• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
1

Adding a folder path to the 'Privileged Locations' in 'Security (Enhanced)' does NOT allow symlinks to open. Error is access denied.

New Here ,
Mar 08, 2018 Mar 08, 2018

Copy link to clipboard

Copied

App: Adobe Acrobat Reader

Ver: 2018.011.20036

Sandbox Settings:

  Enable Protected Mode at startup: checked

  Protected View: I've tried all the settings and NOTHING changes

  Enhanced Security: Checked

I'm adding a number of share paths via "Edit -> Preferences -> Security (Enhanced) -> Privileged Locations -> Add Folder Path" to allow access to files which are now symlinks after being archived.  From what I'm reading in the docs once the folder is a 'Privileged Location' I should be able to open the symlink doc.  Instead, I get this error below.  I even tried adding the remote UNC path to where the symlics are pointing.

  There was an error opening this document. Access denied.

So I tried adding the file path as a privileged location.  Same error.

If I turn off Protected Mode the problem goes away.

What am I missing here?

Privileged Paths Include:

    \\dalgroups\departments

    \\dalgroups\departments\Information Technology

    \\dalgroups\departments\Information Technology\IS Operations\Unix Administration

    \\uusfwpkmp00\komprise

Log messages included below:

    [03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED

    [03:08/10:22:02] real path: \??\C:\Users\6693\AppData\Local\Microsoft\Windows\Caches\cversions.1.db

    [03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY

    [03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED

    [03:08/10:22:02] real path: \??\C:\Users\6693\AppData\Local\Microsoft\Windows\Caches\cversions.1.db

    [03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY

    [03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED

    [03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini

    [03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY

    [03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED

    [03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini

    [03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY

    [03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED

    [03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini

    [03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY

    [03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED

    [03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini

    [03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY

    [03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED

    [03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini

    [03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY

    [03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED

    [03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini

    [03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY

    [03:08/10:22:14] NtCreateKey: STATUS_ACCESS_DENIED

    [03:08/10:22:14] real path: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-682003330-386825\Software\Classes\Local Settings\MuiCache\170\52C64B7E

    [03:08/10:22:14] Consider modifying policy using this policy rule: REG_ALLOW_ANY

    [03:08/10:22:14] NtCreateKey: STATUS_ACCESS_DENIED

    [03:08/10:22:14] real path: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-682003330-386825\Software\Classes\Local Settings\MuiCache

    [03:08/10:22:14] Consider modifying policy using this policy rule: REG_ALLOW_ANY

    [03:08/10:22:14] NtCreateKey: STATUS_ACCESS_DENIED

    [03:08/10:22:14] real path: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-682003330-386825\Software\Classes\Local Settings\MuiCache\170\52C64B7E

    [03:08/10:22:14] Consider modifying policy using this policy rule: REG_ALLOW_ANY

    [03:08/10:22:14] NtCreateKey: STATUS_ACCESS_DENIED

    [03:08/10:22:14] real path: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-682003330-386825\Software\Classes\Local Settings\MuiCache

    [03:08/10:22:14] Consider modifying policy using this policy rule: REG_ALLOW_ANY

    [03:08/10:33:11] Invalid Object found

    [03:08/10:33:11] requested path: \??\UNC\dalgroups\departments\Information Technology\IS Operations\Unix Administration\Shared\BlueMix\IBM BlueMix workshop Lab F - Java EE Cloud Trader.pdf

    [03:08/10:33:11] actual path: \Device\Mup\uusfwpkmp00\komprise\1922\2156\IBM BlueMix workshop Lab F - Java EE Cloud Trader.pdf

    [03:08/10:33:11] Invalid Object found

    [03:08/10:33:11] requested path: \??\UNC\dalgroups\departments\Information Technology\IS Operations\Unix Administration\Shared\BlueMix\IBM BlueMix workshop Lab F - Java EE Cloud Trader.pdf

    [03:08/10:33:11] actual path: \Device\Mup\uusfwpkmp00\komprise\1922\2156\IBM BlueMix workshop Lab F - Java EE Cloud Trader.pdf

TOPICS
Security digital signatures and esignatures

Views

3.5K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jan 22, 2020 Jan 22, 2020

Copy link to clipboard

Copied

LATEST

Seems like the DFS is preventing access to the  namespace when a client tries to hit a folder target with Acrobat in protected mode .

 

See if when  you add the absolute path for a priviledged location    

that the  namespace is not configured to issue referrals with the "insite" option.

 

See here  for troubleshooting: https://support.microsoft.com/en-us/help/975440/how-to-troubleshoot-distributed-file-system-namespac... 

 

The cross domain troubleshooting log that you've posted is basically suggesting to allow any type of access which is the least restricted access policy, defeating the purpose of using Enhanced Security and  Protected Mode .

 

See here too: https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/xdomain.html#policy-file-configuration  

 

See here : https://helpx.adobe.com/acrobat/using/enhanced-security-setting-pdfs.html#bypass_enhanced_security_r... 

 

Since this seems to be not entirely related to Adobe Reader/Acrobat, there are a few more things that need to  be observed:

 

 

 

I hope these references help.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines