FoxIT Reader for PDF files is great! It loads up quickly, and is generally an awesome alternative to “the other guys”. But the security and configuration problems are exactly the same.
How are you going to deal with:
- Update behavior (turning it off, so users aren’t prompted)
- Turning off dangerous items like Javascript support
- Ensure “Enable Safe Reading Mode” is always turned on
… or anything else that’s important to your company?
Without PolicyPak, there is no way to deliver these settings and enforce them on. Watch this video to get a handle on the problem and where PolicyPak puts the smack down on this important problem.
Our solution isn’t a mere “ADM” template, it’s a true Group Policy extension, with powerful management and lockdown capabilities. PolicyPak can deliver, lockdown and revoke FoxITsettings – the way you need to using Group Policy.
Our PolicyPak software snaps-in to the Group Policy Editor and mimics the user interface of FoxIT Reader application itself. You can set key settings (like turning off FoxIT Reader updates), like what is seen here.
Without PolicyPak, you’ve got nothing. Users can just work around your settings and steamroll over you.
Besides, once you’re using PolicyPak to manage Acrobat Reader, you’ll also get to manage all your other enterprise desktop applications the same way:Java, WinZip, Firefox, and any custom applications you have. They’re 100% included – absolutely free.
It’s all included when you’re a PolicyPak Professional customer.
PolicyPak was designed by Microsoft MVP, Enterprise Mobility Jeremy Moskowitz – who “wrote the book” on Group Policy, runs GPanswers.com, and lives and breathes Group Policy and enterprise software deployments and desktop lockdown.
When you’re ready to get serious about managing FoxITReader today, click on the Download or Webinar button on the right and get your free download to test it out for yourself.
Manage FoxIT with Group Policy and PolicyPak Video Transcript
Hello, everybody. This is Jeremy Moskowitz, Microsoft MVP, Enterprise Mobility and Founder of PolicyPak Software.In this video, we’re going to learn how to configure FoxIT Reader using Group Policy and PolicyPak.
Let’s start off with taking a look at FoxIT Reader. I’m just logged on as a standard user. I’m not an administrator. I’m just a standard user. I’m a big fan of FoxIT Reader, but if you go to “Tools/Preferences…” there are a lot of things that a regular user – someone without admin rights –can do to unfortunately make your machine less secure. If you’re going to be deploying FoxIT Reader to all of your client machines, you’re going to want to make sure that the application itself is locked down and secure.
Let’s actually go from the bottom up. Let’s talk about “Updater.” A lot of organizations have their own schedule for setting updates. You probably don’t want the default to “Every 7 days automatically check for security updates, and update ads bar and start page.” What you probably want to do is to “Do not update automatically.”So we’re not going to click it here. We’re going to use Group Policy to do it. I just want to show you that this is the default.
Let’s go over to the “Trust Manager.” Here we go. See, there’s this thing called “Enable Safe Reading Mode,” which is very important to make sure that documents can’t do bad things and will help you avoid attacks from malicious documents. If a user wants to, they can uncheck that checkbox. That’s not good. We don’t want to do that, but if they do that and click “OK” there’s absolutely nothing preventing them from doing that.
Let’s go to another setting here. Let’s go to “JavaScript,” yet another one you probably want them to have this guy unchecked. You want to uncheck “Enable JavaScript Actions.” The idea is that, again, the bad guys can use JavaScript as an attack vector against FoxIT Reader.
So what we’re going to do is, gosh, we’ve got three things we want to do. We want to check some things and uncheck some things and also lock it down so users can’t work around your settings. Let’s go ahead and close FoxIT Reader.
Now we’ll go over to our Group Policy station, the one that creates Group Policy for us. You can see we’ve got the “PreConfigured PolicyPaks”here on the right. On the left here, I’ve got a folder that we’re going to copy our extensions to.
Let me say that again. On the right here, we’ve got our “PreConfigured PolicyPaks.” We’re going to pick the “FoxIT Reader 5.” You can see we’ve got others as well for “Acrobat 10.” We’ve got others for things like “Flash” and “Firefox” and “Lync” and “Java” and a lot of other great applications that you want to manage using Group Policy.
But today, we’re going to use “FoxIT Reader 5.” We’re going to take our preconfigured dll, “pp-FoxIT Reader 5.dl,l” and “Copy here” into the “PolicyPak Extensions” folder on our machine, the one that we’re going to create Group Policy from. That’s it. You’re done. You’re ready to go, and you’re ready to manage FoxIT Reader using Group Policy.
We’re going to create a “New GPO” against our “East Sales Users.” We’ll go ahead and “Manage FoxIT Reader using Group Policy and Firefox.”We’ll right click, click “Edit…” and now we will dive down under user side “PolicyPak/Applications/New/Application.”There it is, “PolicyPak for FoxIT Reader.” We’ll double click that, and here we go.
The first thing we want to do, we started off with “Updater.” Let’s go ahead and force it to “Do not update automatically.” We also want to go the extra mile here. Because this is a thing a user can configure on their own, we can prevent that behavior by right clicking over and selecting “Disable corresponding control in target application.”We’re going to lock it down so a user can’t possibly mess it up. You can see the checkmark is checked for “Disable corresponding control in target application.”
If we go over to the “Trust Manager,” we want to guarantee that “Enable Safe Reading Mode” is turned on. We’re going to check it, and an underline in PolicyPak means we’re going to deliver the setting. But again, it’s probably not enough to just check the checkbox. Again, we’re going to right click and “Disable corresponding control in target application,”make sure the user can’t possibly work around it.
Let’s go over to “JavaScript.” We want to uncheck this checkbox to “Enable JavaScript Actions.” We want to reduce the amount of stuff the bad guys can do. While we’re here, again we can “Disable corresponding control in target application.”
Now that we’ve made those three settings changes, let’s go back over to our client machine here. Now I could if I want to log off and log back on. I could get a totally new work station. If I’m using a terminal server or a VDI session, the very next time I log on I’m going to get this setting.
Because again, PolicyPak is part of the operating system. We act as part of the operating system. As soon as you log on, you get the latest, greatest Group Policy settings. I just happen to be accelerating things a little bit by using “gpupdate,” but I could have just as easily logged off and logged back on.
Let’s go ahead and now let’s run “FoxIT Reader 5.0” here. Let’s go to “Tools/Preferences…” here, and we’ll go from the bottom up. There’s “Updater.” Cool. We’ve set it to “Do not automatically update.” As you can see, it’s grayed out so the user can’t possibly mess around and thwart your setting.
We can also see “Trust Manager.” They cannot, prevent unchecking “Enable Safe Reading Mode.” You saw me as a regular user uncheck that and click “OK.” Now I’ve guaranteed it on as the IT administrator using Group Policy and PolicyPak.
Then if we go over to “JavaScript,” here we go. We’ve unchecked “Enable JavaScript Actions.” All the settings here are available for you to use in FoxIT Reader. If there’s something special that I didn’t cover that you want to have done using PolicyPak and FoxIT Reader, you have a preconfigured Pak ready to go.
That’s it. I hope you’ve enjoyed how to use PolicyPak with the preconfigured FoxIT ReaderPak to lock your machines down and change things like the “Updater,” “Trust Manager” and the “JavaScript” control.
Thanks very much. Remember, with PolicyPak, what you set is what they get.
Thanks so much. Take care.
