VB Script to disable the Java IE plugin

by , 4th March 2013 at 08:50 PM (6380 Views)
Java has been an extreme pain in the neck as of late with the constant updates. Many sources are calling to uninstall it, but unfortunately many of us don't have the luxury of doing that. So the next best thing besides pushing out a stream of updates (that are already exploitable out of the box) you can do is to disable the Internet Explorer plugin. The ability to run Java within a browser is something that isn't needed in my district; all that is needed is for Java Web Start to handle the JNLP file association.

Now, I just figured I could write an ADM template and do this through GPO, but the values you need to changed are stored under a key named according to the version of Java installed. So writing a template would only be good for the version you wrote it for. Scripting was next viable alternative and this one will handle any version of Java installed on the system.

Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const HKEY_CURRENT_CONFIG = &H80000005

strComputer = "."

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colOS = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")

For Each OS in colOS
	strOSArch = OS.OSArchitecture

If InStr(strOSArch, "64") Then
	WriteKeys HKEY_LOCAL_MACHINE,"Software\Wow6432Node\JavaSoft\Java Plug-in\",strComputer
	WriteKeys HKEY_LOCAL_MACHINE,"Software\JavaSoft\Java Plug-in\",strComputer
	WriteKeys HKEY_LOCAL_MACHINE,"Software\JavaSoft\Java Plug-in\",strComputer
End if

Function WriteKeys(HKEY_LOCAL_MACHINE, strKeyPath, strComputer)

	Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
	objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys

	For Each SubKey in arrSubKeys
		objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath & SubKey, "UseJava2IExplorer", 0
		objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath & SubKey, "UseNewJavaPlugin", 0

End Function
Set it up as a startup script in GPO and you should be all set. I hope this helps...
