Oracle Java Part 2: Detecting with Intune
Oracle’s Java is one of the most widely used pieces of software in the world. Oracle makes it really easy for users to download it, no doubt helping to maintain its proliferation in the marketplace. And it’s free!
Unfortunately, modern distributions are no longer free for commercial users, and it seems as if Oracle has gone out of its way to make it as difficult as possible to understand a company’s obligations for licensing costs that many are left unaware when Oracle comes knocking for payment. It’s a matter of when, not if.
Fortunately, this multi-part series is here to help IT professionals navigate Oracle’s licensing scheme and avoid a potential audit.
Part 1: Understanding the licensing.
Part 3: Removing with Intune.
Java, Java, Java: How much is out there?
In the end, the only way to be compliant with Oracle for not paying them any licensing is to simply have all licensed copies removed from your environment. However, some users may have business processes that you’re unaware of that might be depend on their currently installed version that requires a license. It is very possible that just deleting all offending instances in one go could be a significant disruption to users.
If you’re wanting to go straight to removal, jump ahead to part 3 linked above.
However, if you’re looking for a way to mitigate the impact of removal, read on!
What to do… what to do…
Once you have the info of licensed Java instances in your environment, you can then reach out to users and ask whythey have it installed. From my experience, I have found that most people don’t have a clue why it is installed on their devices.
However, they may be some users that do know why they have it installed. You can then work with them to understand their use case and try an free alternative, working to understand if that specific licensed version is required. I feel this work is important because, as mentioned in Part 1, if it’s determined that one person needs it, then you need to license every user in the org. Given that, you reallyneed to make sure that it is needed.
…what to do about it!
The following method for detecting Java relies on a script deployed as a proactive remediation in Intune as a detection script only. You could, in theory, have a toast notification display as part of the remediation script. I have done that my environment as we dealt with this issue. I haven’t posted that because it contains data specific my org, but if there are those interested in a template, please comment below.
Here is the structure of the script:
- Defines the licensed versions of Oracle Java that may be found.
- NOTE:The are examined as greater than and less than in the script. As new versions enter LTS licensing, you will need to update this section accordingly. It is current as of Jan 2025 in what is provided below.
- Looks in the uninstall registry for “Java” or “J2SE”
- Registry locations:
- HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*”
- “HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*”
- NOTE: This script intentionally excluded the Java Auto Update. This piece of software doesn’t require a license and versions of this software sometimes matched the actual licensed versions I was looking for. Accordingly, I have left it out.
- Registry locations:
- Gathers DisplayName, Publisher, DisplayVersion, and InstallDate for all instances and outputs them as a one-line string.
- Evaluates if any of those versions match a licensed version and the publisher is Oracle and will exit 1.
If the script exits 1, the proactive remediation detection will report in the Intune console as “with issue” for the device. At that point, select “Pre-remediation detection output” as a column to display and you can now see what instances are installed on each device. An example of what this looks like is below:
The script is pasted below and can be found on my Github here! If you have any question, type furiously in the comments below and let me know!
# This is a script to determine if any versions of Oracle's Java JRE exist on the system it is run on. # Define the registry paths to search $registryPaths = @( "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" ) # Initialize an array to store the results $results = @() # Define the offending version ranges to check. NOTE: This is a greater than/less than # lookup, meaning the min need to be the last free OLC or NFTC version $versionRanges = @( @{ Min = [version]"1.5.0.220"; Max = [version]"2.0.0" }, @{ Min = [version]"6.0.450"; Max = [version]"7.0.0" }, @{ Min = [version]"7.0.800"; Max = [version]"8.0.0" }, @{ Min = [version]"8.0.2020.8"; Max = [version]"9.0.0" }, @{ Min = [version]"11.0.0"; Max = [version]"17.0.0" }, @{ Min = [version]"17.0.12.0"; Max = [version]"18.0.0" } ) # Function to check if a version is within any of the specified ranges function IsVersionInRange($version) { foreach ($range in $versionRanges) { if ($version -gt $range.Min -and $version -lt $range.Max) { return $true } } return $false } # Loop through each registry path foreach ($path in $registryPaths) { # Get all subkeys in the current path $subkeys = Get-ItemProperty -Path $path -ErrorAction SilentlyContinue foreach ($subkey in $subkeys) { # Check if the DisplayName or Publisher matches the criteria if (($subkey.DisplayName -like "*java*") -or ($subkey.DisplayName -like "*J2SE*") -and ($subkey.DisplayName -notlike "*Java Auto Updater*")) { # Add the matching software to the results array $results += [PSCustomObject]@{ DisplayName = $subkey.DisplayName Publisher = $subkey.Publisher Version = $subkey.DisplayVersion InstallDate = $subkey.InstallDate } } } } # Check if any results were found if ($results.Count -eq 0) { Write-Host "No instances of Oracle Java found!" exit 0 } else { $instances = $results.Count $outputString = "" $instanceNumber = 1 $results | ForEach-Object { $outputString += "**Instance${instanceNumber}**: DisplayName: $($_.DisplayName), Publisher: $($_.Publisher), DisplayVersion: $($_.Version), InstallDate: $($_.InstallDate) " $instanceNumber++ } Write-Host "[$instances] instances of Oracle found: $outputString" foreach ($result in $results) { $version = [version]$result.Version if (IsVersionInRange $version -and $subkey.publisher -match "Oracle") { exit 1 } } exit 0 }
