Need additional transform for Adobe Acrobat deployment
I have developed an msi / mst package for Adobe Acrobat Reader 7.0.7 using the InstallShield Tuner for Adobe Acrobat.
It installs via Active Directory and group policy with no problems at all.
We are using Windows XP workstations and Windows 2003 servers.
However I have been asked to "tweak" the installation with a further change.
Specifically if you do the following in Acrobat:
Edit-->Preferences-->Security-->Advanced Preferences-->Windows Integration.
You will see 3 checkboxes. By default they are not checked.
We need these 3 checkboxes "checked" for digital signatures that we will be introducing.
The InstallShield Tuner for Adobe Acrobat does not "drill down" deep enough into the program to allow setup of these specific checkboxes.
My question, how should I do this?
I was thinking of creating a new transform but I am stuck on just what to add - I am sure that it is a registry setting.
The msi / mst package will be deployed as a computer-based policy to "all" staff in our organization.
Can anyone point me in the right direction on how to begin.
Thanks again
John
It installs via Active Directory and group policy with no problems at all.
We are using Windows XP workstations and Windows 2003 servers.
However I have been asked to "tweak" the installation with a further change.
Specifically if you do the following in Acrobat:
Edit-->Preferences-->Security-->Advanced Preferences-->Windows Integration.
You will see 3 checkboxes. By default they are not checked.
We need these 3 checkboxes "checked" for digital signatures that we will be introducing.
The InstallShield Tuner for Adobe Acrobat does not "drill down" deep enough into the program to allow setup of these specific checkboxes.
My question, how should I do this?
I was thinking of creating a new transform but I am stuck on just what to add - I am sure that it is a registry setting.
The msi / mst package will be deployed as a computer-based policy to "all" staff in our organization.
Can anyone point me in the right direction on how to begin.
Thanks again
John
0 Comments
[ + ] Show comments
Answers (7)
Please log in to answer
Posted by:
toddistic
17 years ago
Open the MSI package with Orca (by Microsoft, download is available in the MSDN section). From there you create a transform file with the appropriate changes.
Posted by:
spartacus
17 years ago
Hi John,
With Acrobat Reader v7, the effect of ticking the three boxes you mention is to set various registry values under the HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security key
The following is the contents of a .REG file exported from this key after the changes are made :
[font="Courier New"]Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security]
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI]
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI\cASPKI]
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI\cASPKI\cVerify]
"iReqRevCheck"=dword:00000002
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI\cMSCAPI_DirectoryProvider]
"iMSStoreTrusted"=dword:00000062
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cDigSig]
"bValidateOnOpen"=dword:00000001
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cHandlers]
"aVerify"=hex:41,64,6f,62,65,2e,4e,6f,48,61,6e,64,6c,65,72,00
"bVerifyUseAlways"=dword:00000000
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cPPKHandler]
"bCertStoreImportEnable"=dword:00000001
"iSigVerificationTime"=dword:00000001
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cPubSec]
"iDisplayValidIcon"=dword:00000000
The above can be cut and pasted into Notepad and saved as a .REG file which can then be imported into a transform using WISE, InstallShield or similar editing tool.
You don't strictly need to create a new transform as the above can be included in the transform you created with the Tuner Wizard, but you could if you like.
Note that the above are HKEY_CURRENT_USER registry settings, so to propagate these to each user of the target machine, you will need to ensure that any shortcuts are advertised to trigger the necessary self-repair on first launch. Or instead, you could use Active Setup (see elsewhere in the forum) in your transform.
Regards,
Spartacus
With Acrobat Reader v7, the effect of ticking the three boxes you mention is to set various registry values under the HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security key
The following is the contents of a .REG file exported from this key after the changes are made :
[font="Courier New"]Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security]
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI]
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI\cASPKI]
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI\cASPKI\cVerify]
"iReqRevCheck"=dword:00000002
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cASPKI\cMSCAPI_DirectoryProvider]
"iMSStoreTrusted"=dword:00000062
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cDigSig]
"bValidateOnOpen"=dword:00000001
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cHandlers]
"aVerify"=hex:41,64,6f,62,65,2e,4e,6f,48,61,6e,64,6c,65,72,00
"bVerifyUseAlways"=dword:00000000
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cPPKHandler]
"bCertStoreImportEnable"=dword:00000001
"iSigVerificationTime"=dword:00000001
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cPubSec]
"iDisplayValidIcon"=dword:00000000
The above can be cut and pasted into Notepad and saved as a .REG file which can then be imported into a transform using WISE, InstallShield or similar editing tool.
You don't strictly need to create a new transform as the above can be included in the transform you created with the Tuner Wizard, but you could if you like.
Note that the above are HKEY_CURRENT_USER registry settings, so to propagate these to each user of the target machine, you will need to ensure that any shortcuts are advertised to trigger the necessary self-repair on first launch. Or instead, you could use Active Setup (see elsewhere in the forum) in your transform.
Regards,
Spartacus
Posted by:
Zeke
17 years ago
Thanks Spartacus - your reg file proved to be most helpful.
I imported it using InstallShield and the msi / mst combination worked just as I had hoped - the three checkboxes were ticked off.
Thanks again!
I learn a lot on this forum
I imported it using InstallShield and the msi / mst combination worked just as I had hoped - the three checkboxes were ticked off.
Thanks again!
I learn a lot on this forum
Posted by:
vishal.dwivedi
17 years ago
Hi there,
I am just facing a similar type of problem
I also need to enable bCertStoreImportEnable
But the condition is that i need to do it for all user accounts
Therefore the changes should be made in (HKEY_LOCAL_MACHINE) registry values
Any Suggestions
Thanks In Advance
I am just facing a similar type of problem
I also need to enable bCertStoreImportEnable
But the condition is that i need to do it for all user accounts
Therefore the changes should be made in (HKEY_LOCAL_MACHINE) registry values
Any Suggestions
Thanks In Advance
Posted by:
spartacus
17 years ago
The value bCertStoreImportEnable is specifically a HKEY_CURRENT_USER setting, i.e.
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cPPKHandler]
"bCertStoreImportEnable"=dword:00000001
so I don't believe that using the HKEY_LOCAL_MACHINE portion of the registry would work. However, if you include it as a HKEY_CURRENT_USER registry entry in your package then as I stated in my earlier reply :
Regards,
Spartacus
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\Security\cPPKHandler]
"bCertStoreImportEnable"=dword:00000001
so I don't believe that using the HKEY_LOCAL_MACHINE portion of the registry would work. However, if you include it as a HKEY_CURRENT_USER registry entry in your package then as I stated in my earlier reply :
to propagate these to each user of the target machine, you will need to ensure that any shortcuts are advertised to trigger the necessary self-repair on first launch. Or instead, you could use Active Setup (see elsewhere in the forum) in your transform.
Regards,
Spartacus
Posted by:
vishal.dwivedi
17 years ago
thanks for reply
Sorry I am Not able to get u
The software (for which i need to configure) need to be installed on a machine and any user should be able to access the software.
If i configure these settings for current user , than other users will not be able to use the software.
What should i do??
Sorry I am Not able to get u
The software (for which i need to configure) need to be installed on a machine and any user should be able to access the software.
If i configure these settings for current user , than other users will not be able to use the software.
What should i do??
Posted by:
vishal.dwivedi
17 years ago
In acrobat 6.0 i have used it in configuring the security settings as HKEY_LOCAL_MACHINE KEY
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.