I'm able to successfully print PDFs automatically to some printer using the following command line if I manually create the shell and execute that command. What additionally works is e.g. printing some PDf in Windows Explorer using the context menu of the PDF and the verb "print".
What does NOT work is using the exact same command line in some custom WIN32-app with "CreateProcess". While Adobe Reader starts and tries to read the file, shortly afterwards an error message is shown about that the file can't be opened because the access is denied. The important thing of course is that I'm starting my app which starts Adobe Reader using "CreateProcess" under the same user like when successfully printing from the shell manually. Using ProcMon I can additionally see that the correct PDF is accessed, to there's no problem with wrong paths or alike.
What resolves that issue is disabling the protected mode at sartup of Adobe Reader. BUT that shouldn't be necessary in theory, because things work when manually executed on the shell, using the context menu and as well when not using "CreateProcess" with some commandline, but "ShellExecuteEx" with the verb "print" instead. The problem simply is that Adobe Reader needs to print untrusted PDFs, so using protected mode makes sense. Additionally, my app is deployed to many different systems and I would like to avoid the adminitrative task of reconfiguring Adobe Reader to disable protected mode. The downside of the verb "print" and "ShellExecuteEx" is that I can't forward additional arguments.
Looking at ProcMon again, the behaviour of Adobe Reader seems to be pretty much the same up until a point where things not work anymore when using "CreateProcess". In both cases an instance of "Acrobat.exe" is created, which afterwards spawns an additional instance of itself using "LowIntegrity" mode and some additional command line arguments:
This looks to me like there's some recognition of interactive vs. non-interactive usage or alike and the former is allowed and the second denied. While my WIN32-app is 32 Bit and Adobe Reader 64, that doesn't seem to be the problem as well. I tested with a 32 Bit "cmd.exe" starting 64 Bit Adobe Reader and things work like expected.
So, what do I need to do with "CreateProcess" to fix this?
Print and prepress
Making the started command line more complex and e.g. add "cmd.exe", like when things are done manually, doesn't change a thing. In the end Adobe Reader is still denied access to the PDF for some reason:
I believe Acrobat Reader is only expected to be an interactive tool. I can offer no more insight, you've been very thorough, and the limits and properties of the sandbox are intentionally vague and fluid (to give a slippery attack surface).