We have a few hundred users and about 40-50 of them need Java for one reason or another. The problem we run into (as have many others online apparently) is that Java seems to want to update all the time. How this differs is that most people online seem to all want to disable automatic updates. I was curious if you could set it to automatically update without prompting the user?
Personally I'd not want that because in the past updating Java to the latest and greatest has caused issues with ASDM for me, and this may be the case with other end users' programs as well (or may not). I'm just trying to weigh my options and figure out if this is possible as one less pop-up prompting them to update (when they can't without admin rights) would be great. And, I don't like the idea of ignoring potential security risks, I'd rather update things as they need to be updated.
Thanks in advance for your thoughts.
This is definitely a balance for your environment. There are two diametrically opposed camps on whether or not to update Java automatically:
The case for
The case against
If your office is not using Java apps, then the second case is not relevant. My office does; there are two pieces of hardware that have Java consoles, these consoles don't get updated nearly often enough so we have to keep old/busted java installs around just to use it. You may not have that problem.
I've found that Java and GPO-based software deployments actually go together fairly well. Even better, it's not that hard to get at the needed MSI. A few clicks, and everyone will get updated Java on their next reboot. There may be registry-hacks to do it directly in the Java updater, but I'm not sure what they are.