Of course, you could replace Adobe Reader with another free PDF reader like Foxit Reader just be aware that alternative readers often have the same vulnerabilities as Adobe Reader, so you should set any reader to update automatically and disable JavaScript. These 2 steps will go a long way toward keeping Adobe Reader secure. In the Categories list on the left, click JavaScript.If you find that a certain PDF won't work without it, then you can always turn it on just for that PDF. Most people don't need JavaScript in Reader, so turn it off. To remove Acrobat products that are assigned to a computer, unlink the GPO from the OU, or remove the computer from the OU and GPO. Many of the exploits of Adobe Reader have involved PDFs with malicious JavaScript. Removing products via GPO¶ Removing Acrobat products by using GPOs requires unlinking the Active Directory OU from the GPO currently enabling the software to run. In the Categories list on the left, click Updater.In Adobe Reader, click Edit, then Preferences.Adobe recommends automatic installation to ensure that you always have the latest version. But Adobe went to great lengths to ensure updates could be installed without elevation - made possible via UAC patching and the Acrobat Reader Updater Service which runs in the SYSTEM context. Software is supposed to simplify life, right? Let it worry about keeping itself updated so you don't have to. Yes, I know it is standard practise to disable application updates.
These steps will only take you a few minutes.įirst, set Adobe Reader to update automatically. There are a few things you can do to reduce your risk of falling prey to a malicious PDF. Just check out the Adobe Security bulletins and advisories page for the long list of security updates Adobe has released recently. Yes, this is the 'fully supported' way for deploying Adobe Reader or Acrobat.Adobe Reader, the ubiquitous PDF reader, has become increasingly targeted by malware. Wow, really? Just to install Reader? Sheesh! I have used PDQDeploy in the past with success, but not lately. That process is what I do with every release and it works flawlessly. This will create a transform file that you will then apply to your GPO deployment in the next step.įinally, create your software deployment GPO by attaching the MSI and the MST files to their respecitve spots in the GPO. Get the Acrobat/Reader Customization Wizard to set customizations (i.e.: disable the auto updater). (download the msp files from, and slipstream using the followng command: msiexec /a "AcroRead.msi" /p "AdbeRdrUpd1012.msp" as an example. Perform an administrative install: http:/ / devnet-docs/ acrobatetk/ tools/ AdminGuide/ aip.htmlĭownload and slipsteam any patches available into the administrative install point. http:/ / / dmcmahon/ 2010/ 06/ 16/ how-to-extract-an-msi-file-from-the-exe-for-adobe-reader Steps for successful deployment of Adobe Reader:Įxtract the msi out using the 'supported' method.
0 kommentar(er)
