Does anyone know where Acrobat Reader stores the setting to disable JavaScript?
I'd like to centrally apply an update (through a policy, or a startup script, or a login script) on every machine on our network rather than sending everyone an email telling them to do it.
Ref: How To Geek has a way of doing this (and an explanation why) through the UI, but I want to do it centrally for 700 users.
We're using Group Policy to push this preference. If you're running the Client-Side Prefs extension, you don't even need to craft an ADM, you can just push the values. Please note that you will have to edit the "9.0" to match your major version of Adobe Reader.
Credit for the keys/values from here: http://www.acrobatusers.com/forums/aucbb/viewtopic.php?id=17210
ADM:
CLASS USER CATEGORY "Software Settings" CATEGORY "Adobe" CATEGORY "Reader" POLICY "bConsoleOpen" KEYNAME "Software\Adobe\Acrobat Reader\9.0\JSPrefs" VALUENAME "bConsoleOpen" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY "bEnableJS" KEYNAME "Software\Adobe\Acrobat Reader\9.0\JSPrefs" VALUENAME "bEnableJS" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY "bEnableMenuItems" KEYNAME "Software\Adobe\Acrobat Reader\9.0\JSPrefs" VALUENAME "bEnableMenuItems" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY END CATEGORY END CATEGORY END CATEGORYTo contribute back, here is my .reg file that I'm applying in the login script:
and here is the email that I'm sending to all users to suggest they secure their home computers:
Adobe have announced that there is currently a serious security vulnerability in Adobe Acrobat Reader. IT have already applied their recommended settings here at work so you do not need to do anything here.
If you use Adobe Reader at home, then IT would recommend that you update to the latest Acrobat Reader (download it from http://get.adobe.com/uk/reader/) and then you disable javascript in the program - you can do this by following the instructions in http://www.howtogeek.com/howto/7684/how-to-disable-javascript-in-adobe-reader-and-patch-the-latest-massive-security-hole/
If you want to know more, read on.
If you would like more details of this, or to confirm this, then Adobe's own security advisory is online at http://www.adobe.com/support/security/advisories/apsa09-07.html
IT always recommend that you should confirm any security alert you receive yourself with the official website of the company that has the problem, or with trustworthy official sources such as the US Government's CERT (www.cert.org - CERT's warning about this vulnerability is at http://www.kb.cert.org/vuls/id/508357). There are lots of fake security alerts that are intended either to "cry wolf" so people ignore real ones like this, or to induce you to buy software you don't need, or to download and install software that is harmful to your computer, so you should always check the alert yourself.
I'm not much of a sysadmin, but I know that PhishLabs has something about where in the Registry to turn this off on 9.0. In the comments, other users have suggested keys for other versions. You can find the article here: http://www.phishlabs.com/blog/archives/122
As to how you can push that registry change across the domain, I do not know. If you find out, add it on!