Hi,
I would like to perform the following
- disable the user to open PDF with java script
- but has the option to enable by GPO via AD security group
- The PDF location has to be limited in a specific folder under Enhanced Security -> privilege locations
There are few things I tried but cannot fulfill all the requirements
- First thing I did is to disable JS by the registry key HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\JSPrefs\bEnableJS = DWORD:0
However, this will leave the user the option to select always "enable javascript" under hte YMB (Yellow Message Bar). Then the file can be added to Security (Enhanced) -> Prileged Locations). The registry key will be added as well, e.g. HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\TrustManager\cTrustedFolders\cAlwaysTrustedForJavaScript\tID = c:\trustedfolder
- To disable the YMB option, I tried to add this registry key to completely disable the add ability by HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\bDisableTrustedFolders = DWORD: 1
However, this will even override the registry I put under HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\TrustManager\cTrustedFolders\cAlwaysTrustedForJavaScript\tID = c:\trustedfolder
The above registry key I aim to just target to select users in AD group and filter by GPO, but will be override.
May I know any option I can fulfill all requirement
Best regards,
Chris