/build/static/layout/Breadcrumb_cap_w.png

Adobe Reader 11.0.11 Customization for Preferences / Security (Enhanced) / Sandbox Protections

I am new to GPO etc and have ran the Adobe Customization Wizard 11 to make changes but I can seem to get the "Preference" correct, under Security (Enhanced) Sandbox Protections I need the "Enable Protected Mode at startup" checked and greyed out and the Protected View set to off but not greyed out. I keep getting it backwards. I have added the following to the registry:

Add (Install Value)
    Key: HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
    Value: bProtectedMode
    Type: REG_DWORD
    Data: 1

But I am not sure what I am doing wrong, where in the customization wizard should the changes be made and to what to get both settings correct?

Thank you in advance for the help.

0 Comments   [ + ] Show comments

Answers (1)

Answer Summary:
Posted by: Newbie0000 8 years ago
Orange Senior Belt
0

Top Answer

Do check a gpo admin tmpl that adobe shared
http://www.securesenses.net/2013/03/hardening-adobe-reader-11-using-group.html
It is important to note that computer level settings are actual GP settings. This means that users cannot alter the configuration. Also the settings are reverted to their defaults when policy is removed. User level settings are treated as preferences and as such can be altered by users. Also they do not revert to defaults when GPO is removed.

Security wise we should consider enabling the following settings:

Computer Level>AR>Preferences>Startup: Enable Protected Mode at Startup
and if going into the registry setting which i suggest avoid it if poss, 64 or 32 bit machine has the setting in different loc
http://www.serveradventures.com/the-adventures/disabling-adobe-reader-xi-protected-mode-with-group-policyDisabling "Protected Mode" altogether is pretty simple, we just need to change the following registry key:
64-bit:
Keypath:          HKLM\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
Value name:   bProtectedMode
Value type:     REG_DWORD
Value data:     0

32-bit:
Keypath:          HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
Value name:   bProtectedMode
Value type:     REG_DWORD
Value data:     0

"In Reader 11.0, Protected View is only supported when Protected Mode is enabled. There can be no HKCU or HKLM Protected Mode registry preference set to 0 (off) when Protected View is enabled."

https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/protectedmode.html
https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/protectedview.html
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