Install and/Or Uninstall Java

What the Java installer and uninstaller does

This Automox Worklet™ manages Java installations on Windows endpoints through three distinct modes of operation. The Worklet can install a specific Java version, uninstall other Java versions while preserving a target installation, or remove all Java installations from an endpoint.

The Worklet scans both 64-bit and 32-bit registry locations to identify all installed Java versions. It distinguishes between standard Java installations and Java Development Kit (JDK) installations, which is critical for protecting developer environments.

Configuration parameters allow you to control the Worklet's behavior: specify which Java version to install, whether to remove other versions, and whether to override protection of JDK installations. This flexibility enables different use cases across workstations and servers in your environment.

Why standardize Java versions across your endpoints

Multiple Java versions on the same endpoint create security and compatibility challenges. Older Java versions contain known vulnerabilities that increase your attack surface, while newer versions provide critical security patches, performance improvements, and compatibility with modern applications.

Each Java installation consumes disk space and requires maintenance. Removing legacy versions reduces storage overhead and eliminates confusion when applications require specific Java versions. Version conflicts occur when different applications expect different Java installations, leading to unexpected behavior and troubleshooting complexity.

Automating Java lifecycle management through this Worklet maintains consistent environments across your organization. The built-in JDK protection prevents disruption to developer workflows while giving you control over standardization timing.

How Java installation and removal works

1. Evaluation phase: The Worklet checks the Windows registry at HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall for 64-bit Java installations and HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall for 32-bit installations. It identifies the total count of Java instances, detects any JDK installations, and determines whether the target Java version is already present on the endpoint.

2. Remediation phase: If uninstallation is enabled, the Worklet removes all Java versions except the target (if specified), using the UninstallString registry values to execute MSIExec for each instance. If a Java installer file is configured, the Worklet copies it to the Windows temporary directory and executes it with parameters to suppress user interaction and prevent automatic restarts. Finally, the installer file is removed from the temporary directory.

Java installation and removal requirements

• Windows 8 or later (tested on Windows 8, 10, 11, and Server editions)

• Java 6 through 8 support (other versions may work but are not verified)

• Administrator privileges to modify registry and execute installations

• For installation: Upload Java installer file (jre-*.exe or jdk-*.exe) to the Worklet and set $javaInstallFile parameter

• For installation: Set $javaToInstall to the exact display name as it appears in Programs and Features (e.g., "Java 8 Update 321 (64-bit)")

• Set $uninstallOtherJava parameter consistently in both evaluation and remediation scripts

• Set $jdkOverride parameter to control whether JDK installations are protected (false) or subject to removal (true)

Expected state after Java remediation

After successful remediation, your endpoints will reflect the configuration you specified. If you configured both installation and uninstall options, the Worklet first removes other Java versions, then installs the target version, resulting in a single Java installation on the endpoint. You can verify this change through the Automox Activity Log or by checking the endpoint configuration directly.

If you configured uninstall-only mode, all Java installations are removed unless JDK is detected and $jdkOverride is set to false. The Worklet prevents unintended disruption to development environments by default. You can verify success by checking Programs and Features in Windows Settings or querying the registry at the locations noted above.

How to validate install and/or uninstall java changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for install and/or uninstall java.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Get-ChildItem, Get-ItemProperty, Where-Object.

4. Validate remediation effects from script operations such as Write-Output, Get-ChildItem, Get-ItemProperty, then rerun evaluation for compliance.