Lockable Preferences

Lockable Preferences: Preventing End User Modification

On Windows, UNIX, and Macintosh (11.0 and later), certain security-sensitive or otherwise enterprise-centric preferences are lockable to prevent changes by end users through the user interface. These preferences often reside both in USER hives (e.g. HKCU) as well as machine level hives (e.g. HKLM). If a preference is lockable, it must exist in the machine level hive under the FeatureLockDown section. Modification requires administrator privileges.

For more detail, see the Administration Guide.

Lockable keys in FeatureLockDown

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms]
		"tSchemePerms"="version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3"
		"tSponsoredContentSchemeWhiteList"="http|https"
		"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"

The following subfeatures have lockable preferences:

Accessibility Auto Tagging
Actions (online resources)
Actions (shared folders)
Activation
AppContainer
Attachments
Bates numbering
Chrome Integration
Combine PDFs
Create PDF
Create PDF
DC Fill & Sign Integration
DC Send and Track
Digital Signature Certification
Disabling Privileged Locations
Disabling Sign Out
Document Message Bar
Editing Reflow
Editing Scanned PDFs
Enhanced Security
Flash
Form Preferences
Home Screen and Startup
In Product Messaging
Install details
Mobile Link
Modern Viewer
Network and Protocol Access
Password Caching
PDF Link Blocking
PDF Ownership
Protected Mode
Protected View
Protected View
Removing Tools
Right-hand Tools Pane Customization (DC)
Search
Services (Acrobat.com: 11.x and earlier)
Services (SharePoint-Office365)
Services (Unified Share)
Services-Acrobat Sign (DC)
Services-Cloud Storage (DC)
Services-Master Switches (DC)
Services-Notifications (DC)
Services-Preference Synchronization (DC)
Services-Reviews (DC)
Services-Scan app integration (DC)
Shared Reviews
Sharepoint integration
Sharepoint Integration
Signature Clearing
Signing
Signing: Format
Signing: User interface
Starred files
Tool Sets (online resources)
Updater (basic settings)
Updater Logging
Upsell
WebMail (Custom)
WebMail (Gmail)
WebMail (Yahoo)
Webmail Basics
What's New Experience
Windows Explorer Integration

Accessibility Auto Tagging

Keyname	Description
bCloudATFeatureEnable	Specifies whether to show the new auto tagging experience or revert to the old experience.

Actions (online resources)

Keyname	Description
bFindMoreWorkflowsOnline	Specifies whether to show the menu item that opens the online Actions file library.

Actions (shared folders)

Keyname	Description
tDIPath	Specifies a shared action file location.
tName	Specifies a shared action file.

Activation

Keyname	Description
IsAMTEnforced	Allows deployment of Acrobat on AppV for December, 2018 and later products.

AppContainer

Keyname	Description
bEnableProtectedModeAppContainer	Specifies whether to enable the AppContainer sandbox.

Attachments

Keyname	Description
bEnableBlacklistForOpenSave	Reverts the tBuiltInPermList behavior to that of the pre 21.011.20029 build.

Bates numbering

Keyname	Description
bBatesLogOriginalFileName	Specifies whether to use the original filename in the log file when the user selects Bates number-based output filenames.

Chrome Integration

Keyname	Description
bAcroSuppressOpenInReader	Specifies whether to disable and lock the PDF viewer Chrome extension.
ENABLE_CHROMEEXT	Specifies whether to install the Chrome extension for PDF viewing.

Combine PDFs

Keyname	Description
bRCMCombineFeatureKey	Specifies whether to display the Combine Files item in a document's right-click context menu.

Create PDF

Keyname	Description
bEnableFrictionlessInChromeExtn	Specifies whether to show Reader users the online Create PDF service option.
bGlobalBarMenuFeatureKey	Specifies whether to show the Create Split Menu under Create a PDF menu item.

Create PDF

Keyname	Description
BlockEMFParsing	Specifies whether to disable EMF file conversion to PDF.
BlockXPSParsing	Specifies whether to disable XPS file conversion to PDF.
EnablePDFMakerGroupImagesTagCorrectionFeature	Specifies whether to disable accessibility fixes for tagging grouped images.
EnablePDFMakerSplitTextPathElemsFeature	Specifies whether to enable the "SplitTextPathElemsFeature" tags correction feature when creating a PDF with Acrobat.
EnablePDFMakerTableHeaderCellTagAndScopeUpdateFeature	Specifies whether to disable accessibility fixes for tagging table headers.
ExportEntireTableContent	TBD

DC Fill & Sign Integration

Keyname	Description
bToggleFillSign	Disables Adobe Fill and Sign.
bToggleSendACopy	Specifies whether to hide the Send a Copy button from the Fill & Sign tool in Acrobat and Reader.

