Could you enumerate what other programs are called by acrord32.exe?
I have to use software restriction policies, to prevent run other programs except adobe readre 9.
I set up group policy for user's software restriction policy: acrord32.exe
When I start acrobat reader, the program starts, reader window appears, but I get the following message.
Software cannot be run due to softwre restriction policies and adobe reader stops.
My question is what other programs I have to allow to run acrord32.exe?
I don't think this will be an easy one; there are countless DLLs in the Reader's install directory and subdirectories; there are EXE files and plug-ins, and whatnot. I think it will take a lot of patience to get that working.
Unless, of course, some other forum user here has done it before...
When a software restriction policy "goes off," Windows creates event-log entries that describe what happened. In many cases, you must be an Administrator to view the contents of this log.
Here's a page that might be useful. (I Googled "software restriction policy" "event viewer" ):
Although it is tedious to set up restriction policies, it can be worth it. (But also make sure that you are observing all the other prudent security practices, most especially making sure that the end-users are not "administrators.")
Realistically, the event log is the only way to determine "what runs what." It is also important that you run your tests from every flavor of user-account that will be affected by the policy, and that you periodically review the event logs to proactively detect errors that end users did not bother to report.