In the steps below, I’ll guide you through the process of deploying and patching Java using System Center Configuration Manager 2007 R2 (SCCM).  Deployment and patching will be achieved using a single batch file.

Download the offline installation of Java from http://www.java.com/en/download/manual.jsp and copy to a network share where all users have read access.  This is where the installation will run from.

Create a batch file on the share in the same location, in this example I’ve called it Update_Java.cmd

If you have Java installed on your PC, when you install a newer version, the old versions aren’t removed.  This means you’re still vulnerable to any security issues in the old versions.  In order to uninstall the previous versions of Java you’ll need to look up the uninstall string in the registry.  On 32bit Windows this can be found at “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” and on 64bit at “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\”.  Navigate to the previously mentioned locations and choose Find from the Edit menu in Registry Editor.  Type java, tick keys, values and data and click Find Next.  Press F3, to keep jumping to the next entry until you find an entry that looks like the one below.

Copy the value for the UninstallString and paste it into the batch file, followed by /qn.  This will ensure the uninstall is silent.  Continue to add all the uninstall strings to the batch file for all versions of Java you need to uninstall.  Once you’ve finished it should look similar to below.

The next step is to add the install string for the latest version of Java you downloaded at the beginning.  This takes the form “\\ServerShare\jre-7u13-windows-i586.exe /s REBOOT=Suppress JAVAUPDATE=0”  The REBOOT=Suppress switch prevents the PC from rebooting and JAVAUPDATE=0 disables any Java update notifications.  The completed batch file should look something like this.

Now setup a standard software package in SCCM to run the batch file.  On the program properties, choose to run Hidden and take no action after running.  From the Environment tab ensure the program can run Whether or not a user is logged on and Run with administrative rights.  I also Suppress program notifications on the Advanced tab.

In order to update Java when a new version is released, download the latest version from the link at the beginning of this post.  Copy it to the installation share, edit the batch file and add the uninstall string for the last version you deployed.  Update the install section at the bottom of the batch file to install the Java version you just downloaded.  I then enable the advertisement to re-run every time and re-run the advertisement to deploy the latest update.  To do this, right-click on the advertisement and choose properties, go to the schedule tab, change Program rerun behavior to “Always rerun program”.  Click Ok, then right-click on the advertisement and choose Re-run Advertisement.