Here's the deal, we know how to fix it after it starts, although that may be manual or done by enumerating user profiles and editing files in the user registry or appdata.
Here's what can be done to head this off with your next admin install.
1- Decide if you will be loading as an MSI or as an EXE. Follow Oracles documentation for extracting the MSI. I prefer the MSI and creating a custom transform using orca and applying the following settings.
how to extract the msi http://www.java.com/en/download/help/msi_install.xml
Orca KB http://support.microsoft.com/kb/255905
If you go with the exe you will have to include reg hacks in your install script.
settings for transform at minimum:
AUTOUPDATECHECK 0
IEXPLORER 1
JAVAUPDATE 0
JU 0
MOZILLA 1
REBOOTYESNO NO
2- Place your install files in to an empty folder (msi + cab for msi install, exe for exe install)
3-Create the following files in that folder: deployment.config & deployment.properties These files can be edited in your text editor of choice.
deployment.config should contain at the very least:
deployment.system.config = file:\C\:\\WINDOWS\\Sun\\Java\\Deployment\\deployment.properties
deployment.properties should contain at the very least:
deployment.expiration.check.enabled = false
deployment.expiration.decision.suppression = TRUE
deployment.javaws.autodownload = NEVER
deployment.javaws.autodownload.locked
Follow http://docs.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/properties.html if you want to add anything else.
4-Create your install script (bat, vbs, etc..) It should do the following:
- kill your java process, internet explorer, firefox, chrome, safari, etc...
- Install java with proper commands and arguments.
-copy / xcopy the two deployment files to c:\windows\sun\java\deployment with proper arguments.
Test your install. Ensure it installs java and users can still access the applications they need to access.
Create or edit a software resource in your software catalog. http://www.symantec.com/business/support/index?page=content&id=DOC5446&key=57898&basecat=DOCUMENTATION&actp=LIST
See section II. you want to upload the contents of your java install folder as the package and set the install script as your installation file. it should display in bold. Let SMF generate command line for you. This is also a good time to create your inventory rules for detection and apllicability (you need these for a managed software delivery, custom inventory policys and installed software filters)
Create a software delivery task and test delivering of the package.
Once you have completed testing you can create your software inventory policy, software filter & use them when creating a Managed Software Delivery Policy. Roll out as necessary.
Key note: If your users do things you dont like, you may not want to put this in the software portal for anyone to download without approval. The software portal requests do not apply detection rules when running. If java is installed and you go to install it again, i've noticed java stops working and you have to uninstall, reboot & reinstall.