Disable editing permission on Enhanced Security -> Privileged Locations by GPO

Hi,

I would like to perform the following

- disable the user to open PDF with java script

- but has the option to enable by GPO via AD security group

- The PDF location has to be limited in a specific folder under Enhanced Security -> privilege locations

There are few things I tried but cannot fulfill all the requirements

- First thing I did is to disable JS by the registry key  HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\JSPrefs\bEnableJS = DWORD:0

However, this will leave the user the option to select always "enable javascript" under hte YMB (Yellow Message Bar). Then the file can be added to  Security (Enhanced) -> Prileged Locations). The registry key will be added as well, e.g.  HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\TrustManager\cTrustedFolders\cAlwaysTrustedForJavaScript\tID = c:\trustedfolder

- To disable the YMB option, I tried to add this registry key to completely disable the add ability by HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\bDisableTrustedFolders = DWORD: 1

However, this will even override the registry I put under HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\TrustManager\cTrustedFolders\cAlwaysTrustedForJavaScript\tID = c:\trustedfolder

The above registry key I aim to just target to select users in AD group and filter by GPO, but will be override.

May I know any option I can fulfill all requirement

Best regards,

Chris