Adobe Reader 11.0.11 Customization for Preferences / Security (Enhanced) / Sandbox Protections
I am new to GPO etc and have ran the Adobe Customization Wizard 11 to make changes but I can seem to get the "Preference" correct, under Security (Enhanced) Sandbox Protections I need the "Enable Protected Mode at startup" checked and greyed out and the Protected View set to off but not greyed out. I keep getting it backwards. I have added the following to the registry:
Add (Install Value)
Key: HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
Value: bProtectedMode
Type: REG_DWORD
Data: 1
But I am not sure what I am doing wrong, where in the customization wizard should the changes be made and to what to get both settings correct?
Thank you in advance for the help.
Add (Install Value)
Key: HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
Value: bProtectedMode
Type: REG_DWORD
Data: 1
But I am not sure what I am doing wrong, where in the customization wizard should the changes be made and to what to get both settings correct?
Thank you in advance for the help.
0 Comments
[ + ] Show comments
Answers (1)
Answer Summary:
Please log in to answer
Posted by:
Newbie0000
9 years ago
Top Answer
Do check a gpo admin tmpl that adobe shared
http://www.securesenses.net/2013/03/hardening-adobe-reader-11-using-group.html
http://www.serveradventures.com/the-adventures/disabling-adobe-reader-xi-protected-mode-with-group-policy Disabling "Protected Mode" altogether is pretty simple, we just need to change the following registry key:
64-bit:
Keypath: HKLM\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
Value name: bProtectedMode
Value type: REG_DWORD
Value data: 0
32-bit:
Keypath: HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
Value name: bProtectedMode
Value type: REG_DWORD
Value data: 0
"In Reader 11.0, Protected View is only supported when Protected Mode is enabled. There can be no HKCU or HKLM Protected Mode registry preference set to 0 (off) when Protected View is enabled."
https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/protectedmode.html
https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/protectedview.html
http://www.securesenses.ne
It is important to note that computer level settings are actual GP settings. This means that users cannot alter the configuration. Also the settings are reverted to their defaults when policy is removed. User level settings are treated as preferences and as such can be altered by users. Also they do not revert to defaults when GPO is removed.
Security wise we should consider enabling the following settings:
Computer Level>AR>Preferences>Startup: Enable Protected Mode at Startup
and if going into the registry setting which i suggest avoid it if poss, 64 or 32 bit machine has the setting in different locSecurity wise we should consider enabling the following settings:
Computer Level>AR>Preferences>Start
http://www.serveradventure
64-bit:
Keypath: HKLM\SOFTWARE\Wow6432Node\
Value name: bProtectedMode
Value type: REG_DWORD
Value data: 0
32-bit:
Keypath: HKLM\SOFTWARE\Policies\Ado
Value name: bProtectedMode
Value type: REG_DWORD
Value data: 0
"In Reader 11.0, Protected View is only supported when Protected Mode is enabled. There can be no HKCU or HKLM Protected Mode registry preference set to 0 (off) when Protected View is enabled."
https://www.adobe.com/devn
https://www.adobe.com/devn