Enterprise Toolkit | Windows Registry Reference

Lockable Preferences: Preventing End User Modification

On Windows, UNIX, and Macintosh (11.0 and later), certain security-sensitive or otherwise enterprise-centric preferences are lockable to prevent changes by end users through the user interface. These preferences often reside both in USER hives (e.g. HKCU) as well as machine level hives (e.g. HKLM). If a preference is lockable, it must exist in the machine level hive under the FeatureLockDown section. Modification requires administrator privileges.


For more detail, see the Administration Guide.
Lockable keys in FeatureLockDown
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms]
		"tSchemePerms"="version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3"
		"tSponsoredContentSchemeWhiteList"="http|https"
		"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"
The following subfeatures have lockable preferences:
Keyname Description
IsAMTEnforced Allows deployment of Acrobat on AppV for December, 2018 and later products.

Keyname Description
bPreviouslyEnabledSharePointInChromeExtn Stores the previous state of the Sharepoint FeatureLockDown settings.

Actions (online resources)
Keyname Description
bFindMoreWorkflowsOnline Specifies whether to show the menu item that opens the online Actions file library.

Actions (shared folders)
Keyname Description
tDIPath Specifies a shared action file location.
tName Specifies a shared action file.

AppContainer
Keyname Description
bEnableProtectedModeAppContainer Specifies whether to enable the AppContainer sandbox.

Bates numbering
Keyname Description
bBatesLogOriginalFileName Specifies whether to use the original filename in the log file when the user selects Bates number-based output filenames.

Chrome Integration
Keyname Description
bAcroSuppressOpenInReader Specifies whether to disable and lock the PDF viewer Chrome extension.
ENABLE_CHROMEEXT Specifies whether to disable the first time startup screen that prompts users to install the Chrome extension for PDF viewing.

Create PDF
Keyname Description
bEnableFrictionlessInChromeExtn Specifies whether to show Reader users the online Create PDF service option.

Create PDF
Keyname Description
BlockEMFParsing Specifies whether to disable EMF file conversion to PDF.
BlockXPSParsing Specifies whether to disable XPS file conversion to PDF.
ExportEntireTableContent TBD

DC Fill & Sign Integration
Keyname Description
bToggleFillSign Disables Adobe Fill and Sign.
bToggleSendACopy Specifies whether to hide the Send a Copy button from the Fill & Sign tool in Acrobat and Reader.

DC Send and Track
Keyname Description
bAdobeSendPluginToggle Toggles the Adobe Send and Track plugin for Outlook

Digital Signature Certification
Keyname Description
bEnablePVCertificateBasedTrust Specifies whether a document's certification status should appear in the Protected View's DMB

Disabling Privileged Locations
Keyname Description
bDisableOSTrustedSites Locks the ability to treat IE trusted sites as privileged locations either on or off so the users can't change the bTrustOSTrustedSites value via the user interface.
bDisableTrustedFolders Disables trusted folders AND files and prevents users from specifying a privileged location for directories.
bDisableTrustedSites Disables and locks the ability to specify host-based privileged locations.

Disabling Sign Out
Keyname Description
bSuppressSignOut Specifies whether the sign-in and sign-out Help menu item should be enabled.

Document Message Bar
Keyname Description
bSuppressMessageBar Prevents the appearance of the document message bar.

Editing Scanned PDFs
Keyname Description
DisableScannedDocumentEditing Specifies whether to disable text recognition while editing scanned PDFs.

Enhanced Security
Keyname Description
bEnhancedSecurityInBrowser Toggles enhanced security when the application is running in the browser.
bEnhancedSecurityStandalone Toggles enhanced security for the standalone application.

Flash
Keyname Description
bEnableFlash Specifies whether Flash content should be rendered in a PDF.

Form Preferences
Keyname Description
bAutoFill Locks the auto-fill functionality on or off and disables the corresponding user interface item.
bIgnoreDataSchema Specifies whether all data in a form is saved rather than only data related to the form's schema.

Home Screen and Startup
Keyname Description
bToggleFTE Specifies whether to enable the First Time Experience (FTE) feature (Welcome tour/page).
bToggleToDoList Specifies whether to show a "to do" list on the Home screen.
bToggleToDoTiles Specifies whether to show To Do Cards in the Recent Tab view

In Product Messaging
Keyname Description
bAllowUserToChangeMsgPrefs Locks the features associated with bShowMsgAtLaunch and bDontShowMsgWhenViewingDoc so that ends users can't change the settings.
bDontShowMsgWhenViewingDoc Specifies whether to show messages from Adobe when a document opens.
bShowMsgAtLaunch Specifies whether to show messages from Adobe when the product launches.

Install details
Keyname Description
Disable_Repair Specifies whether to disable the Help > Repair Installation menu for standard users on virtualized installations.
DisableMaintenance Specifies whether to disable the Help > Repair Installation menu for all users on virtual and and regular installs.
Path Specifies the path of the current installation.

