I found out today Oracle has acknowledge java to be a security risk and to disable java Is their way to do that through the GPO Thanks

Hi, While I dont believe there is an obvious option from within GPEdit or GPO's remit to directly disable Java. I would suggest perhaps you use a logon script to ensure Java is disabled at login You can create a powershell script to stop the service if you wish, then set the script via GPO to force run on logon Clear-Host $SrvName = "Java" $SrvName + " is now " + (Get-Service $SrvName).status Stop-Service $SrvName $SrvName + " is now " + (Get-Service $SrvName).status Kind Regards, Martin If you find my information useful, please rate it. :-)

Hi, While I dont believe there is an obvious option from within GPEdit or GPO's remit to directly disable Java. I would suggest perhaps you use a logon script to ensure Java is disabled at login You can create a powershell script to stop the service if you wish, then set the script via GPO to force run on logon Clear-Host $SrvName = "Java" $SrvName + " is now " + (Get-Service $SrvName).status Stop-Service $SrvName $SrvName + " is now " + (Get-Service $SrvName).status Kind Regards, Martin If you find my information useful, please rate it. :-)

Hi, You can use Software Restriction policies to identify software and to control its ability to run on your local computer, OU, domain, or site. Software restriction policies provide a policy-driven system to specify which programs are allowed to run on the local computer and which are not. When you use the software restriction policies, you can define a default security level of Unrestricted or Disallowed for a Group Policy object (GPO) so that software is either allowed or not allowed to run by default. To create exceptions to this default security level, you can create rules for specific software. You can create the following types of rules: Hash rules Certificate rules Path rules Internet zone rules A policy is made up of the default security level and all of the rules applied to a GPO. This policy can apply to all of the computers or to individual users. The software restriction policies provide a number of ways to identify software, and they provide a policy-based infrastructure to enforce decisions about whether the software can run. With the software restriction policies, users must follow the guidelines that are set up by administrators when they run programs. Software Restriction policy is available for Windows XP and later OS. If you clients run Windows 7, you can also use AppLocker. AppLocker is a new feature in Windows Server 2008 R2 and Windows 7 that advances the feature and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny applications from running based on unique identities of files and to specify which users or groups can run those applications. For more information please refer to following MS articles: How To use Software Restriction Policies in Windows Server 2003 http://support.microsoft.com/kb/324036 What Is AppLocker http://technet.microsoft.com/en-us/library/ee424367(v=WS.10).aspx AppLocker http://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspxLawrence TechNet Community Support

Hi, You can use Software Restriction policies to identify software and to control its ability to run on your local computer, OU, domain, or site. Software restriction policies provide a policy-driven system to specify which programs are allowed to run on the local computer and which are not. When you use the software restriction policies, you can define a default security level of Unrestricted or Disallowed for a Group Policy object (GPO) so that software is either allowed or not allowed to run by default. To create exceptions to this default security level, you can create rules for specific software. You can create the following types of rules: Hash rules Certificate rules Path rules Internet zone rules A policy is made up of the default security level and all of the rules applied to a GPO. This policy can apply to all of the computers or to individual users. The software restriction policies provide a number of ways to identify software, and they provide a policy-based infrastructure to enforce decisions about whether the software can run. With the software restriction policies, users must follow the guidelines that are set up by administrators when they run programs. Software Restriction policy is available for Windows XP and later OS. If you clients run Windows 7, you can also use AppLocker. AppLocker is a new feature in Windows Server 2008 R2 and Windows 7 that advances the feature and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny applications from running based on unique identities of files and to specify which users or groups can run those applications. For more information please refer to following MS articles: How To use Software Restriction Policies in Windows Server 2003 http://support.microsoft.com/kb/324036 What Is AppLocker http://technet.microsoft.com/en-us/library/ee424367(v=WS.10).aspx AppLocker http://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspxLawrence TechNet Community Support