Hello,
Thanks to the whole big java ordeal our company has executed plan nuke java from orbit.
We currently have a need to keep Java 8u202 for some things that currently do not support OpenJDK unfortunately. I have tried to write some relevance and look at other relevance in regards to looking for java versions.
I need another set of eyes or more experience to look at this and tell me how and why im doing it the wrong way. <3
exists(values ("InstallLocation" ; "DisplayVersion") of keys whose (value "InstallLocation" of it as string starts with "C:\Program Files\Java\" and "DisplayVersion" of it as string != "8.0.2020.8" OR value "InstallLocation" of it as string starts with "C:\Program Files (x86)\Java\" and "DisplayVersion" of it as string != "8.0.2020.8") of keys ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" ; "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall") of (x32 registries ; x64 registries) as string)
Im not the best at relevance, and while we do have bigfix inventory i believe, nobody ever bothered to set it up or manage it properly in the past that im aware of and Im kinda on a crunch to get this going and was hoping i could just make a never ending baseline that runs and preforms the tasks based on some specific registry keys.
My issue is this seems to return true and correct. But im getting “relevant” end points that it shouldnt work on.
Like, i have a pc that has the exact “8.0.2020.8” value but its returning as if its not.
exists(values ("InstallLocation" ; "DisplayVersion") of keys whose (value "InstallLocation" of it as string = "C:\Program Files\Java\jre1.8.0_202\" OR value "InstallLocation" of it as string = "C:\Program Files (x86)\Java\jre1.8.0_202\") of keys ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" ; "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall") of (x32 registries ; x64 registries) as string)
While its looking like this works better, its not as precise as I would like. Its unlikely someone would tamper with the folder names but you never know.
I think it’s unlikely someone would intentionally tamper with the folder names, but I also think it’s very likely than any number of applications could bundle their own JRE, copying it beneath their directory.
To find those, you would need to scan entire disks, find all the java.exe instances, and be able to tell the differences between Oracle JRE, IBM JRE, OpenJDK, Eclipse/Temurin Java, Amazon Corretto…which is something in the wheelhouse of Inventory
If I am understanding you correctly, you want the relevance to be True if you have this specific version of Java (8.0.22.8) and installed under “C:\Program Files\Java” OR “C:\Program Files (x86)\Java”; and False if this version/install location doesn’t exist - is that it?
It’s a bit hard to write because it can be something as small as InstallLocation not having final “\” or path being with lowercase; display version not listed exactly like you have it; etc but give this a try:
exists keys whose (exist value "InstallLocation" whose (it as string as lowercase contains "C:\Program Files\Java\jre1.8.0_202\" as lowercase OR it as string as lowercase contains "C:\Program Files (x86)\Java\jre1.8.0_202\" as lowercase) of it and exist value "DisplayVersion" whose (it as string = "8.0.2020.8") of it) of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registries ; x64 registries)
understood. In the next couple weeks, my goal is to sit down and go over inventory. Right now, its broke and I need to open a ticket with HCL to see what’s up.
This is a bandaid attempt to satisfy upper brass to buy some time.
Thankfully we’ve only ever had oracle JRE in our environment over the years. So it’s not to messy, just lots of old and different versions.
What are the chances of having a different version of Java in a folder explicitly named with a different version number? What I would write to look at “DisplayName” for whatever Java name you want to scan for and then the non-compliant versions but by hardcoding the actual install paths with versions, would anybody be doing that? Anyway, just my two cents, here is what you wanted:
exists keys whose (exist value "InstallLocation" whose (it as string as lowercase contains "C:\Program Files\Java\jre1.8.0_202\" as lowercase OR it as string as lowercase contains "C:\Program Files (x86)\Java\jre1.8.0_202\" as lowercase) of it and exist value "DisplayVersion" whose (it as string as version != "8.0.2020.8") of it) of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registries ; x64 registries)
