4 Replies Latest reply on Feb 14, 2018 4:48 AM by JuliusPIV

    Do Privileged Locations Support Environment Variables?

    JuliusPIV Level 1

      As the title suggests, I'm curious to know if Privileged Locations configured via the Acrobat Customization Wizard DC supports environment variables.

      For example, will it work correctly/as expected if one uses pathing such as, but not limited to:

      • %AppData%\Some\Location
      • C:\Users\%UserName%\Some\Location
      • %UserProfile%\SomeOther\Location

      Many thanks in advance.

        • 1. Re: Do Privileged Locations Support Environment Variables?
          EnterpriseHelp Adobe Employee

          No, but you can use wildcards and use recursive folder trust.

           

          Trust Methods — Acrobat Application Security Guide

          1 person found this helpful
          • 2. Re: Do Privileged Locations Support Environment Variables?
            JuliusPIV Level 1

            Hey brogers123 & thanks for the reply.

             

            There's nothing on that link that specifically states that Wildcards are supported for files & folders; It only mentions subdomains & IP addresses which might lead the reader to make the leap that wildcards may not be supported for files & folders.

             

            Whether I use environment variables or wildcards in the Customization Wizard, when I run the customized installation & check 'Security (Enhanced)', Privileged Locations box is empty and so is the cTrustedFolders key, even though the customizations are captured in the MST.  (Use Orca or Flexera Admin Studio to review the MST)

             

            I ended up contacting Enterprise support:

            • The Privileged Locations box being empty is apparently a known bug
            • I still don't know why cTrustedFolders is empty.  I could see there might be some internal process that might ignore entries with unusual characters like %'s and *'s, but that does not explain the other path I specified.
            • This is all almost moot anyway: Although Privileged Locations are just registry keys, there's no way to pre-populate them with user specific paths since the key must be a string not expand string which means it has to be populated via login script or via GPO.
            1 person found this helpful
            • 3. Re: Do Privileged Locations Support Environment Variables?
              EnterpriseHelp Adobe Employee

              The original answer was "No, it's not supported" which you figured out. The link was provided to show what is supported.

               

              Can you elaborate on this?: Privileged Locations box being empty

               

              What's empty and when? If you populate it manually via the UI it works. If you use the Wizard and deploy, it should work (haven't tried it recently). What do you think is broken?

              • 4. Re: Do Privileged Locations Support Environment Variables?
                JuliusPIV Level 1

                EnterpriseHelp  wrote

                The original answer was "No, it's not supported" which you figured out. The link was provided to show what is supported.

                I specifically asked about environment variables for file & folder paths and your answer was "No, but you can use wildcards and use recursive folder trust." which is either:

                • You implying that while environment variables are not supported for file & folder paths, wildcards are support for file & folder paths; OR
                • Coerces the reader to infer that while environment variables are not supported for file & folder paths, wildcards are support for file & folder paths

                A more appropriate/complete response would have been "No, and neither are wildcards unless you're dealing with IP's and domains/subdomains."

                That's just my two cents; no harm no foul.

                 

                EnterpriseHelp  wrote

                Can you elaborate on this?: Privileged Locations box being empty

                What's empty and when? If you populate it manually via the UI it works. If you use the Wizard and deploy, it should work (haven't tried it recently). What do you think is broken?

                In the Customization Wizard I've added file & folder paths without environment variables and wildcards (e.g.: C:\Some\Folder ; H:\ etc.) generated the MST & saved the changes.  After running the installer I checked Preferences > Security (Enhanced) and the Privileged Locations box is empty, meaning, there is nothing there, no teven the paths I specified in the Customization Wizard.  So this is either by design (e.g.: administratively added paths - or ones added by the Customization Wizard - are intentionally obscured from user view) OR the customizations made in the Customization Wizard simply didn't take (e.g.: they were ignored by the installer during installation).