Let me add specifics about the Domain:
Windows XP SP3 Workstations ('86)
Windows 2003 Domain Controllers ('86)
Again, I have tested with roaming profiles, local profiles, local administrator profiles, anti-virus disabled; all fail to allow Reader's Protected Mode to start.
1 person found this helpful
I would like to know, what error do you get when you launch a pdf file in Reader X. Do you get the Incompatability dialog as shown below?
Do you access the PDF files through a Distributed File System?
Do you access the files through a Citrix Server?
Do you use Roaming profiles?
These are the cases where you Reader does not open up in protected mode. I have tried using Reader X on a domain and it opens up in protected mode.
Hi, Vinod Dobhal, thanks for the reply. That is the error. It does not matter if anti-virus is disabled, if a local or roaming profile is used. The file is on the local drive, or just starting Adobe X with no file will generate the error dialog that you show. It is entirely possible that some lock-down is interferring, we use the Federal Guidelines for lockdowns, and scan with Retina. My initial thoughts, after reading the link and posts in this forum, was that it was because of roaming profiles, but that was quickly disproved by using administrator accounts (which are local accounts).
The real problem in all of this is that Protected Mode is supposed to mitigate the listed CVEs, and if I cannot use Adobe Reader X with Protected Mode these CVEs are open on my computers. Internally the program has determined that it cannot start in protected mode, but it seems unable to communicate the reason.
Can you please tell the incompatibility dialog you are observing is on the cleint system i.e WinXP or in the domain controller i.e Win2003 in your case?
There is no point in attempting to "Beta" my results, as I cannot operate with this type of software. My requirements are for fully patched systems or mitigations in place (that cannot be influenced by regular users). Adobe elected to not patch Reader X for the two vulnerabilities listed in the header, relying instead on a non-operative, or best case user manipulated "Protected Mode" as mitigation. User operated controls do not satisfy the requirements on my systems, and even if user operation of "Protected Mode" were disabled, Reader X continues to fail to start in "Protected Mode" in my environment.
The idea behind security on IT assets is to not only protect the systems from external threats (www, hackers), but also from internal threats, such as normal users. These two vulnerabilities could easily have exploits loaded on CD-ROM or floppy and a normal user could disable "Protected Mode" in Reader X to make use of them. So, even if "Protected Mode" is usable the vulnerabilities remain open.