Disabling Java Automatic Updates on a Terminal Server and 64-bit Registry Redirection (Wow6432Node)

Tags: 64-bit registry redirection, java updates, terminal server, wow6432node, Networking

11 comment(s) |

 

On a recently setup Windows Server 2008 R2 terminal server, Java was installed, and by default the JRE will enable automatic updates for all users. No daily users have administrative privileges, but all users are prompted to install updates. No users can actually install the available updates, nor can they disable the update check via the Control Panel.

After checking the usual candidates for auto runs, I was a little stumped. I finally tracked it down using the Autoruns tool from SysInternals. Since the operating system is 64-bit, many of the registry keys seemed absent under HKLM\Software.

There is a subkey located at HKLM\Software\Wow6432Node that contains the relevant settings for 32-bit applications, and within here, is the expected JavaSoft registry key. This is similar to the automatic system controlled c:\Windows\SysWOW64 directory for 32-bit compatiblity. This is known as 64-bit registry redirection.

To disable updates, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy\

The official fix, per Sun, would be to create a new DWORD value called EnableAutoUpdateCheck, and set it to 0. Unfortunately though, it didn’t work, perhaps because the update had already been checked for, and was in queue just wanting to be installed.

Changing the key EnableJavaUpdate to 0 worked without needing to install updates, and stopped prompting non-admin users from installing updates.

An alternative method would be to stop the update utility from running by deleting the key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched

src: http://www.interworks.com/blogs/dholm/2010/05/18/disabling-java-automatic-updates-terminal-server-and-64-bit-registry-redirect