The security setting export-import feature offers an alternative to pre-deployment installer tuning and post deployment configuration techniques such as GPO. For some enterprises, it can simplify the migration of existing security settings through version upgrades and across multiple machines. Settings can only be exported from Acrobat, but settings can be imported by both Acrobat and Adobe Reader. Introduced with 9.0, the ability to import and export digital signature settings via an``.acrobatsecuritysettings`` file allows you to secure, migrate, backup, restore, and distribute settings. Files can also be placed on a server, and client machines can be configured to automatically download such settings at required intervals.
How it works
The user interface allows users to export settings to a secure file. The settings are represented as XML containing elements that describe details for each supported security component, including encryption, digital signatures, usage rights, trusted identities, and so on. The format provides capabilities for different levels of the security settings management. The XML is embedded in an empty PDF document. The PDF has an .acrobatsecuritysettings extension. On export, the file is certified with an invisible signature and optionally encrypted so that only authorized users can access it and verify its trustworthiness before installation. At import time, the certification signature status is displayed at the top of the Import Security Settings dialog box.
Some settings such as PKCS#11 modules require manual installation and cannot automatically be moved.
Settings can only be exported from Acrobat.
Settings can be imported by both Acrobat and Adobe Reader. To import security settings:
For security reasons, acrobatsecuritysettings files do not carry the digital ID passwords. Before you can use any of the digital IDs you just imported, you must log in to each ID. You can do it now or later.
If your organization distributes security settings periodically, you can set up Acrobat to regularly check for updates to these policies. Server-based security is set up by an administrator who provides the URL from which to get security updates. Once the application is configured, Acrobat will periodically poll the server (the default time is every three months) via http or https.