An update was rolled out to the managed Java settings on Windows hosts in the CN domain. The GPO is currently applied to the CN, G1, G2, G3, and INTO-OSU OUs. If an OU is blocking inheritance or outside of those OUs, the policy will not apply.
The managed settings now also deploy certificate trusts for the certificates on Banner, Appworx, and Nolij. This means that users should no longer be prompted with the usual “Do you want to run this application?” prompt when launching those applications, unless the certificates are changed at a later date.
If you run into users hitting “Do you want to run this application?” or other Java prompts for OSU applications, please let me (Ben) know so I can work on getting the deployed settings to play nice with those applications, or update the existing certs as needed.
The complete list of what settings we’re managing is:
– Force SSLv2ClientHello Format enablement (required for Banner to run properly under Java 8, off by default)
– Force TLSv1 enablement (required for Banner to run properly under Java 8, on by default but we don’t want people turning it off)
– Disable JRE auto-download (disable Oracle’s auto updater as much as Oracle will let us, so we don’t roll to known broken versions uncontrollably)
– Disable “Your Java version is out of data” messages (if we have to stay back on an old version, we don’t need to harass people about it)
– Disable sponsor offers on updates/installs (e.g. browser toolbars, as much as Oracle will let us turn this off)
– Import certificate trusts for Banner, Appworx, and Nolij