How To: Install the latest Java RE MSI with MDT 2013

I can’t stress this enough, DO NOT PUT JAVA IN YOUR IMAGE! Let MDT do this at deploy time (It’s easier than you think).

Problem:

As a colleague of mine, a senior security analyst once said, “It’s considered best practice not to install Java unless absolutely necessary”. When I asked her why, she said “Due to it’s vulnerabilities, it’s risky.”

Now normally I’d brush this off as some special brand of IT paranoia, but coming from her, somebody whom I highly respect in her field, I asked her to elaborate today and she used this wonderful analogy, noting “It’s like putting a big, giant doggy door in your house, one so big a person could get through. If you don’t need it, don’t install it.”

Now, If you’re like me, you have end users who at the end of the day, will still need Java for websites X, Y, and Z, but I’m still not putting Java in my images, I want to make sure that when and if it’s getting installed, it’s the latest and greatest and that I only install it, again IF they need it. This flexibility is what makes thin images so much more powerful, and easier to maintain.

Solution:

Let MDT push Java at deploy time, and only if you’re pretty sure your end user is going to need it, and your confident your patch management system can patch Java regularly for you.

Step By Step: Configuring MDT to install the latest Java

This is pretty simple, and involves three basic steps. Downloading an Offline installer of Java, extracting an MSI from the installer by installing it to a PC, and finally importing it into MDT. All you need to do is download the offline installer, find the msi it leaves behind in your appdata folder, import that into MDT, and you’re ready to push Java at deploy time. The only thing that’s even remotely tricky about this is that the folder the MSI gets extracted to is hidden. Make sure “Show hidden files and folders” is enabled under folder options in explorer, as Windows by default likes to hide this folder from the end users.

Java00
Make sure you can see hidden files and folders

Java01
You’ll need the offline installer, select See all Java downloads.

Java02
Grab the 32 bit Offline

Java03
Install it on any PC

Java04
Guess what the offline installer leaves behind? Rename it to something generic.

Java05
Add a new Application

Java06
Choose the first one

Java07
Note: I use Java 1.7x in my version name so later I can just update as needed.

Java08
Point back to wherever it is…

Java09
Again, I call it Java 1.7x so when the latest comes out next month, I can just overwrite the msi in the share.

Java10
Note: The full command line syntax is: msiexec.exe /qb- /l*vx %LogPath%\Java.log REBOOT=ReallySuppress UILevel=67 ALLUSERS=2 /I filename.msi (obviously you need to replace filename with the name of the msi)

Java11
Summary screen: Verify and move on.

Java12
Once completed, Java should be ready to rock.

Updating Later:

So, next month when the latest version of Java comes out, just go in and either overwrite the existing files (easiest) or just throw the new updated files in there, and fix the command line to reference the new version.

Conclusion

Getting MDT to install the latest version of Java from MSI is easy, it takes a little bit of more work than just throwing it in your image, but in the long run, it’s easier to maintain, and you have the peace of mind that you’re only installing Java when needed and exponentially increases the flexibility of your imaging system.

Advertisements