Enterprise Toolkit | Windows Registry Reference

Lockable Preferences: Preventing End User Modification

On Windows, UNIX, and Macintosh (11.0 and later), certain security-sensitive or otherwise enterprise-centric preferences are lockable to prevent changes by end users through the user interface. These preferences often reside both in USER hives (e.g. HKCU) as well as machine level hives (e.g. HKLM). If a preference is lockable, it must exist in the machine level hive under the FeatureLockdown section. Modification requires administrator privileges.

For more detail, see the Administration Guide.
Lockable keys in FeatureLockDown
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms]
The following subfeatures have lockable preferences:
Actions (online resources)
Keyname Description
bFindMoreWorkflowsOnline Specifies whether to show the menu item that opens the online Actions file library.

Actions (shared folders)
Keyname Description
tDIPath Specifies a shared action file location.
tName Specifies a shared action file.

Chrome integration
Keyname Description
bAcroSuppressOpenInReader Specifies whether to lock the Chrome Extension functionality which allows Acrobat Reader to open PDFs from the browser.
ENABLE_CHROMEEXT Specifies whether to disable the first time startup screens that ask users if they want to install the Chrome extension which opens browser-based PDFs directly in the continuous track Reader.

Digital Signature Certification
Keyname Description
bEnablePVCertificateBasedTrust Specifies whether a document's certification status should appear in the Protected View's DMB

Disabling Miscellaneous Features
Keyname Description
bAcroSuppressUpsell Disables messages which encourage the user to upgrade the product.
bCommercialPDF Disables and locks a PDF's ability to display commercial ads.
bRegisterProduct For 9.x and earlier, disables UI items that allow users to register the product.
bShowAdsAllow Specifies whether ads can be dynamically added to a PDF.
bShowEbookMenu Removes the Digital Editions menu item from the UI.
bWinCacheSessionHandles Specifies whether to retain cryptographic service provider (CSP) handles when a user authenticates to a digital ID.

Disabling Privileged Locations
Keyname Description
bDisableOSTrustedSites Locks the ability to treat IE trusted sites as privileged locations either on or off so the users can't change the bTrustOSTrustedSites value via the user interface.
bDisableTrustedFolders Disables trusted folders AND files and prevents users from specifying a privileged location for directories.
bDisableTrustedSites Disables and locks the ability to specify host-based privileged locations.

Disabling Sign Out
Keyname Description
bSuppressSignOut Specifies whether the sign-in and sign-out Help menu item should be enabled.

Document Message Bar
Keyname Description
bSuppressMessageBar Prevents the appearance of the document message bar.

Editing Scanned PDFs
Keyname Description
DisableScannedDocumentEditing Specifies whether to disable text recognition while editing scanned PDFs.

Enhanced Security
Keyname Description
bEnhancedSecurityInBrowser Toggles enhanced security when the application is running in the browser.
bEnhancedSecurityStandalone Toggles enhanced security for the standalone application.

Keyname Description
bEnableFlash Specifies whether Flash content should be rendered in a PDF.

Form Preferences
Keyname Description
bAutoFill Locks the auto-fill functionality on or off and disables the corresponding user interface item.
bIgnoreDataSchema Specifies whether all data in a form is saved rather than only data related to the form's schema.

Home Screen and Startup
Keyname Description
bToggleFTE Specifies whether to enable the First Time Experience (FTE) feature.
bToggleShareFeedback Specifies whether to show the Send Feedback icon.
bToggleToDoList Specifies whether to show a "to do" list on the Home screen.

In Product Messaging
Keyname Description
bAllowUserToChangeMsgPrefs Locks the features associated with bShowMsgAtLaunch and bDontShowMsgWhenViewingDoc so that ends users can't change the settings.
bDontShowMsgWhenViewingDoc Specifies whether to show messages from Adobe when a document opens.
bShowMsgAtLaunch Specifies whether to show messages from Adobe when the product launches.

Install details
Keyname Description
Disable_Repair Specifies whether to disable the repair menu under help for virtualized installations.
Path Specifies the path of the current installation.

Mobile Link
Keyname Description

Network and Protocol Access
Keyname Description
cDefaultLaunchURLPerms A container for subkeys which provide permissions for access to content by protocol.
tFlashContentSchemeWhiteList A list of protocols Flash content can use to access external content.
tSchemePerms A list of protocols a PDF can use to access external content.
tSponsoredContentSchemeWhiteList A list of protocols sponsored content can use to access external content.

Online Features
Keyname Description
bPurchaseAcro Disables the Help > Purchase Acrobat menu item in Adobe Reader.

Password Caching
Keyname Description
bAllowPasswordSaving Controls whether certain passwords can be cached to disk; for example, passwords for digital IDs.

PDF Ownership
Keyname Description
bDisablePDFHandlerSwitching Disables the ability to change the specified default handler (PDF viewer).

Services (Acrobat.com: 11.x and earlier)
Keyname Description
bDisableADCFileStore Disables storing files on Acrobat.com even when bEnableAcrobatHS = 1.
bEnableADCFileStore Enables the user interface items that allow storing files on Acrobat.com even when bEnableAcrobatHS = 0.
bEnableBHCache Toggles whether to cache files locally that are downloaded from Acrobat.com.
bShowDistAcrobatDotCom Specifies whether to allow Acrobat.com access from the Forms Central application.

Services (SharePoint-Office365)
Keyname Description
bDisableSharePointFeatures Disables the SharePoint and Office 365 integration features.

Services integration (DC)
Keyname Description
bAdobeSendPluginToggle Toggles the Adobe Send and Track plugin for Outlook
bToggleAdobeDocumentServices Disables all service access except those features controlled by the other preferences.
bToggleAdobeSign Disables Adobe Send for Signature (formerly EchoSign).
bToggleFillSign Disables Adobe Fill and Sign.
bTogglePrefsSync Disables preferences synchronization.
bToggleSendAndTrack Disables Adobe Send and Track.
bToggleWebConnectors Disables 3rd party connectors.
bUpdater Disables both updates to the product's web-plugin components as well as all services.

Shared Reviews
Keyname Description
bDisableOnBehalfOfText If false, the string "On behalf of" does not append the author's name in the comment when another person opens the document in a shared-review workflow.

Signature Clearing
Keyname Description
bEnableSignatureClear Specifies whether to disable and lock the ability for a signer to clear their own signature.

Signing: Format
Keyname Description
aSignFormat The format to use when signing a document using public key cryptography when a format is not specified by a seed value, javascript parameter, or the PubSec Handler.

Tool Sets (online resources)
Keyname Description
bFindMoreCustomizationsOnline Specifies whether to show the menu item that opens the online Acrobat Tool Set Exchange.

Tools Pane Customization (DC)
Keyname Description
a(index) Removes a tool from the Tools pane.

Tools RHP Shortcuts (DC)
Keyname Description
a(index) Removes a tool shortcut from the right-hand pane.

Updater (basic settings)
Keyname Description
bUpdater Disables the Updater and removes associated user interface items.
Check Specifies the default time interval in days to check for updates.
Mode Specifies the Updater's update mode; for example, manual or automatic.

Updater Logging
Keyname Description
iLogLevel Sets the log level to either brief (0) or verbose (1).

WebMail (Custom)
Keyname Description
iIMAPPort Identifies the My Profile Mail IMAP server port number for WebMail.
iIMAPSecurity Specifies whether to enable the My Profile Mail IMAP security for WebMail.
iSMTPPort Identifies the My Profile Mail SMTP server port number for WebMail.
iSMTPSecurity Specifies whether to enable the My Profile Mail SMTP security for WebMail.
tIMAPDraftsFolder Identifies the My Profile Mail draft folder for WebMail.
tIMAPDraftsURL Identifies the My Profile Mail path to the draft folder for WebMail.
tIMAPHostName Identifies the My Profile Mail IMAP server name for WebMail.
tProfileID Identifies the My Profile Mail ID for WebMail.
tSMTPHostName Identifies the My Profile Mail SMTP server name for WebMail.

WebMail (Gmail)
Keyname Description
iClientType Identifies the Gmail Mail client type for WebMail.
tProfileID Identifies the Gmail Mail ID for WebMail.

WebMail (Yahoo)
Keyname Description
iClientType Identifies the Yahoo Mail client type for WebMail.
tProfileID Identifies the Yahoo Mail ID for WebMail.

Webmail Basics
Keyname Description
bDisableWebmail Specifies whether to disable WebMail.
tDefaultProfile Specifies the default WebMail profile.

Windows Explorer Integration
Keyname Description
bDisableThumbnailPreviewHandler Controls whether the user can toggle this feature on and off.