Adobe Acrobat Reader X (10) enterprise deployment

Lets face it, a lot of software vendors aren’t thinking about us poor grunts in enterprise IT when they design their software.  If they were, everything would be available neatly packaged as a .msi file, ready for enterprise deployment via such tools as Microsoft’s Group Policy. Some vendors do package their installers as msi files inside of an exe wrapper, which can be easily extracted using a tool like 7-Zip, or by searching the local temp folders after kicking-off the install routine.  With Acrobat Reader, Adobe has actually done one better.

First, you can request an enterprise-deployment-ready installer here.
In my experience, you will generally have a link to the download the same day.

Second, they have actually created a nice set of documentation and even an msi customization utility based around enterprise deployment and administration.

So, you have some special needs in your environment and only want PDF files from links in IE to open in the browser? You can do that. What? You never want them to open in the browser? You can set that preference too. A nice touch for me is the ability to supress the EULA so users aren’t confronted with it the first time they try to open a PDF. As if we don’t already already know we have signed our souls over to the software vendors…

One thing that was missing, however, from an otherwise nice and quite comprehensive customization tool is the ability to disable the new Reader security feature called “Protected Mode”.  Now, I’m all for improved security, and Adobe ( almost synonymous with PDF) has recently gotten beaten on for at least one serious vulnerability. Unfortunately there happens to be a long list of circumstances in which Protected Mode will prevent the user from opening perfectly good documents,  and we fall into one of these circumstances. I suspect it is due to folder redirection, and if you likewise use folder redirection, you probably do as well.  So, I had to find a way to disable it lest every one of our users be confronted with an ugly error message the first time they try to launch the application.  I found the solution buried in the last note on the app kb page on appdeploy.com; may God bless the creators and contributors of that site.  A simple registry edit (local computer didn’t work for me as the post suggests, so I went with current user) solved the problem.  Simply add: HKCU\Software\Adobe\Acrobat Reader\10.0\Privileged\bProtectedMode with a dword value of zero.  Of course, doing that with a script can be so ugly, so, since the application is being deployed with group policy, an admx entry seemed like just the fix. Sounds like a topic for another post!

Advertisements

~ by Jay P Morgan on February 3, 2011.

4 Responses to “Adobe Acrobat Reader X (10) enterprise deployment”

  1. […] Adobe Acrobat X as an example.  As discussed in another post, Adobe has included some nice customization options, but they do not include the ability to disable […]

  2. I too am running into the AcroExch error on Adobe Acrobat Reader 9.5.0 It will not allow me to enter the registry using the hky that is listed on the internet.

    Any help in resolving this issue would be greatly appreciated.

    • The registry entry is really only needed in an enterprise deployment. If you are using this on a single, or few computers, then all you need to do is disable Protected mode from within the preferences. However, I don’t recall Protected Mode being a feature of Adobe Reader 9.x, so you may have another issue. Regards, Jay

      • The problem I believe is with the Cannon Printer software. Before my HP printer gave out, I had no problem. So when looking for a new printer, I was told that the cost of operation of the Cannon Printers was tons less than the HP brand. But don’t believe I will ever purchase another Cannon printer. Cannon doesn’t even communicate with Microsoft Office the most popular office software.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s