Enterprise Toolkit > Windows Registry Reference

Lockable Preferences: Preventing End User Modification

On Windows, UNIX, and Macintosh (11.0 and later), certain security-sensitive or otherwise enterprise-centric preferences are lockable to prevent changes by end users through the user interface. These preferences often reside both in USER hives (e.g. HKCU) as well as machine level hives (e.g. HKLM). If a preference is lockable, it must exist in the machine level hive under the FeatureLockdown section. Modification requires administrator privileges.


For more detail, see the Adminstration Guide.
Lockable keys in FeatureLockDown
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms]
		"tSchemePerms"="version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3"
		"tSponsoredContentSchemeWhiteList"="http|https"
		"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"
The following subfeatures have lockable preferences:
3D
Keyname Description
bEnable3DContent Specifies whether to render 3D content in a PDF.

Actions (online resources)
Keyname Description
bFindMoreWorkflowsOnline Specifies whether to show the menu item that opens the online Actions file library.

Actions (shared folders)
Keyname Description
tDIPath Specifies a shared action file location.
tName Specifies a shared action file.

Digital Signature Certification
Keyname Description
bEnablePVCertificateBasedTrust Specifies whether a document's certification status should appear in the Protected View's DMB

Disabling Misc. Features
Keyname Description
bCommercialPDF Disables and locks a PDF's ability to display commercial ads.
bRegisterProduct For 9.x and earlier, disables UI items that allow users to register the product.
bShowAdsAllow Specifies whether ads can be dynamically added to a PDF.
bShowEbookMenu Disables and locks the Digital Editions menu item.
bWinCacheSessionHandles Specifies whether to retain cryptographic service provider (CSP) handles when a user authenticates to a digital ID.

Disabling Privileged Locations
Keyname Description
bDisableOSTrustedSites Locks the ability to treat IE trusted sites as privileged locations either on or off so the users can't change the bTrustOSTrustedSites value via the user interface.
bDisableTrustedFolders Disables trusted folders AND files and prevents users from specifying a privileged location for directories.
bDisableTrustedSites Disables and locks the ability to specify host-based privileged locations.

Document Message Bar
Keyname Description
bSuppressMessageBar Prevents the appearance of the document message bar.

Enhanced Security
Keyname Description
bEnhancedSecurityInBrowser Toggles enhanced security when the application is running in the browser.
bEnhancedSecurityStandalone Toggles enhanced security for the standalone application.

Flash
Keyname Description
bEnableFlash Specifies whether Flash content should be rendered in a PDF.

Form Preferences
Keyname Description
bAutoFill Locks the auto-fill functionality on or off and disables the corresponding user interface item.
bIgnoreDataSchema Specifies whether all data in a form is saved rather than only data related to the form's schema.

In Product Messaging
Keyname Description
bAllowUserToChangeMsgPrefs Locks the features associated with bShowMsgAtLaunch and bDontShowMsgWhenViewingDoc so that ends users can't change the settings.
bDontShowMsgWhenViewingDoc Specifies whether to show messages from Adobe when a document opens.
bShowMsgAtLaunch Specifies whether to show messages from Adobe when the product launches.

Install details
Keyname Description
Disable_Repair Specifies whether to disable the repair menu under help for virtualized installations.
Path Specifies the path of the current installation.

Install On Demand
Keyname Description

Network and Protocol Access
Keyname Description
cDefaultLaunchURLPerms A container for subkeys which provide permissions for access to content by protocol.
tFlashContentSchemeWhiteList A list of protocols Flash content can use to access external content.
tSchemePerms A list of protocols a PDF can use to access external content.
tSponsoredContentSchemeWhiteList A list of protocols sponsored content can use to access external content.

Online Features
Keyname Description
bPurchaseAcro Disables the Help > Purchase Acrobat menu item in Adobe Reader.

Password Caching
Keyname Description
bAllowPasswordSaving Controls whether certain passwords can be cached to disk; for example, passwords for digital IDs.

PDF Ownership
Keyname Description
bDisablePDFHandlerSwitching Disables the ability to change the specified default handler (PDF viewer).

Services (Acrobat.com)
Keyname Description
bDisableADCFileStore Disables storing files on Acrobat.com even when bEnableAcrobatHS = 1.
bDisableSharePointFeatures Disables the SharePoint and Office 365 integration features.
bEnableADCFileStore Enables the user interface items that allow storing files on Acrobat.com even when bEnableAcrobatHS = 0.
bEnableBHCache Toggles whether to cache files locally that are downloaded from Acrobat.com.
bShowDistAcrobatDotCom Specifies whether to allow Acrobat.com access from the Forms Central application.

Services (eSign-EchoSign)
Keyname Description
bEnableEchoSignDetection Displays the Document Message Bar when a blank signature field is detected.
bEnableFillSig Specifies whether to remove the Sign Now panel from the Sign Pane.
bEnableSignPane Toggles whether the Sign Pane (11.0.08 and earlier) or the Fill and Sign Pane (11.0.09 and later) should appear the user interface

Services (SharePoint-Office365)
Keyname Description
bDisableSharePointFeatures Disables the SharePoint and Office 365 integration features.

Shared Reviews
Keyname Description
bDisableOnBehalfOfText If false, the string "On behalf of" does not append the author's name in the comment when another person opens the document in a shared-review workflow.

Signature Clearing
Keyname Description
bEnableSignatureClear Specifies whether to disable and lock the ability for a signer to clear their own signature.

Signing: Format
Keyname Description
aSignFormat The format to use when signing a document using public key cryptography when a format is not specified by a seed value, javascript parameter, or the PubSec Handler.

Tool Sets (online resources)
Keyname Description
bFindMoreCustomizationsOnline Specifies whether to show the menu item that opens the online Acrobat Tool Set Exchange.

Updater Logging
Keyname Description
iLogLevel Sets the log level to either brief (0) or verbose (1).

WebMail (Custom)
Keyname Description
iIMAPPort Identifies the My Profile Mail IMAP server port number for WebMail.
iIMAPSecurity Specifies whether to enable the My Profile Mail IMAP security for WebMail.
iSMTPPort Identifies the My Profile Mail SMTP server port number for WebMail.
iSMTPSecurity Specifies whether to enable the My Profile Mail SMTP security for WebMail.
tIMAPDraftsFolder Identifies the My Profile Mail draft folder for WebMail.
tIMAPDraftsURL Identifies the My Profile Mail path to the draft folder for WebMail.
tIMAPHostName Identifies the My Profile Mail IMAP server name for WebMail.
tProfileID Identifies the My Profile Mail ID for WebMail.
tSMTPHostName Identifies the My Profile Mail SMTP server name for WebMail.

WebMail (Gmail)
Keyname Description
iClientType Identifies the Gmail Mail client type for WebMail.
tProfileID Identifies the Gmail Mail ID for WebMail.

WebMail (Yahoo)
Keyname Description
iClientType Identifies the Yahoo Mail client type for WebMail.
tProfileID Identifies the Yahoo Mail ID for WebMail.

Webmail Basics
Keyname Description
bDisableWebmail Specifies whether to disable WebMail.
tDefaultProfile Specifies the default WebMail profile.