Enterprise Toolkit | Windows Registry Reference

Lockable Preferences: Preventing End User Modification

On Windows, UNIX, and Macintosh (11.0 and later), certain security-sensitive or otherwise enterprise-centric preferences are lockable to prevent changes by end users through the user interface. These preferences often reside both in USER hives (e.g. HKCU) as well as machine level hives (e.g. HKLM). If a preference is lockable, it must exist in the machine level hive under the FeatureLockdown section. Modification requires administrator privileges.


For more detail, see the Administration Guide.
Lockable keys in FeatureLockDown
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms]
		"tSchemePerms"="version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3"
		"tSponsoredContentSchemeWhiteList"="http|https"
		"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"
The following subfeatures have lockable preferences:
Keyname Description
IsAMTEnforced Allows deployment of Acrobat on AppV for December, 2018 and later products.

Actions (online resources)
Keyname Description
bFindMoreWorkflowsOnline Specifies whether to show the menu item that opens the online Actions file library.

Actions (shared folders)
Keyname Description
tDIPath Specifies a shared action file location.
tName Specifies a shared action file.

AppContainer
Keyname Description
bEnableProtectedModeAppContainer Specifies whether to enable the AppContainer sandbox.

Chrome Integration
Keyname Description
bAcroSuppressOpenInReader Specifies whether to disable and lock the PDF viewer Chrome extension.
ENABLE_CHROMEEXT Specifies whether to disable the first time startup screen that prompts users to install the Chrome extension for PDF viewing.

Context menus, tips, tools
Keyname Description
bEnableContextualTips Controls whether to automatically display help tips based on the current context.
bEnableContextualToolbar Specifies whether to show the context toolbar (popup) when selecting a PDF object.
bEnableSmartFind Controls whether to enable smart find (for text search).
bOrganizePagesFromThumbnails Specifies whether to show shortcut UI for the Organize tool from thumbnails.

Create PDF
Keyname Description
BlockEMFParsing Specifies whether to disable EMF file conversion to PDF.
BlockXPSParsing Specifies whether to disable XPS file conversion to PDF.
ExportEntireTableContent TBD

DC Fill & Sign Integration
Keyname Description
bToggleFillSign Disables Adobe Fill and Sign.
bToggleSendACopy Specifies whether to hide the Send a Copy button from the Fill & Sign tool in Acrobat and Reader.

DC Send and Track
Keyname Description
bAdobeSendPluginToggle Toggles the Adobe Send and Track plugin for Outlook

Digital Signature Certification
Keyname Description
bEnablePVCertificateBasedTrust Specifies whether a document's certification status should appear in the Protected View's DMB

Disabling Privileged Locations
Keyname Description
bDisableOSTrustedSites Locks the ability to treat IE trusted sites as privileged locations either on or off so the users can't change the bTrustOSTrustedSites value via the user interface.
bDisableTrustedFolders Disables trusted folders AND files and prevents users from specifying a privileged location for directories.
bDisableTrustedSites Disables and locks the ability to specify host-based privileged locations.

Disabling Sign Out
Keyname Description
bSuppressSignOut Specifies whether the sign-in and sign-out Help menu item should be enabled.

Document Message Bar
Keyname Description
bSuppressMessageBar Prevents the appearance of the document message bar.

Editing Scanned PDFs
Keyname Description
DisableScannedDocumentEditing Specifies whether to disable text recognition while editing scanned PDFs.

Enhanced Security
Keyname Description
bEnhancedSecurityInBrowser Toggles enhanced security when the application is running in the browser.
bEnhancedSecurityStandalone Toggles enhanced security for the standalone application.

Flash
Keyname Description
bEnableFlash Specifies whether Flash content should be rendered in a PDF.

Form Preferences
Keyname Description
bAutoFill Locks the auto-fill functionality on or off and disables the corresponding user interface item.
bIgnoreDataSchema Specifies whether all data in a form is saved rather than only data related to the form's schema.

Home Screen and Startup
Keyname Description
bToggleFTE Specifies whether to enable the First Time Experience (FTE) feature.
bToggleShareFeedback Specifies whether to show the Send Feedback icon.
bToggleToDoList Specifies whether to show a "to do" list on the Home screen.
bToggleToDoTiles Specifies whether to show To Do Cards in the Recent Tab view

In Product Messaging
Keyname Description
bAllowUserToChangeMsgPrefs Locks the features associated with bShowMsgAtLaunch and bDontShowMsgWhenViewingDoc so that ends users can't change the settings.
bDontShowMsgWhenViewingDoc Specifies whether to show messages from Adobe when a document opens.
bShowMsgAtLaunch Specifies whether to show messages from Adobe when the product launches.

