Acrobat Reader is on every desktop in your company. Too bad it has 800+ settings for you to deal with. Let’s say you only needed to deal with some key settings to make your company more secure.
Ask yourself, how would you manage things like:
- Update behavior (turning it off, so users aren’t prompted)
- Ensure Acrobat “Enhanced Security” is turned on
… or anything else that’s important to your company?
Okay. You’re right. You’re thinking that you’ve been able to deliver Acrobat Reader settings to clients with Acrobat’s helpful “Customization Wizard X” utility.
In fact, here are the steps you would need to perform:
- First extract the AdbeRdr1001_en_US.exethe parameters -nos_o”<file_path>” -nos_ne
- Download Adobe Customization Wizard X, use it, and create your ownMST(Microsoft Transform)file.
- Then, on each system, either run start /wait c:windowssystem32msiexec.exe /i “AcroRead.msi” TRANSFORMS=AcroRead.mst /qn /L* c:windowstempAdobeReader_10_US.log or use Group Policy Software Installation (or your favorite software distribution tool) to deliver the MSI and MST combo to all your systems.
Great.You’ve got a customized version of Acrobat on all your machines with all the settings you want.
Super! Now what do you do after Acrobat has been deployed and your users change your pre-configured settings? Or, you realized you need to change some important default?
Answer: Without PolicyPak, you’re in trouble. Big trouble.Watch this video to get a handle on the problem and where PolicyPak puts the smack down on this important problem.
But there’s a big problem with those. They can deliver the setting you want, but don’t enforce it.
Don’t be that guy !
Our solution isn’t a mere “ADM” template, it’s a true Group Policy extension, with powerful management and lockdown capabilities. PolicyPak can deliver, lockdown and revoke Acrobat settings – the way you need to using Group Policy.
Our PolicyPak software snaps-in to the Group Policy Editor and mimics the user interface of the Acrobat Reader application itself. You can set key settings (like turning off Acrobat Reader updates), like what is seen here:
Without PolicyPak, you’re on the losing side, because users are going to simply steamroll over you.
Besides, once you’re using PolicyPak to manage Acrobat Reader, you’ll also get to manage all your other enterprise desktop applications the same way:Java, WinZip, Firefox, and any custom applications you have. They’re 100% included – absolutely free.
It’s all included when you’re a PolicyPak Professional customer.
PolicyPak was designed by former Group Policy MVP Jeremy Moskowitz – who “wrote the book” on Group Policy, runs MDMandGPanswers.com, and lives and breathes Group Policy and enterprise software deployments and desktop lockdown.
When you’re ready to get serious about managing Acrobat Reader today, PolicyPak is ready for you. Unless you want your users to see this.
Manage Acrobat Reader with Group Policy video transcript
Hi, this is Jeremy Moskowitz, former Group Policy MVP and Founder of PolicyPak Software. In this discussion, we’re going to talk about how to configure and lock down Acrobat Reader using Group Policy and PolicyPak.
But a user can just check it if they want to, or they click on “Security” and they uncheck “Verify signatures when the document is opened.” They go to “Security (Enhanced),”and let’s – even though Adobe recommends you leave “Enhanced Security” enabled – let’s go ahead and uncheck it. Again, we’re thinking about as if we were a user here.
What we want to try to do is to ensure that the settings that we deliver, because it’s important to our company, is what happens in our applications. Let’s go ahead and close out Acrobat Reader here. Now we’re ready to go to use Group Policy to do this. The first thing we want to do here is let’s go to “C:Program FilesPolicyPakExtensions.” Like our other videos, the PreConfigured PolicyPaks and the PolicyPaks you create will live here under the “C:Program FilesPolicyPakExtensions” folder.
On the right here, I’ve got the PreConfigured Paks that I’ve downloaded from PolicyPak. Here’s Acrobat 10. There it is, the DLL file, the PreConfigured Pak. We’re just going to copy that guy in there. Cool. Then that’s it. We’ve got it locked and loaded.I’ve got another GPO here locking down Thunderbird, but that’s OK. We’ll go ahead and “Create a GPO” and link it here. We’ll call this “Lock Down Acrobat X.”
By unchecking it, it actually should gray out these other guys, but it doesn’t prevent the user from rechecking it. So we’re going to use PolicyPak superpower and right click over it and “Disable corresponding control in target application.” This would not be a normal thing you could do for Acrobat Reader.
We’ll also go over to that “Security” one here. We want to make sure that “Verify signatures when the document is opened” is checked. We want to make sure that’s true. There’s also “Security (Enhanced).” We want to also make sure that’s always checked, even though before you just saw that I worked around that. Also, while I’m here, let’s go to the “Updater” tab. Right now it’s configured for the user to “Automatically install updates.” Let’s “Do not download or install updates automatically.”
So we’re force-feeding in all these settings, and we’re doing some superpowers as well. Let’s go ahead back to our user. We’ll go ahead and run GPUpdate. They could also log off and log back on to get these settings as well. They could change job roles, or they could just hang out and wait and Group Policy will do its thing every 90 minutes or so.
Let’s go ahead and see what happens here once GPUpdate is finished. Alright, so that’s almost done here. Excellent. So let’s go ahead and fire up Acrobat Reader, and see if we can remember all of our changes.
If we go to “Security,” we’ve rechecked that checkbox. If we go to this other “Security (Enhanced)” – you know, maybe that’s super important. Again, it’s so important, let’s actually remove it from the user. I’ll show you how to do that in just a second. We’ll go to the “Updater” tab, and sure enough we’ve set it to “Do not download or install updates automatically.”
But you know what? I’ve still got that feeling about this guy, this “Enable Enhanced Security.” I really want to make sure users can’t work around that. So let me go ahead and close out Acrobat Reader again. Let’s go back to the Group Policy object here. Let’s go back to that “Security (Enhanced)” right there. Let’s right click over that guy, and we’re going to totally “Hide corresponding control in target application” – literally remove it – so a user can’t possibly screw it up. We’ll go ahead and hit “OK” there.
Now we’ll go back. We’ll run GPUpdate again. Let’s go ahead and see what happens. Again, we’re just changing that one setting. That one thing I really want to make sure users can’t possibly work around. Now that that’s done, let’s go rerun Acrobat Reader here. Go to “Edit/Preferences” here and check it out. That checkmark is now gone. I’ve completely removed it away from the user experience.
Thanks for watching. If you like what you see here with Acrobat Reader, it’s available for most applications. We’ve got a whole bunch of preconfigured Paks ready to use right now. Thanks so much. Take care.