Copy link to clipboard
Copied
App: Adobe Acrobat Reader
Ver: 2018.011.20036
Sandbox Settings:
Enable Protected Mode at startup: checked
Protected View: I've tried all the settings and NOTHING changes
Enhanced Security: Checked
I'm adding a number of share paths via "Edit -> Preferences -> Security (Enhanced) -> Privileged Locations -> Add Folder Path" to allow access to files which are now symlinks after being archived. From what I'm reading in the docs once the folder is a 'Privileged Location' I should be able to open the symlink doc. Instead, I get this error below. I even tried adding the remote UNC path to where the symlics are pointing.
There was an error opening this document. Access denied.
So I tried adding the file path as a privileged location. Same error.
If I turn off Protected Mode the problem goes away.
What am I missing here?
Privileged Paths Include:
\\dalgroups\departments
\\dalgroups\departments\Information Technology
\\dalgroups\departments\Information Technology\IS Operations\Unix Administration
\\uusfwpkmp00\komprise
Log messages included below:
[03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED
[03:08/10:22:02] real path: \??\C:\Users\6693\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
[03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED
[03:08/10:22:02] real path: \??\C:\Users\6693\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
[03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED
[03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini
[03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED
[03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini
[03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED
[03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini
[03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED
[03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini
[03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED
[03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini
[03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[03:08/10:22:02] NtCreateFile: STATUS_ACCESS_DENIED
[03:08/10:22:02] real path: \??\C:\Users\6693\Desktop\desktop.ini
[03:08/10:22:02] Consider modifying policy using these policy rules: FILES_ALLOW_ANY or FILES_ALLOW_DIR_ANY
[03:08/10:22:14] NtCreateKey: STATUS_ACCESS_DENIED
[03:08/10:22:14] real path: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-682003330-386825\Software\Classes\Local Settings\MuiCache\170\52C64B7E
[03:08/10:22:14] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[03:08/10:22:14] NtCreateKey: STATUS_ACCESS_DENIED
[03:08/10:22:14] real path: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-682003330-386825\Software\Classes\Local Settings\MuiCache
[03:08/10:22:14] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[03:08/10:22:14] NtCreateKey: STATUS_ACCESS_DENIED
[03:08/10:22:14] real path: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-682003330-386825\Software\Classes\Local Settings\MuiCache\170\52C64B7E
[03:08/10:22:14] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[03:08/10:22:14] NtCreateKey: STATUS_ACCESS_DENIED
[03:08/10:22:14] real path: \REGISTRY\USER\S-1-5-21-1757981266-1390067357-682003330-386825\Software\Classes\Local Settings\MuiCache
[03:08/10:22:14] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[03:08/10:33:11] Invalid Object found
[03:08/10:33:11] requested path: \??\UNC\dalgroups\departments\Information Technology\IS Operations\Unix Administration\Shared\BlueMix\IBM BlueMix workshop Lab F - Java EE Cloud Trader.pdf
[03:08/10:33:11] actual path: \Device\Mup\uusfwpkmp00\komprise\1922\2156\IBM BlueMix workshop Lab F - Java EE Cloud Trader.pdf
[03:08/10:33:11] Invalid Object found
[03:08/10:33:11] requested path: \??\UNC\dalgroups\departments\Information Technology\IS Operations\Unix Administration\Shared\BlueMix\IBM BlueMix workshop Lab F - Java EE Cloud Trader.pdf
[03:08/10:33:11] actual path: \Device\Mup\uusfwpkmp00\komprise\1922\2156\IBM BlueMix workshop Lab F - Java EE Cloud Trader.pdf
Copy link to clipboard
Copied
Seems like the DFS is preventing access to the namespace when a client tries to hit a folder target with Acrobat in protected mode .
See if when you add the absolute path for a priviledged location
that the namespace is not configured to issue referrals with the "insite" option.
See here for troubleshooting: https://support.microsoft.com/en-us/help/975440/how-to-troubleshoot-distributed-file-system-namespac...
The cross domain troubleshooting log that you've posted is basically suggesting to allow any type of access which is the least restricted access policy, defeating the purpose of using Enhanced Security and Protected Mode .
See here too: https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/xdomain.html#policy-file-configuration
Since this seems to be not entirely related to Adobe Reader/Acrobat, there are a few more things that need to be observed:
I hope these references help.