Adobe Acrobrat reader JS disable
Our current method of disabling javascript globally in the Adobe reader is no longer going to work for us now that we are implementing a software package that requires the plugins that allow JS functionality in Adobe reader. I am looking to pursue the path again of attempting to prevent users from enabling JS from the preferences menu. Previously the option was not even available in preferences with our previous distro.
I believe this can be done by only allowing read permissions on HKCU\Software\Adobe\Acrobat Reader\9.0\JSPrefs key. In order for this to work this key cannot inherit permissions from the parent and the only permission allowed is read. The read permission has to be granted or Acrocrap defaults to JS enabled if it cannot read this key.
Can this be done using self healing and the LockRegPermissions table? If so does anyone know what the permission value would be in the LockRegPermissions table? Or if someone has figured out another way to accomplish disabling JS in Acrobrat that I have overlooked please let me know.
I am not concerned with users going into the registry to set the correct permissions on this key to enable JS.
I believe this can be done by only allowing read permissions on HKCU\Software\Adobe\Acrobat Reader\9.0\JSPrefs key. In order for this to work this key cannot inherit permissions from the parent and the only permission allowed is read. The read permission has to be granted or Acrocrap defaults to JS enabled if it cannot read this key.
Can this be done using self healing and the LockRegPermissions table? If so does anyone know what the permission value would be in the LockRegPermissions table? Or if someone has figured out another way to accomplish disabling JS in Acrobrat that I have overlooked please let me know.
I am not concerned with users going into the registry to set the correct permissions on this key to enable JS.
0 Comments
[ + ] Show comments
Answers (8)
Please log in to answer
Posted by:
anonymous_9363
14 years ago
Posted by:
joedown
14 years ago
VBScab I think you misread what I posted. Other than the fact that we are dealing with Adobe Acrocrap products. [:@] My issue is that I wish to make the JSPrefs registry key read only for the user to prevent them from going into the preferences menu and enabling JS. In my testing, by setting the key to read only rights they cannot enable JS and make it stick as they otherwise would. I'm just wanting to know if you can use the LockRegPermissions table and self healing to accomplish this?
Posted by:
anonymous_9363
14 years ago
I guess so but that table is a custom one, not a regular Windows Installer one. The format looks similar (making one wonder why they bothered...) but the definitive answer would need to come from Adobe. I expect it's exhaustively documented somewhere on the Adobe site, right? [sound of barely-concealed guffaws in the background]
As for self-healing, is that table read by a Custom Action? If so, I guess you could alter any condition on its execution such that it would run in that scenario.
As for self-healing, is that table read by a Custom Action? If so, I guess you could alter any condition on its execution such that it would run in that scenario.
Posted by:
joedown
14 years ago
Oh, my bad. I'm still learning this stuff and I didn't even realize that this wasn't a standard table. Of course why should I be surprised that Adobe would add a custom table? [:'(] So LockPermissions table is the one that I should be using. And yes, you are correct Ian this custom table is called in a custom action along with their LockFilePermissions table. What a cluster.
Surprisingly I found this article on Adobe's website: http://kb2.adobe.com/cps/509/cpsid_50909.html Explains a little how their table works.
Surprisingly I found this article on Adobe's website: http://kb2.adobe.com/cps/509/cpsid_50909.html Explains a little how their table works.
Posted by:
joedown
14 years ago
Posted by:
joedown
14 years ago
Ok, that seems doable now how does one insure that the self healing happens? Most user do not actually launch the application from a shortcut but rather they just double click on a PDF document or open one from the web thereby bypassing the shortcut entry point? Does this mean Active Setup in conjunction with self healing or something else?
Posted by:
pjgeutjens
14 years ago
Most user do not actually launch the application from a shortcut but rather they just double click on a PDF document ...
One option you have, Joe, besides active setup, is to advertise the .PDF file extension using the Extension table in your MSI (and ProgID and MIME, which it references). Since we're talking Adobe Reader here, and I seem to remember the .PDF extension actually NOT being advertised by Adobe's MSI (others are - use these for inspiration), you could try adding this extension advertisement, linking it to a component and its matching feature, and then in that same feature adding a component to do your user specific actions (which in this case means a Dummy Component I believe, just to trigger the repair, so the LockPermissions table can be processed)
One thing I should mention is that I've never done this myself yet, so let me know how it works out [;)]
EDIT: had a quick look at the vendor MSI for Reader 9.1.1, and the .pdf extension is put directly in the registry by the MSI, so no advertisement. You might need to remove these keys from the registry table when you replace em with the advertisement.
EDIT2: to be complete, you can ofcourse cop out and combine Active Setup and an msiexec.exe /f, but we're striving for something higher here, right? [8|]
PJ
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
so that the conversation will remain readable.