Highlighted

Do Privileged Locations Support Environment Variables?

Explorer ,
Feb 01, 2018

Copy link to clipboard

Copied

As the title suggests, I'm curious to know if Privileged Locations configured via the Acrobat Customization Wizard DC supports environment variables.

For example, will it work correctly/as expected if one uses pathing such as, but not limited to:

  • %AppData%\Some\Location
  • C:\Users\%UserName%\Some\Location
  • %UserProfile%\SomeOther\Location

Many thanks in advance.

Hey brogers123 & thanks for the reply.

There's nothing on that link that specifically states that Wildcards are supported for files & folders; It only mentions subdomains & IP addresses which might lead the reader to make the leap that wildcards may not be supported for files & folders.

Whether I use environment variables or wildcards in the Customization Wizard, when I run the customized installation & check 'Security (Enhanced)', Privileged Locations box is empty and so is the cTrustedFolders key, even though the customizations are captured in the MST.  (Use Orca or Flexera Admin Studio to review the MST)

I ended up contacting Enterprise support:

  • The Privileged Locations box being empty is apparently a known bug
  • I still don't know why cTrustedFolders is empty.  I could see there might be some internal process that might ignore entries with unusual characters like %'s and *'s, but that does not explain the other path I specified.
  • This is all almost moot anyway: Although Privileged Locations are just registry keys, there's no way to pre-populate them with user specific paths since the key must be a string not expand string which means it has to be populated via login script or via GPO.

Topics

Acrobat

Views

820

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Do Privileged Locations Support Environment Variables?

Explorer ,
Feb 01, 2018

Copy link to clipboard

Copied

As the title suggests, I'm curious to know if Privileged Locations configured via the Acrobat Customization Wizard DC supports environment variables.

For example, will it work correctly/as expected if one uses pathing such as, but not limited to:

  • %AppData%\Some\Location
  • C:\Users\%UserName%\Some\Location
  • %UserProfile%\SomeOther\Location

Many thanks in advance.

Hey brogers123 & thanks for the reply.

There's nothing on that link that specifically states that Wildcards are supported for files & folders; It only mentions subdomains & IP addresses which might lead the reader to make the leap that wildcards may not be supported for files & folders.

Whether I use environment variables or wildcards in the Customization Wizard, when I run the customized installation & check 'Security (Enhanced)', Privileged Locations box is empty and so is the cTrustedFolders key, even though the customizations are captured in the MST.  (Use Orca or Flexera Admin Studio to review the MST)

I ended up contacting Enterprise support:

  • The Privileged Locations box being empty is apparently a known bug
  • I still don't know why cTrustedFolders is empty.  I could see there might be some internal process that might ignore entries with unusual characters like %'s and *'s, but that does not explain the other path I specified.
  • This is all almost moot anyway: Although Privileged Locations are just registry keys, there's no way to pre-populate them with user specific paths since the key must be a string not expand string which means it has to be populated via login script or via GPO.

Topics

Acrobat

Views

821

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Adobe Employee ,
Feb 01, 2018

Copy link to clipboard

Copied

No, but you can use wildcards and use recursive folder trust.

Trust Methods — Acrobat Application Security Guide

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Explorer ,
Feb 13, 2018

Copy link to clipboard

Copied

Hey brogers123 & thanks for the reply.

There's nothing on that link that specifically states that Wildcards are supported for files & folders; It only mentions subdomains & IP addresses which might lead the reader to make the leap that wildcards may not be supported for files & folders.

Whether I use environment variables or wildcards in the Customization Wizard, when I run the customized installation & check 'Security (Enhanced)', Privileged Locations box is empty and so is the cTrustedFolders key, even though the customizations are captured in the MST.  (Use Orca or Flexera Admin Studio to review the MST)

I ended up contacting Enterprise support:

  • The Privileged Locations box being empty is apparently a known bug
  • I still don't know why cTrustedFolders is empty.  I could see there might be some internal process that might ignore entries with unusual characters like %'s and *'s, but that does not explain the other path I specified.
  • This is all almost moot anyway: Although Privileged Locations are just registry keys, there's no way to pre-populate them with user specific paths since the key must be a string not expand string which means it has to be populated via login script or via GPO.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Adobe Employee ,
Feb 13, 2018

Copy link to clipboard

Copied

The original answer was "No, it's not supported" which you figured out. The link was provided to show what is supported.

Can you elaborate on this?: Privileged Locations box being empty

What's empty and when? If you populate it manually via the UI it works. If you use the Wizard and deploy, it should work (haven't tried it recently). What do you think is broken?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Explorer ,
Feb 14, 2018

Copy link to clipboard

Copied

brogers123  wrote

The original answer was "No, it's not supported" which you figured out. The link was provided to show what is supported.

I specifically asked about environment variables for file & folder paths and your answer was "No, but you can use wildcards and use recursive folder trust." which is either:

  • You implying that while environment variables are not supported for file & folder paths, wildcards are support for file & folder paths; OR
  • Coerces the reader to infer that while environment variables are not supported for file & folder paths, wildcards are support for file & folder paths

A more appropriate/complete response would have been "No, and neither are wildcards unless you're dealing with IP's and domains/subdomains."

That's just my two cents; no harm no foul.

brogers123  wrote

Can you elaborate on this?: Privileged Locations box being empty

What's empty and when? If you populate it manually via the UI it works. If you use the Wizard and deploy, it should work (haven't tried it recently). What do you think is broken?

In the Customization Wizard I've added file & folder paths without environment variables and wildcards (e.g.: C:\Some\Folder ; H:\ etc.) generated the MST & saved the changes.  After running the installer I checked Preferences > Security (Enhanced) and the Privileged Locations box is empty, meaning, there is nothing there, no teven the paths I specified in the Customization Wizard.  So this is either by design (e.g.: administratively added paths - or ones added by the Customization Wizard - are intentionally obscured from user view) OR the customizations made in the Customization Wizard simply didn't take (e.g.: they were ignored by the installer during installation).

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
Sep 20, 2018

Copy link to clipboard

Copied

EnterpriseHelp​, when building a custom deployment, the locations set using the deployment wizard don't show up in the application itself.  for example, if I added https://www.google.com as  trusted host, when I installed the application, that host would not be listed as a trusted host.  however, if you open up the PC's registry, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\2017\FeatureLockDown\cTrustedSites\cTrustedForPV does have a dword for t0_recursive as a string for https://www.google.com.

The settings are being applied, however the application isn't recognizing them as trusted (or they are recognizing them, but they aren't showing up in the installed application as a trusted site)

I was hoping to use c:\%userprofile%\documents as a trusted folder, to indicate anything in the logged on users documents folder is trusted, but it appears that is not the case. Is there anyway to identify a folder in the current user's profile (that changes based on which user logs on) so we can always mark their desktop and documents as a trusted folder, but their download and temp files within their profile are not?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...