Install details
Keyname Description
Disable_Repair Specifies whether to disable the repair menu under help for virtualized installations.
Path Specifies the path of the current installation.

Miscellaneous Features
Keyname Description
bCommercialPDF Disables and locks a PDF's ability to display commercial ads.
bMixRecentFilesFeatureLockDown Specifies whether to show shared files in the Recent file list.
bRegisterProduct For 9.x and earlier, disables UI items that allow users to register the product.
bShouldUseScalableCursor Specifies whether to disable the scalable cursor.
bShowAdsAllow Specifies whether ads can be dynamically added to a PDF.
bShowEbookMenu Removes the Digital Editions menu item from the UI.
bToggleDCAppCenter Specifies whether to show the UI that helps users find and download additional apps.
bWinCacheSessionHandles Specifies whether to retain cryptographic service provider (CSP) handles when a user authenticates to a digital ID.

Mobile Link
Keyname Description

Network and Protocol Access
Keyname Description
cDefaultLaunchURLPerms A container for subkeys which provide permissions for access to content by protocol.
tFlashContentSchemeWhiteList A list of protocols Flash content can use to access external content.
tSchemePerms A list of protocols a PDF can use to access external content.
tSponsoredContentSchemeWhiteList A list of protocols sponsored content can use to access external content.

Password Caching
Keyname Description
bAllowPasswordSaving Controls whether certain passwords can be cached to disk; for example, passwords for digital IDs.

PDF Link Blocking
Keyname Description
bDisablePDFRedirectionActions Specifies whether to block specific PDF actions (listed below) which result in opening a link.

Removing Tools
Keyname Description
a(index) Removes a tool from the Tools tab as well as its associated shortcut in the right-hand pane.
cDisabled A cab containing an index list of current right hand pane shortcuts.

Right-hand Tools Pane Customization (DC)
Keyname Description
a(index) Removes a tool from the Tools pane.
bDisableAcrobatShortcutCustomization Prevents end users from modifying the tool shortcuts in the right hand pane.
cFavorites A cab containing an index list of current right hand pane shortcuts.

Services (Acrobat.com: 11.x and earlier)
Keyname Description
bDisableADCFileStore Disables storing files on Acrobat.com even when bEnableAcrobatHS = 1.
bEnableADCFileStore Enables the user interface items that allow storing files on Acrobat.com even when bEnableAcrobatHS = 0.
bEnableBHCache Toggles whether to cache files locally that are downloaded from Acrobat.com.
bShowDistAcrobatDotCom Specifies whether to allow Acrobat.com access from the Forms Central application.

Services (SharePoint-Office365)
Keyname Description
bDisableSharePointFeatures Disables the SharePoint and Office 365 integration features.

Services (Unified Share)
Keyname Description
bSendMailShareRedirection Change the email icon behavior so that it attaches the document to an email.
bToggleSendAndTrack Disables Adobe Send and Track.

Services-Adobe Sign (DC)
Keyname Description
bToggleAdobeSign Disables Adobe Send for Signature (Adobe Sign).
bToggleManageSign Specifies whether to remove the Signature tab from the Home page's left-hand pane, notifications, and sign tracking cards.

Services-Cloud Storage (DC)
Keyname Description
bBoxConnectorEnabled Specifies whether to enable connection to the Box cloud when bToggleWebConnectors is set to 1.
bDropboxConnectorEnabled Specifies whether to enable connection to the Dropbox cloud when bToggleWebConnectors is set to 1.
bGoogleDriveConnectorEnabled Specifies whether to enable connection to the Google Drive cloud when bToggleWebConnectors is set to 1.
bOneDriveConnectorEnabled Specifies whether to enable connection to the OneDrive cloud when bToggleWebConnectors is set to 1.
bToggleDocumentCloud Specifies whether to enable Document Cloud storage.
bToggleWebConnectors Specifies whether to enable cloud storage connectors.

Services-Master Switches (DC)
Keyname Description
bToggleAdobeDocumentServices Disables Document Cloud service access except those features controlled by the other preferences.
bUpdater Disables both updates to the product's web-plugin components as well as all services.

Services-Notifications (DC)
Keyname Description
bEnableBellButton Specifies whether to hide in-product messages.
bToggleNotifications Specifies whether to disable all in-product and desktop notifications.
bToggleNotificationToasts Specifies whether to hide desktop notifications.

Services-Preference Synchronization (DC)
Keyname Description
bTogglePrefsSync Disables preferences synchronization.

Services-Reviews (DC)
Keyname Description
bEnableReviewPromote Specifies whether to display a Share/Review feature reminder message when users have used those features in the past.
bToggleAdobeReview Specifies whether to remove all UI related to the Document Cloud Review service.

Services-Scan app integration (DC)
Keyname Description
bShowScanTabInHomeView Specifies whether to disable the Scan tab in Home view.

Shared Reviews
Keyname Description
bDisableOnBehalfOfText If false, the string "On behalf of" does not append the author's name in the comment when another person opens the document in a shared-review workflow.

Signature Clearing
Keyname Description
bEnableSignatureClear Specifies whether to disable and lock the ability for a signer to clear their own signature.

Signing: Format
Keyname Description
aSignFormat The format to use when signing a document using public key cryptography when a format is not specified by a seed value, javascript parameter, or the PubSec Handler.

Signing: User interface
Keyname Description
bEnableCEFBasedUI Specifies whether to enable the CEF-based, modern UI for digital signature workflows.

Tool Sets (online resources)
Keyname Description
bFindMoreCustomizationsOnline Specifies whether to show the menu item that opens the online Acrobat Tool Set Exchange.

Updater (basic settings)
Keyname Description
bUpdater Disables the Updater and removes associated user interface items.
Check Specifies the default time interval in days to check for updates.
Mode Specifies the Updater's update mode; for example, manual or automatic.

Updater Logging
Keyname Description
iLogLevel Sets the log level to either brief (0) or verbose (1).

Upsell and PDF Ownership
Keyname Description
bAcroSuppressUpsell For DC products, disables messages which encourage the user to upgrade the product.
bDisablePDFHandlerSwitching Disables the ability to change the specified default handler (PDF viewer).
bEnableAcrobatPromptForDocOpen Specifies whether to prompt users to use Acrobat when both Reader and Acrobat are installed.
bPurchaseAcro For legacy products, disables the Help > Purchase Acrobat menu item in Adobe Reader.
bReaderRetentionExperiment Specifies whether to prompt Acrobat DC subscribers using Reader to download Acrobat.
bShowRhpToolSearch Specifies whether to show "for purchase" tools when searching for tools in Reader.
bTogglePDFOwnershipToasts Specifies whether to show a notification on application startup that allows the user to make Acrobat the default PDF viewer.

WebMail (Custom)
Keyname Description
iIMAPPort Identifies the My Profile Mail IMAP server port number for WebMail.
iIMAPSecurity Specifies whether to enable the My Profile Mail IMAP security for WebMail.
iSMTPPort Identifies the My Profile Mail SMTP server port number for WebMail.
iSMTPSecurity Specifies whether to enable the My Profile Mail SMTP security for WebMail.
tIMAPDraftsFolder Identifies the My Profile Mail draft folder for WebMail.
tIMAPDraftsURL Identifies the My Profile Mail path to the draft folder for WebMail.
tIMAPHostName Identifies the My Profile Mail IMAP server name for WebMail.
tProfileID Identifies the My Profile Mail ID for WebMail.
tSMTPHostName Identifies the My Profile Mail SMTP server name for WebMail.

WebMail (Gmail)
Keyname Description
iClientType Identifies the Gmail Mail client type for WebMail.
tProfileID Identifies the Gmail Mail ID for WebMail.

WebMail (Yahoo)
Keyname Description
iClientType Identifies the Yahoo Mail client type for WebMail.
tProfileID Identifies the Yahoo Mail ID for WebMail.

Webmail Basics
Keyname Description
bDisableWebmail Specifies whether to disable WebMail.
tDefaultProfile Specifies the default WebMail profile.

Windows Explorer Integration
Keyname Description
bDisableThumbnailPreviewHandler Specifies whether to disable and lock the user interface option that controls Acrobat-generated PDF thumbnail previews in Windows Explorer.