Hi all,
I want to get your advice about how to manage the following settings.
By default we have implemented through GPO the configuration of Adobe Reader DC that we want to keep on the registry but we are having some issues.
All of them are set to Update and as a REG_DWORD
bEnhancedSecurityInBrowser HKEY_LOCAL_MACHINE SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
bEnhancedSecurityInBrowser HKEY_CURRENT_USER SOFTWARE\Adobe\Acrobat Reader\DC\TrustManager
bEnhancedSecurityInBrowser HKEY_LOCAL_MACHINE SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
bEnhancedSecurityStandalone HKEY_LOCAL_MACHINE SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
bEnhancedSecurityStandalone HKEY_CURRENT_USER SOFTWARE\Adobe\Acrobat Reader\DC\TrustManager
bEnhancedSecurityStandalone HKEY_LOCAL_MACHINE SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
bProtectedMode HKEY_LOCAL_MACHINE SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
bProtectedMode HKEY_CURRENT_USER SOFTWARE\Adobe\Acrobat Reader\DC\TrustManager
bProtectedMode HKEY_LOCAL_MACHINE SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
iProtectedView HKEY_LOCAL_MACHINE SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
iProtectedView HKEY_CURRENT_USER SOFTWARE\Adobe\Acrobat Reader\DC\TrustManager
iProtectedView HKEY_LOCAL_MACHINE SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
This configuration leaves the Reader with the following configuration
Some users are having issue with this configuration so we have decided to let the users modify the settings.
But other issue appears.
How to reproduce:
Start adobe reader – settings – security (enhanced) uncheck “Enable Protected Mode at startup”
No problem so far, then force a GPupdate /force – this then activates the settings
Protected View: “Files from potentially unsafe locations” and keeps the “Enable Protected mode at startup “ un checked = this setting is a Unsupported configuration (https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/protectedmode.html)
That situation will cause the error below. As soon a pdf file is launched from a potential unsafe location. (= any pdf file from the Internet)
.png)
I believe we should ensure that we cannot fall into a unsupported configuration =
When “Enable Protected Mode at startup” is unchecked – then Protected View: must be set on Off
This issue will only be experienced when a User is unchecking “Enable Protected Mode at startup” but once this is done and the next GPO Update appears these Users will have an error.
Any advice will be welcome.
Thanks in advance.
Best Regards.
AdChoices