Oracle SE Java 8 - Required Software Policy

If you’ve not yet read our announcement concerning Oracle SE Java 8 Support Shift and How It Impacts Automox Users, please see our blog post for further detail and context.

Hello Automox Community!

Given the recent support shift concerning Java SE 8 Updates, we’ve created an Automox Worklet template for Required Software Policy that you may use in extending the patch care continuum of Java SE 8. In addition, this template can be refactored as-needed for other such third-party software solutions.

How To Use

Overall process is documented on our blog post, but to summarize:

Obtain the patch through a manual download of the “offline” install file or via Worklet.

Upload the patch to the Automox Console in a new Required Software Policy and add the template to the policy.

Make any adjustments necessary to scope, and be sure that the patch name and version are matching exactly to the patch upload name and version.

Tips

If you have an issue with the template, be sure to check that the upload filename matches the Package Name.

Be sure to download the offline patch vs the “online” version.

Installation Script (Click To Expand)

<#


#--------------------------------------------------------------License]------------------------------------------------------------





MIT License





Copyright (c) 2020 Nicholas Colyer





Permission is hereby granted, free of charge, to any person obtaining a copy


of this software and associated documentation files (the "Software"), to deal


in the Software without restriction, including without limitation the rights


to use, copy, modify, merge, publish, distribute, sublicense, and/or sell


copies of the Software, and to permit persons to whom the Software is


furnished to do so, subject to the following conditions:





* The above copyright notice and this permission notice shall be included in all


  copies or substantial portions of the Software.





THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR


IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,


FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE


AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER


LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,


OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE


SOFTWARE.





#------------------------------------------------------------Description]----------------------------------------------------------





.SYNOPSIS


Java SE Runtime Environment 8 Update (271) Script (Java-SE-8-Patch-Script_Update-271)





.DESCRIPTION


This script will update the java version installed with the patch manually uploaded to the Automox Console.





.OUTPUTS


  Exit 0


  Exit 1 && Exception (Message)





.NOTES


  Version:        1.0


  Creation Date:  12/04/2020


  Author:         Nicholas Colyer


  Purpose/Change: Initial script development


  Email:          nicholas.colyer@automox.com, contact@nicholascolyer.com


  Url:            https://github.com/ncolyer/automox-community


  Platform:       Microsoft Windows


  Release:        10


  Build:          >=1507


  Tags:           Java 8, Build 271 Update, Powershell





.EXAMPLE


  ./Java-SE-8-Patch-Script_Update-271.ps1





#>





#------------------------------------------------------------Parameters]-----------------------------------------------------------





Param (





   string]$compliantPatchFile    = "jre-8u271-windows-i586.exe",


   string]$compliantProductValue = "Java 8 Update 271",


   string]$productFilter         = 'Java  0-9] Update(.*)',


   string]$compliantTestCmd      = "java -version",


   string]$compliantTestCmdValue = "build 1.8.0_271",


   string]$pathFilter            = "%java%"  





)





#------------------------------------------------------------Functions]------------------------------------------------------------





Function Get-InstalledSoftware {


  <#





  .SYNOPSIS 


  Displays all software listed in the registry on a given computer.





  .DESCRIPTION


  Uses the SOFTWARE registry keys (both 32 and 64bit) to list the name, version, vendor, and uninstall string for each software entry on a given computer.





  .PARAMETER ComputerName


   String] A string input representing the target device computer name





  .EXAMPLE


  C:\PS> Get-InstalledSoftware -ComputerName SERVER1


  This shows the software installed on SERVER1. 





  .NOTES


  This function is courtesy of stackoverflow community as a superior alternative to WMI/Win32_Product





  .LINK


  https://stackoverflow.com/questions/25268491/alternative-to-win32-product 





  #>





  Param (


  


    >Parameter(mandatory=$true,ValueFromPipelineByPropertyName=$true)]Nstringr]]$ComputerName


  


  )





  Process {


    


    foreach ($Computer in $ComputerName)


    {


      


      #Open Remote Base


      $reg=
microsoft.win32.registrykey]::OpenRemoteBaseKey('LocalMachine',$Computer)





      #Check if it's got 64bit regkeys


      $keyRootSoftware = $reg.OpenSubKey("SOFTWARE")


      bbool]$is64 = ($keyRootSoftware.GetSubKeyNames() | ? {$_ -eq 'WOW6432Node'} | Measure-Object).Count


      $keyRootSoftware.Close()





      #Get all of they keys into a list


      $softwareKeys = @()


      


      if ($is64){


        


	$pathUninstall64 = "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall"


        $keyUninstall64 = $reg.OpenSubKey($pathUninstall64)


        $keyUninstall64.GetSubKeyNames() | % {


        


	  $softwareKeys += $pathUninstall64 + "\\" + $_


        


	}


        


	$keyUninstall64.Close()


      


      }


      


      $pathUninstall32 = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"


      $keyUninstall32 = $reg.OpenSubKey($pathUninstall32)


      $keyUninstall32.GetSubKeyNames() | % {


      


        $softwareKeys += $pathUninstall32 + "\\" + $_


      


      }


      


      $keyUninstall32.Close()





      #Get information from all the keys


      $softwareKeys | % {


        


	$subkey=$reg.OpenSubKey($_)


        


	  if ($subkey.GetValue("DisplayName")){


            


	    $installDate = $null


            


	    if ($subkey.GetValue("InstallDate") -match "/"){


            


	      $installDate = Get-Date $subkey.GetValue("InstallDate")


            


	    }


            elseif ($subkey.GetValue("InstallDate").length -eq 8){


            


	      $installDate = Get-Date $subkey.GetValue("InstallDate").Insert(6,".").Insert(4,".")


