory, Configuration
  • ClaymooreClaymoore Posts: 1,637Member
    You will need additional ADMX (since you have 2008R2 DCs) templates to manage FireFox and Chrome.
    FireFox AMDX Template
    Chrome Template
    Managing Group Policy ADMX Files Step-by-Step Guide

    The FF template has an Enable Java setting in the Security section. The Chrome template has a Disabled Plugins setting, which includes an entry for Java. I am interpreting that from the ADMX xml and the registry files, so the exact wording may be different.
  • HondabuffHondabuff Posts: 667Member ■■■□□□□□□□
    Make a GPO and link it to an OU then edit it with Computer config-->Preferences-->Window Settings-->Registry and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\version of java you have\UseJava2IExplorer registry value to 0.
    **This is for 64 bit machines***

    gpupdate /force on your test machine and watch everywebsite that requires Java not work.

    Just had to do this in my company due to the Zero Day exploit. I think its easier to revert back to Java 6.38 then to disable the Java Plugins.

    32 bit
    Change the HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in\\UseJava2IExplorer registry value to 0, where is any version of Java on your system. 10.6.2, for example.
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
  • RKDusRKDus Posts: 20Member ■□□□□□□□□□
    Thanks for the input guys, I can feel this becoming a PITA for me :)

    Hopefully won't be pushed out in production!
Sign In or Register to comment.