I have developed an msi / mst package for Adobe Acrobat Reader 7.0.7 using the InstallShield Tuner for Adobe Acrobat.

It installs via Active Directory and group policy with no problems at all.

We are using Windows XP workstations and Windows 2003 servers.

However I have been asked to "tweak" the installation with a further change.

Specifically if you do the following in Acrobat:

Edit-->Preferences-->Security-->Advanced Preferences-->Windows Integration.

You will see 3 checkboxes. By default they are not checked.

We need these 3 checkboxes "checked" for digital signatures that we will be introducing.

The InstallShield Tuner for Adobe Acrobat does not "drill down" deep enough into the program to allow setup of these specific checkboxes.

My question, how should I do this?

I was thinking of creating a new transform but I am stuck on just what to add - I am sure that it is a registry setting.

The msi / mst package will be deployed as a computer-based policy to "all" staff in our organization.

Can anyone point me in the right direction on how to begin.

Thanks again

John
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Open the MSI package with Orca (by Microsoft, download is available in the MSDN section). From there you create a transform file with the appropriate changes.
Answered 07/18/2006 by: toddistic
Yellow Belt

Please log in to comment
0
Hi John,

With Acrobat Reader v7, the effect of ticking the three boxes you mention is to set various registry values under the HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security key

The following is the contents of a .REG file exported from this key after the changes are made :


[font="Courier New"]Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security]

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI]

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI\cASPKI]

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI\cASPKI\cVerify]
"iReqRevCheck"=dword:00000002

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI\cMSCAPI_DirectoryProvider]
"iMSStoreTrusted"=dword:00000062

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cDigSig]
"bValidateOnOpen"=dword:00000001

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cHandlers]
"aVerify"=hex:41,64,6f,62,65,2e,4e,6f,48,61,6e,64,6c,65,72,00
"bVerifyUseAlways"=dword:00000000

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cPPKHandler]
"bCertStoreImportEnable"=dword:00000001
"iSigVerificationTime"=dword:00000001

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cPubSec]
"iDisplayValidIcon"=dword:00000000

The above can be cut and pasted into Notepad and saved as a .REG file which can then be imported into a transform using WISE, InstallShield or similar editing tool.

You don't strictly need to create a new transform as the above can be included in the transform you created with the Tuner Wizard, but you could if you like.

Note that the above are HKEY_CURRENT_USER registry settings, so to propagate these to each user of the target machine, you will need to ensure that any shortcuts are advertised to trigger the necessary self-repair on first launch. Or instead, you could use Active Setup (see elsewhere in the forum) in your transform.


Regards,

Spartacus
Answered 07/18/2006 by: spartacus
Black Belt

Please log in to comment
0
Thanks Spartacus - your reg file proved to be most helpful.

I imported it using InstallShield and the msi / mst combination worked just as I had hoped - the three checkboxes were ticked off.

Thanks again!

I learn a lot on this forum
Answered 07/18/2006 by: Zeke
Orange Belt

Please log in to comment
0
Hi there,

I am just facing a similar type of problem

I also need to enable bCertStoreImportEnable

But the condition is that i need to do it for all user accounts

Therefore the changes should be made in (HKEY_LOCAL_MACHINE) registry values

Any Suggestions

Thanks In Advance
Answered 08/30/2006 by: vishal.dwivedi
Senior Yellow Belt

Please log in to comment
0
The value bCertStoreImportEnable is specifically a HKEY_CURRENT_USER setting, i.e.

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cPPKHandler]
"bCertStoreImportEnable"=dword:00000001

so I don't believe that using the HKEY_LOCAL_MACHINE portion of the registry would work. However, if you include it as a HKEY_CURRENT_USER registry entry in your package then as I stated in my earlier reply :


to propagate these to each user of the target machine, you will need to ensure that any shortcuts are advertised to trigger the necessary self-repair on first launch. Or instead, you could use Active Setup (see elsewhere in the forum) in your transform.


Regards,

Spartacus
Answered 08/30/2006 by: spartacus
Black Belt

Please log in to comment
0
thanks for reply

Sorry I am Not able to get u

The software (for which i need to configure) need to be installed on a machine and any user should be able to access the software.

If i configure these settings for current user , than other users will not be able to use the software.

What should i do??
Answered 08/30/2006 by: vishal.dwivedi
Senior Yellow Belt

Please log in to comment
0
In acrobat 6.0 i have used it in configuring the security settings as HKEY_LOCAL_MACHINE KEY
Answered 08/30/2006 by: vishal.dwivedi
Senior Yellow Belt

Please log in to comment
Answer this question or Comment on this question for clarity