DC Send and Track

Keyname	Description
bAdobeSendPluginToggle	Toggles the Adobe Send and Track plugin for Outlook

Digital Signature Certification

Keyname	Description
bEnablePVCertificateBasedTrust	Specifies whether a document's certification status should appear in the Protected View's DMB

Disabling Privileged Locations

Keyname	Description
bDisableOSTrustedSites	Locks the ability to treat IE trusted sites as privileged locations either on or off so the users can't change the bTrustOSTrustedSites value via the user interface.
bDisableTrustedFolders	Disables trusted folders AND files and prevents users from specifying a privileged location for directories.
bDisableTrustedSites	Disables and locks the ability to specify host-based privileged locations.

Disabling Sign Out

Keyname	Description
bSuppressSignOut	Specifies whether the sign-in and sign-out Help menu item should be enabled.

Document Message Bar

Keyname	Description
bSuppressMessageBar	Prevents the appearance of the document message bar.

Editing Reflow

Keyname	Description
bEnableReflowEditing	Specifies whether to lock ReflowEditing and the reflow feature.
bReflowEditing	Specifies whether to enable reflow mode when editing a PDF.

Editing Scanned PDFs

Keyname	Description
DisableScannedDocumentEditing	Specifies whether to disable text recognition while editing scanned PDFs.

Enhanced Security

Keyname	Description
bEnhancedSecurityInBrowser	Toggles enhanced security when the application is running in the browser.
bEnhancedSecurityStandalone	Toggles enhanced security for the standalone application.

Flash

Keyname	Description
bEnableFlash	Specifies whether Flash content should be rendered in a PDF.

Form Preferences

Keyname	Description
bAutoFill	Locks the auto-fill functionality on or off and disables the corresponding user interface item.
bIgnoreDataSchema	Specifies whether all data in a form is saved rather than only data related to the form's schema.

Home Screen and Startup

Keyname	Description
bToggleFTE	Specifies whether to enable the First Time Experience (FTE) feature (Welcome tour/page).
bToggleToDoList	Specifies whether to show a "to do" list on the Home screen.
bToggleToDoTiles	Specifies whether to show To Do Cards in the Recent Tab view

In Product Messaging

Keyname	Description
bAllowUserToChangeMsgPrefs	Locks the features associated with bShowMsgAtLaunch and bDontShowMsgWhenViewingDoc so that ends users can't change the settings.
bDontShowMsgWhenViewingDoc	Specifies whether to show messages from Adobe when a document opens.
bShowMsgAtLaunch	Specifies whether to show messages from Adobe when the product launches.

Install details

Keyname	Description
Disable_Repair	Specifies whether to disable the Help > Repair Installation menu for standard users on virtualized installations.
DisableMaintenance	Specifies whether to disable the Help > Repair Installation menu for all users on virtual and and regular installs.
Path	Specifies the path of the current installation.

Mobile Link

Keyname

Description

Modern Viewer

Keyname	Description
bEnableAV2Enterprise	Specifies whether to enable the Modern Viewer.

Network and Protocol Access

Keyname	Description
cDefaultLaunchURLPerms	A container for subkeys which provide permissions for access to content by protocol.
tFlashContentSchemeWhiteList	A list of protocols Flash content can use to access external content.
tSchemePerms	A list of protocols a PDF can use to access external content.
tSponsoredContentSchemeWhiteList	A list of protocols sponsored content can use to access external content.

Password Caching

Keyname	Description
bAllowPasswordSaving	Controls whether certain passwords can be cached to disk; for example, passwords for digital IDs.

PDF Link Blocking

Keyname	Description
bDisablePDFRedirectionActions	Specifies whether to block specific PDF actions (listed below) which result in opening a link.

PDF Ownership

Keyname	Description
bDisablePDFHandlerSwitching	Disables the ability to change the specified default handler (PDF viewer).
bEnableAcrobatPromptForDocOpen	Specifies whether to prompt users to use Acrobat when both Reader and Acrobat are installed.
bHasAcrobatConsent	Specifies whether the Reader process should automatically open Acrobat for the current file.
bTogglePDFOwnershipToasts	Specifies whether to show a notification on machine startup that allows the user to make Acrobat the default PDF viewer.

Protected Mode

Keyname	Description
cJSEditor	Whitelists 3rd party JS editors when Protected Mode is enabled.
cProtectedModeConfigFiles	Provides a method for specifying file extensions exempt from Protected Mode restrictions.