Mobile Link
Keyname Description

Network and Protocol Access
Keyname Description
cDefaultLaunchURLPerms A container for subkeys which provide permissions for access to content by protocol.
tFlashContentSchemeWhiteList A list of protocols Flash content can use to access external content.
tSchemePerms A list of protocols a PDF can use to access external content.
tSponsoredContentSchemeWhiteList A list of protocols sponsored content can use to access external content.

Password Caching
Keyname Description
bAllowPasswordSaving Controls whether certain passwords can be cached to disk; for example, passwords for digital IDs.

PDF Link Blocking
Keyname Description
bDisablePDFRedirectionActions Specifies whether to block specific PDF actions (listed below) which result in opening a link.

PDF Ownership
Keyname Description
bDisablePDFHandlerSwitching Disables the ability to change the specified default handler (PDF viewer).
bEnableAcrobatPromptForDocOpen Specifies whether to prompt users to use Acrobat when both Reader and Acrobat are installed.
bHasAcrobatConsent Specifies whether the Reader process should automatically open Acrobat for the current file.
bTogglePDFOwnershipToasts Specifies whether to show a notification on machine startup that allows the user to make Acrobat the default PDF viewer.

Protected Mode
Keyname Description
cJSEditor Whitelists 3rd party JS editors when Protected Mode is enabled.
cProtectedModeConfigFiles Provides a method for specifying file extensions exempt from Protected Mode restrictions.

Protected View
Keyname Description
bEnablePVSwitchoutShortcut Enables a shortcut key that allows users to exit Protected View for a specific document.

Protected View
Keyname Description
bDisableExpandEnvironmentVariables Provides a method for admins to whitelist user libraries as trusted locations when Protected View is enabled.

Removing Tools
Keyname Description
a(index) Removes a tool from the Tools tab as well as its associated shortcut in the right-hand pane.
cDisabled A cab containing an index list of current right hand pane shortcuts.

Right-hand Tools Pane Customization (DC)
Keyname Description
a(index) Removes a tool from the Tools pane.
bDisableAcrobatShortcutCustomization Prevents end users from modifying the tool shortcuts in the right hand pane.
cFavorites A cab containing an index list of current right hand pane shortcuts.

Search
Keyname Description
bEnableAutoCompleteExactMatchLoader Specifies whether to show a "Working on it" message when using the cloud-based search service.
bEnableAutoCompleteNoExactMatchHeader Specifies whether to show a "No exact match" message when using the cloud-based search service.
bEnableAutoCompleteNoInternetConnectionHeader Specifies whether to show a "Requires internet connection" message when using the cloud-based search service.
bEnableCloudPoweredSearch Specifies whether to enable the cloud-based search service in the Find Tool.
bEnableCloudPoweredSearchTokenCaching Specifies whether to cache locally cloud-based search service suggestions.

Services (Acrobat.com: 11.x and earlier)
Keyname Description
bDisableADCFileStore Disables storing files on Acrobat.com even when bEnableAcrobatHS = 1.
bEnableADCFileStore Enables the user interface items that allow storing files on Acrobat.com even when bEnableAcrobatHS = 0.
bEnableBHCache Toggles whether to cache files locally that are downloaded from Acrobat.com.
bShowDistAcrobatDotCom Specifies whether to allow Acrobat.com access from the Forms Central application.

Services (SharePoint-Office365)
Keyname Description
bDisableSharePointFeatures Disables the SharePoint and Office 365 integration features.

Services (Unified Share)
Keyname Description
bSendMailShareRedirection Change the email icon behavior so that it attaches the document to an email.
bToggleSendAndTrack Disables Adobe Send and Track (some UI is renamed to "Share" since October, 2018)

Services-Adobe Sign (DC)
Keyname Description
bToggleAdobeSign Disables Adobe Send for Signature (Adobe Sign).
bToggleFSSSignatureSaving Specifies whether to save a newly created signature in the cloud.
bToggleManageSign Specifies whether to remove the Signature tab from the Home page's left-hand pane, notifications, and sign tracking cards.

Services-Cloud Storage (DC)
Keyname Description
bBoxConnectorEnabled Specifies whether to enable connection to the Box cloud when bToggleWebConnectors is set to 1.
bDropboxConnectorEnabled Specifies whether to enable connection to the Dropbox cloud when bToggleWebConnectors is set to 1.
bGoogleDriveConnectorEnabled Specifies whether to enable connection to the Google Drive cloud when bToggleWebConnectors is set to 1.
bOneDriveConnectorEnabled Specifies whether to enable connection to the OneDrive cloud when bToggleWebConnectors is set to 1.
bToggleDocumentCloud Specifies whether to enable Document Cloud storage.
bToggleWebConnectors Specifies whether to enable cloud storage connectors.

Services-Master Switches (DC)
Keyname Description
bToggleAdobeDocumentServices Disables Document Cloud service access except those features controlled by the other preferences.
bUpdater Disables both updates to the product's web-plugin components as well as all services.

Services-Notifications (DC)
Keyname Description
bDisableThirdPartyPluginNotif Specifies whether to notify users with 32 bit plugins that the app will soon update to 64 bit.
bEnableBellButton Specifies whether to hide in-product messages.
bToggleNotifications Specifies whether to disable all in-product and desktop notifications.
bToggleNotificationToasts Specifies whether to hide desktop notifications.

Services-Preference Synchronization (DC)
Keyname Description
bTogglePrefsSync Disables preferences synchronization.

Services-Reviews (DC)
Keyname Description
bEnableReviewPromote Specifies whether to display a Share/Review feature reminder message when users have used those features in the past.
bToggleAdobeReview Specifies whether to remove all UI related to the Document Cloud Review service.

Services-Scan app integration (DC)
Keyname Description
bShowScanTabInHomeView Specifies whether to disable the Scan tab in Home view.

Shared Reviews
Keyname Description
bDisableOnBehalfOfText If false, the string "On behalf of" does not append the author's name in the comment when another person opens the document in a shared-review workflow.

Sharepoint Integration
Keyname Description
bEnableSharePointInChromeExtn Specifies whether to integrate Sharepoint into the Acrobat's Chrome extension.
tSharePointUrls A pipe-separated list of Sharepoint URLs to whitelist.

Signature Clearing
Keyname Description
bEnableSignatureClear Specifies whether to disable and lock the ability for a signer to clear their own signature.

Signing
Keyname Description
bShowSignMenu Specifies whether to show the Sign menu in Acrobat's top level menu bar.

Signing: Format
Keyname Description
aSignFormat The format to use when signing a document using public key cryptography when a format is not specified by a seed value, javascript parameter, or the PubSec Handler.

Signing: User interface
Keyname Description
bEnableCEFBasedUI Specifies whether to enable the CEF-based, modern UI for digital signature workflows.

Starred files
Keyname Description
bFavoritesFeaturesLockDown Specifies whether to disable and lock the starred file feature.

Tool Sets (online resources)
Keyname Description
bFindMoreCustomizationsOnline Specifies whether to show the menu item that opens the online Acrobat Tool Set Exchange.

Updater (basic settings)
Keyname Description
bUpdater Disables the Updater and removes associated user interface items.
Check Specifies the default time interval in days to check for updates.
Mode Specifies the Updater's update mode; for example, manual or automatic.

Updater Logging
Keyname Description
iLogLevel Sets the log level to either brief (0) or verbose (1).

Upsell
Keyname Description
bAcroSuppressUpsell For DC products, disables messages which encourage the user to upgrade the product.
bEnableTrialistLaunchCard Specifies whether to prompt Acrobat trial users to complete the purchase.
bLimitPromptsFeatureKey Specifies whether to limit the number of prompts a user will see in a 24 hour period.
bPurchaseAcro For legacy products, disables the Help > Purchase Acrobat menu item in Adobe Reader.
bReaderRetentionExperiment Specifies whether to prompt Acrobat subscribers using Reader to download Acrobat.
bShowRhpToolSearch Specifies whether to show "for purchase" tools when searching for tools in Reader.
bToggleDCAppCenter Specifies whether to show the UI that helps users find and download additional apps.
bToggleSophiaWebInfra Summary: Specifies whether to show users messages which promote (Trials, Acrobat, PDF Pack etc.)

WebMail (Custom)
Keyname Description
iIMAPPort Identifies the My Profile Mail IMAP server port number for WebMail.
iIMAPSecurity Specifies whether to enable the My Profile Mail IMAP security for WebMail.
iSMTPPort Identifies the My Profile Mail SMTP server port number for WebMail.
iSMTPSecurity Specifies whether to enable the My Profile Mail SMTP security for WebMail.
tIMAPDraftsFolder Identifies the My Profile Mail draft folder for WebMail.
tIMAPDraftsURL Identifies the My Profile Mail path to the draft folder for WebMail.
tIMAPHostName Identifies the My Profile Mail IMAP server name for WebMail.
tProfileID Identifies the My Profile Mail ID for WebMail.
tSMTPHostName Identifies the My Profile Mail SMTP server name for WebMail.

WebMail (Gmail)
Keyname Description
iClientType Identifies the Gmail Mail client type for WebMail.
tProfileID Identifies the Gmail Mail ID for WebMail.

WebMail (Yahoo)
Keyname Description
iClientType Identifies the Yahoo Mail client type for WebMail.
tProfileID Identifies the Yahoo Mail ID for WebMail.

Webmail Basics
Keyname Description
bDisableWebmail Specifies whether to disable WebMail.
tDefaultProfile Specifies the default WebMail profile.

Windows Explorer Integration
Keyname Description
bDisableThumbnailPreviewHandler Specifies whether to disable and lock the user interface option that controls Acrobat-generated PDF thumbnail previews in Windows Explorer.