Skip to main content
J
JuliusPIV
Inspiring
February 1, 2018
Answered

Do Privileged Locations Support Environment Variables?

  • February 1, 2018
  • 2 replies
  • 2248 views

As the title suggests, I'm curious to know if Privileged Locations configured via the Acrobat Customization Wizard DC supports environment variables.

For example, will it work correctly/as expected if one uses pathing such as, but not limited to:

  • %AppData%\Some\Location
  • C:\Users\%UserName%\Some\Location
  • %UserProfile%\SomeOther\Location

Many thanks in advance.

Correct answer JuliusPIV

Hey brogers123 & thanks for the reply.

There's nothing on that link that specifically states that Wildcards are supported for files & folders; It only mentions subdomains & IP addresses which might lead the reader to make the leap that wildcards may not be supported for files & folders.

Whether I use environment variables or wildcards in the Customization Wizard, when I run the customized installation & check 'Security (Enhanced)', Privileged Locations box is empty and so is the cTrustedFolders key, even though the customizations are captured in the MST.  (Use Orca or Flexera Admin Studio to review the MST)

I ended up contacting Enterprise support:

  • The Privileged Locations box being empty is apparently a known bug
  • I still don't know why cTrustedFolders is empty.  I could see there might be some internal process that might ignore entries with unusual characters like %'s and *'s, but that does not explain the other path I specified.
  • This is all almost moot anyway: Although Privileged Locations are just registry keys, there's no way to pre-populate them with user specific paths since the key must be a string not expand string which means it has to be populated via login script or via GPO.

2 replies

D
DarrenIT
Participant
September 9, 2025

Replying to this ancient thread becase it's the first thing that shows up in Google and Adobe can't be bothered to do proper documentation. This is supported, but requires the "bDisableExpandEnvironmentVariables" registry value to be set to 0 first:

https://www.adobe.com/devnet-docs/acrobatetk/tools/PrefRef/Windows/FeatureLockDown.html?zoom_highlight=bDisableExpandEnvironmentVariables

Once that's in place, environmental variables can be used in trusted paths. I've tested adding trusted paths in "%USERPROFILE%\Path" and "C:\Users\%USERNAME%\Path" formats with direct registry edits, I assume they will work via the customization wizard as well.

EnterpriseHelp
Community Manager
EnterpriseHelpCommunity Manager
Community Manager
February 1, 2018

No, but you can use wildcards and use recursive folder trust.

Trust Methods — Acrobat Application Security Guide

J
JuliusPIVAuthorCorrect answer
Inspiring
February 13, 2018

Hey brogers123 & thanks for the reply.

There's nothing on that link that specifically states that Wildcards are supported for files & folders; It only mentions subdomains & IP addresses which might lead the reader to make the leap that wildcards may not be supported for files & folders.

Whether I use environment variables or wildcards in the Customization Wizard, when I run the customized installation & check 'Security (Enhanced)', Privileged Locations box is empty and so is the cTrustedFolders key, even though the customizations are captured in the MST.  (Use Orca or Flexera Admin Studio to review the MST)

I ended up contacting Enterprise support:

  • The Privileged Locations box being empty is apparently a known bug
  • I still don't know why cTrustedFolders is empty.  I could see there might be some internal process that might ignore entries with unusual characters like %'s and *'s, but that does not explain the other path I specified.
  • This is all almost moot anyway: Although Privileged Locations are just registry keys, there's no way to pre-populate them with user specific paths since the key must be a string not expand string which means it has to be populated via login script or via GPO.
EnterpriseHelp
Community Manager
EnterpriseHelpCommunity Manager
Community Manager
February 13, 2018

The original answer was "No, it's not supported" which you figured out. The link was provided to show what is supported.

Can you elaborate on this?: Privileged Locations box being empty

What's empty and when? If you populate it manually via the UI it works. If you use the Wizard and deploy, it should work (haven't tried it recently). What do you think is broken?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices