1 Reply Latest reply on May 28, 2010 9:08 AM by cbo_de

    Customization Wizard - Security Settings Not Sticking

      Hi,

      I'm trying to create a transform file to role out the Adobe Reader 9 msi file. I am using the Adobe Customization Wizard 9 and I can tell it is working to a degree as removing items from the Help menu work.

      However, the main reason I want to use it is to add domains to the 'Privileged Locations Exempt from Enhanced Security' option. I have added two domains in here and checked the option to allow 'External Content' and 'Silent Printing'. However, when I run the msi with the transform file the application installs, but the Edit - Preferences - Security (Enhanced) doesn't show the domains I have added.

      If I open the transform file in Notepad I can see the domains in there, so I know it's saving okay. But I think there must be some option I'm missing to enable them.

      Any help much appreciated.

      Nick
        • 1. Re: Customization Wizard - Security Settings Not Sticking
          cbo_de Level 1

          Hello community,


          it's amazing that the longstanding problem seems to stay down to the present day and neither Adobe nor admins found a solution for that. :-(

           

          My plain intention was to enable enhanced security, preconfigure trust and lock down all settings. The best way would be to create a patched and transformed msi package of Adobe Reader 9 which can be deployed by Windows group policys. After applying the msp to the msi file I opened the msi in Adobe Customization Wizard 9 and made the desired modifications, in particular by adding a recursive folder in Privileged Locations Exempt. The test setup ran without any problems. To verify the modifications in Reader I checked it under "Edit / Preferences / Security (Enhanced)" and wondered why the exempt list still was empty.

           

          In the Adobe "Enhanced Security and Trusted Locations" Guide there is specified where the enhanced security settings are stored in Windows Registry. At least the Privileged Locations Exempt entries should be stored in HKCU. I checked this up in registry of my test installation and found these entries in HKLM instead. So it seems that Adobe Reader would ignore these entries and it is expected that all settings are stored in HKCU indeed. But in that case the settings are only recognized if the user's interface is not locked down.

           

          So my questions are: Did anybody managed it? How is it possible keep preconfigured settings and lock down user's interface of Enhanced Security Settings at the same time? Is it better to avoid using Customization Wizard and deploy the settings via reg files instead?

           

          Any responses would be appreciated.

           

          Christian