Protected View

Keyname	Description
bDisableExpandEnvironmentVariables	Provides a method for admins to whitelist user libraries as trusted locations when Protected View is enabled.

Protected View

Keyname	Description
bEnablePVSwitchoutShortcut	Enables a shortcut key that allows users to exit Protected View for a specific document.

Removing Tools

Keyname	Description
a(index)	Removes a tool from the Tools tab as well as its associated shortcut in the right-hand pane.
cDisabled	A cab containing an index list of current right hand pane shortcuts.

Right-hand Tools Pane Customization (DC)

Keyname	Description
a(index)	Removes a tool from the Tools pane.
bDisableAcrobatShortcutCustomization	Prevents end users from modifying the tool shortcuts in the right hand pane.
cFavorites	A cab containing an index list of current right hand pane shortcuts.

Search

Keyname	Description
bEnableAutoCompleteExactMatchLoader	Specifies whether to show a "Working on it" message when using the cloud-based search service.
bEnableAutoCompleteNoExactMatchHeader	Specifies whether to show a "No exact match" message when using the cloud-based search service.
bEnableAutoCompleteNoInternetConnectionHeader	Specifies whether to show a "Requires internet connection" message when using the cloud-based search service.
bEnableCloudPoweredSearch	Specifies whether to enable the cloud-based search service in the Find Tool.
bEnableCloudPoweredSearchTokenCaching	Specifies whether to cache locally cloud-based search service suggestions.

Services (Acrobat.com: 11.x and earlier)

Keyname	Description
bDisableADCFileStore	Disables storing files on Acrobat.com even when bEnableAcrobatHS = 1.
bEnableADCFileStore	Enables the user interface items that allow storing files on Acrobat.com even when bEnableAcrobatHS = 0.
bEnableBHCache	Toggles whether to cache files locally that are downloaded from Acrobat.com.
bShowDistAcrobatDotCom	Specifies whether to allow Acrobat.com access from the Forms Central application.

Services (SharePoint-Office365)

Keyname	Description
bDisableSharePointFeatures	Disables the SharePoint and Office 365 integration features.

Services (Unified Share)

Keyname	Description
bSendMailShareRedirection	Change the email icon behavior so that it attaches the document to an email.
bToggleSendAndTrack	Disables Adobe Send and Track (some UI is renamed to "Share" since October, 2018)

Services-Acrobat Sign (DC)

Keyname	Description
bToggleAdobeSign	Disables Adobe Send for Signature (Acrobat Sign).
bToggleFSSSignatureSaving	Specifies whether to save a newly created signature in the cloud.
bToggleManageSign	Specifies whether to remove the Signature tab from the Home page's left-hand pane, notifications, and sign tracking cards.

Services-Cloud Storage (DC)

Keyname	Description
bBoxConnectorEnabled	Specifies whether to enable connection to the Box cloud when bToggleWebConnectors is set to 1.
bDropboxConnectorEnabled	Specifies whether to enable connection to the Dropbox cloud when bToggleWebConnectors is set to 1.
bGoogleDriveConnectorEnabled	Specifies whether to enable connection to the Google Drive cloud when bToggleWebConnectors is set to 1.
bOneDriveConnectorEnabled	Specifies whether to enable connection to the OneDrive cloud when bToggleWebConnectors is set to 1.
bToggleDocumentCloud	Specifies whether to enable Document Cloud storage.
bToggleWebConnectors	Specifies whether to enable cloud storage connectors.

Services-Master Switches (DC)

Keyname	Description
bToggleAdobeDocumentServices	Disables Document Cloud service access except those features controlled by the other preferences.
bUpdater	Disables both updates to the product's web-plugin components as well as all services.

Services-Notifications (DC)

Keyname	Description
bDisableThirdPartyPluginNotif	Specifies whether to notify users with 32 bit plugins that the app will soon update to 64 bit.
bEnableBellButton	Specifies whether to hide in-product messages.
bToggleNotifications	Specifies whether to disable all in-product and desktop notifications.
bToggleNotificationToasts	Specifies whether to hide desktop notifications.

Services-Preference Synchronization (DC)

Keyname	Description
bTogglePrefsSync	Disables preferences synchronization.

Services-Reviews (DC)

Keyname	Description
bEnableRecipientMention	Specifies whether to allow participants in a shared review to @mention people who are not review collaborators.
bEnableReviewPromote	Specifies whether to display a Share/Review feature reminder message when users have used those features in the past.
bToggleAdobeReview	Specifies whether to remove all UI related to the Document Cloud Review service.

Services-Scan app integration (DC)

Keyname	Description
bShowScanTabInHomeView	Specifies whether to disable the Scan tab in Home view.

Shared Reviews

Keyname	Description
bDisableOnBehalfOfText	If false, the string "On behalf of" does not append the author's name in the comment when another person opens the document in a shared-review workflow.

Sharepoint integration

Keyname	Description
bPreviouslyEnabledSharePointInChromeExtn	Stores the previous state of the Sharepoint FeatureLockDown settings.

Sharepoint Integration

Keyname	Description
bEnableSharePointInChromeExtn	Specifies whether to integrate Sharepoint into the Acrobat's Chrome extension.
tSharePointUrls	A pipe-separated list of Sharepoint URLs to whitelist.

Signature Clearing

Keyname	Description
bEnableSignatureClear	Specifies whether to disable and lock the ability for a signer to clear their own signature.

Signing

Keyname	Description
bShowSignMenu	Specifies whether to show the Sign menu in Acrobat's top level menu bar.

Signing: Format

Keyname	Description
aSignFormat	The format to use when signing a document using public key cryptography when a format is not specified by a seed value, javascript parameter, or the PubSec Handler.

Signing: User interface

Keyname	Description
bEnableCEFBasedUI	Specifies whether to enable the CEF-based, modern UI for digital signature workflows.

Starred files

Keyname	Description
bFavoritesFeaturesLockDown	Specifies whether to disable and lock the starred file feature.

Tool Sets (online resources)

Keyname	Description
bFindMoreCustomizationsOnline	Specifies whether to show the menu item that opens the online Acrobat Tool Set Exchange.

Updater (basic settings)

Keyname	Description
bUpdater	Disables the Updater and removes associated user interface items.
Check	Specifies the default time interval in hours to check for updates.
Mode	Specifies the Updater's update mode; for example, manual or automatic.

Updater Logging

Keyname	Description
iLogLevel	Sets the log level to either brief (0) or verbose (1).

Upsell

Keyname	Description
bAcroSuppressUpsell	For 12.x and later products, disables messages which encourage the user to upgrade the product.
bEnableTrialistLaunchCard	Specifies whether to prompt Acrobat trial users to complete the purchase.
bLimitPromptsFeatureKey	Specifies whether to limit the number of prompts a user will see in a 24 hour period.
bMerchandizingEnabled	Specifies whether to show the Express Templates options in Acrobat's Create PDF UI.
bPurchaseAcro	For legacy products, disables the Help > Purchase Acrobat menu item in Adobe Reader.
bReaderRetentionExperiment	Specifies whether to prompt Acrobat subscribers using Reader to download Acrobat.
bShowRhpToolSearch	Specifies whether to show "for purchase" tools when searching for tools in Reader.
bToggleDCAppCenter	Specifies whether to show the UI that helps users find and download additional apps.
bToggleSophiaWebInfra	Summary: Specifies whether to show users messages which promote (Trials, Acrobat, PDF Pack etc.)

WebMail (Custom)

Keyname	Description
iIMAPPort	Identifies the My Profile Mail IMAP server port number for WebMail.
iIMAPSecurity	Specifies whether to enable the My Profile Mail IMAP security for WebMail.
iSMTPPort	Identifies the My Profile Mail SMTP server port number for WebMail.
iSMTPSecurity	Specifies whether to enable the My Profile Mail SMTP security for WebMail.
tIMAPDraftsFolder	Identifies the My Profile Mail draft folder for WebMail.
tIMAPDraftsURL	Identifies the My Profile Mail path to the draft folder for WebMail.
tIMAPHostName	Identifies the My Profile Mail IMAP server name for WebMail.
tProfileID	Identifies the My Profile Mail ID for WebMail.
tSMTPHostName	Identifies the My Profile Mail SMTP server name for WebMail.

WebMail (Gmail)

Keyname	Description
iClientType	Identifies the Gmail Mail client type for WebMail.
tProfileID	Identifies the Gmail Mail ID for WebMail.

WebMail (Yahoo)

Keyname	Description
iClientType	Identifies the Yahoo Mail client type for WebMail.
tProfileID	Identifies the Yahoo Mail ID for WebMail.

Webmail Basics

Keyname	Description
bDisableWebmail	Specifies whether to disable WebMail.
tDefaultProfile	Specifies the default WebMail profile.

What's New Experience

Keyname	Description
bWhatsNewExp	Specifies whether to disable the What's New experience.

Windows Explorer Integration

Keyname	Description
bDisableThumbnailPreviewHandler	Specifies whether to disable and lock the user interface option that controls Acrobat-generated PDF thumbnail previews in Windows Explorer.