            }


            


	    New-Object PSObject -Property @{


              ComputerName = $Computer


              Name = $subkey.GetValue("DisplayName")


              Version = $subKey.GetValue("DisplayVersion")


              Vendor = $subkey.GetValue("Publisher")


              UninstallString = $subkey.GetValue("UninstallString")


              InstallDate = $installDate


            }


          


	  }





          $subkey.Close()


      


      }


      


      $reg.Close()


    


    }





  }





}








function Get-CompliantStatus {


  <#





  .SYNOPSIS


  Get-CompliantStatus of device





  .DESCRIPTION


  Determines device compliance by checking registry and commandline for correct version information.


  Both CLI and registry target values are required to return true matches for a compliant result.





  .PARAMETER productFilter


    >String] Qualifying Product Candidate Filter (RegEx)


      


  .PARAMETER compliantProductValue


    >String] Compliant Product Version Value (Exact Match)





  .PARAMETER compliantTestCmd


    >String] Commandline Syntax for Enumerating Version Value





  .PARAMETER compliantTestCmdValue


    >String] Commandline Complaint Version Value Result





  #>





  Param (


    


    >Parameter(mandatory=$true,ValueFromPipelineByPropertyName=$true)]Nstringr]]$productFilter,        


    >Parameter(mandatory=$true,ValueFromPipelineByPropertyName=$true)]Nstringr]]$compliantProductValue,


    >Parameter(mandatory=$true,ValueFromPipelineByPropertyName=$true)]Nstringr]]$compliantTestCmd,


    >Parameter(mandatory=$true,ValueFromPipelineByPropertyName=$true)]Nstringr]]$compliantTestCmdValue





    )





  $installedSoftware = Get-InstalledSoftware $env:COMPUTERNAME





  # Any Java Version Installed?


  If ($installedSoftware | Select-String -Pattern $productFilter){





    # Patch Compliant


    If ($installedSoftware | Select-String -Pattern $compliantProductValue){





      $compliantInstallPkgMgr = $true





    }





  } else {





    Write-Output "No candidate Java installed."


    exit 0





  }





  # Commandline Compliant


  If((bstring](& cmd /c $compliantTestCmd 2>&1)) -match $compliantTestCmdValue){





    $compliantInstallCli = $true





  }





  if($compliantInstallCli -and $compliantInstallPkgMgr){





    return $true





  }





  return $false





}








function Start-Install {


  <#





    .SYNOPSIS


    Start-Install of compliant patch





    .DESCRIPTION


    Start-Install will install the compliant patch file supplied on the device





    .PARAMETER compliantPatchFile


    >String] Compliant Product Version Patchfile - Uploaded to Automox Console





  #>





  Param (


    


    >Parameter(mandatory=$true,ValueFromPipelineByPropertyName=$true)]Nstringr]]$compliantPatchFile


        


  )





  if(Start-Process -FilePath ".\$compliantPatchFile" "/s" -Wait){





    Remove-Item -Path ".\$compliantPatchFile" -Force -ErrorAction SilentlyContinue





  }





}








function Invoke-PatchNow ($compliantPatchFile, $pathFilter) {


  <#





    .SYNOPSIS


    Invoke-PatchNow evaluation logic





    .DESCRIPTION


    Invoke-PatchNow will evaluate device compliance and take required action





    .PARAMETER compliantPatchFile


    >String] Patch file uploaded to Automox console for candidate installation





    .PARAMETER pathFilter


    >String] Execution path filter for terminating and potential conflicting processes





  #>





  if ((Get-CompliantStatus $productFilter $compliantProductValue $compliantTestCmd $compliantTestCmdValue) -eq $false){





    # Terminate Any Potential File/Locking Processes


    (Get-WmiObject -Class win32_process -Filter "ExecutablePath like '%$pathFilter%'") | ForEach-Object {($_.terminate())}





    Start-Install $compliantPatchFile





    if ((Get-CompliantStatus $compliantProductValue $productFilter $compliantTestCmd $compliantTestCmdValue) -eq $false){


      Write-Output "Could not patch automatically. Please manually patch device."


      exit 1


    }





  }





  # Already Compliant


  exit 0





}





#------------------------------------------------------------Execution]------------------------------------------------------------





Try {





  Invoke-PatchNow





} Catch {





  Write-Output $_.Exception


  exit 1





}

The template is also on GitHub.

Page 1 / 1

Can anyone chime in if they’ve gotten this to run properly? Been working on it for a bit, still getting some errors that are hard to parse through. The code in its original state seems to fail after following the guided steps with:

The assignment expression is not valid. The input to an assignment operator must be an object that is able to accept assignments, such as a variable or a property.

I have substantially modified the script but still no joy. Figured I’d ask around to see if anyone has had luck with this before I keep beating my head on it.

Cheers!

The assignment expression is not valid. The input to an assignment operator must be an object that is able to accept assignments, such as a variable or a property.

I have substantially modified the script but still no joy. Figured I’d ask around to see if anyone has had luck with this before I keep beating my head on it.

Cheers!

I had the same issue.

Simply using this worked for me.

.\jre-8u311-windows-i586.exe /s REMOVEOUTOFDATEJRES=1

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded