Copy link to clipboard
Copied
Hi,
I would like to perform the following
- disable the user to open PDF with java script
- but has the option to enable by GPO via AD security group
- The PDF location has to be limited in a specific folder under Enhanced Security -> privilege locations
There are few things I tried but cannot fulfill all the requirements
- First thing I did is to disable JS by the registry key HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\JSPrefs\bEnableJS = DWORD:0
However, this will leave the user the option to select always "enable javascript" under hte YMB (Yellow Message Bar). Then the file can be added to Security (Enhanced) -> Prileged Locations). The registry key will be added as well, e.g. HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\TrustManager\cTrustedFolders\cAlwaysTrustedForJavaScript\tID = c:\trustedfolder
- To disable the YMB option, I tried to add this registry key to completely disable the add ability by HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\bDisableTrustedFolders = DWORD: 1
However, this will even override the registry I put under HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\TrustManager\cTrustedFolders\cAlwaysTrustedForJavaScript\tID = c:\trustedfolder
The above registry key I aim to just target to select users in AD group and filter by GPO, but will be override.
May I know any option I can fulfill all requirement
Best regards,
Chris
Copy link to clipboard
Copied
Anyone has any comment on this case?
Copy link to clipboard
Copied
I moved your question to the Enterprise Deployment (Acrobat and Reader) forum, where you're more likely to get a reply about this issue.
Copy link to clipboard
Copied
I'm not sure I understand the question. GPO is a deployment method. The other items are specific settings. Any setting can be set via GPO.
Let's leave GPO out of it. What do you want users to be able to do and not do?