The Cloud and Acrobat Reader DC
Adobe’s Acrobat DC and Acrobat Reader DC were released earlier this year and, no surprise, the “cloud” is a major feature of the new version. Saving and retrieving files to the Adobe Document Cloud (the “DC” in Acrobat Reader DC) and Office365/SharePoint has been available for some time.
A new release in October added Dropbox to the mix and there are indications that other services will soon follow.
While I am all for cloud services there are times when turning these features off is a plus. Not every business owner wants all their employees to be able to access company documents while outside the office, for instance. Confidential information and the cloud don’t always mix well and keeping your internal documents internal is an ongoing challenge.
The default for most applications, and Acrobat Reader DC is no exception, is to turn these cloud integration features on.
Here are three ways you can shut them off.
Adobe Customization Wizard DC
The Adobe Customization Wizard DC is one option. The wizard allows you to set installation options, including cloud services, and then distribute a custom Acrobat Reader DC installer.
This wizard requires a Windows Installer package which, in turn, requires a distribution license. This is a great solution for businesses that have already locked down their desktops and laptops and want to push a customized installation out.
This, however, is not usually the case with the small businesses we work with.
Adobe also offers ADM packages for configuring Acrobat Reader DC via Group Policy. Group policies can be enforced at the user or machine level and can be applied to different groups, however it does require that you have at least one server running Active Directory.
The benefits of this option are:
- No distribution license required
- No special installer needed
- Can be applied to already installed and configured machines
- Is enforceable and cannot be overridden
For businesses that have a domain controller and are running Active Directory this is the solution of choice. EDIT – upon further testing I found that the ADM is woefully limited and cannot be used to prevent cloud access.
The final option is to make some registry changes. Companies that aren’t a good fit for the Wizard or Group Policy options are in luck. Adobe has provided all the registry entries you need to lock down Acrobat Reader DC.
For the purposes of this article I will tell you which ones are most important in regards to the cloud.
DISCLAIMER – These instructions are provided as is. Proceed at your own risk. Editing the registry can have unintended consequences and we do not take responsibility for any problems that may arise as a result of following these instructions. Please be sure you understand the implications of editing the registry. We highly recommend that you backup your registry before proceeding. For more information see this article.
Disable Adobe Cloud Services (Document Cloud)
Locate and highlight: HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Add KEY cServices if it does not already exist Add DWORD bToggleAdobeDocumentServices to KEY cServices Set bToggleAdobeDocumentServices value to 1 NOTES This setting does not affect Adobe Send for Signature, preference synchronization, or third party connectors. For the base release, it also did not disable Send and Track; however, it does control Send and Track with the July, 2015 release. To disable all services, use bUpdater. Possible values include: 0: Enable Document Cloud services. 1: Disable Document Cloud services.
Disable 3rd Party Integrations (Dropbox,…)
Locate and highlight: HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Add KEY cServices if it does not already exist Add DWORD bToggleWebConnectors to KEY cServices Set bToggleWebConnectors value to 1 NOTES Allows configuring in-product access to third party services for file storage. Dropbox support began with the Oct. 13, 2015 release. Possible values include: 0: Enable 3rd party connectors. 1: Disable 3rd party connectors.
Disable Office 365 / Sharepoint integration
Locate and highlight: HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Add KEY cSharePoint if it does not already exist Add DWORD bDisableSharePointFeatures to KEY cSharePoint Set bDisableSharePointFeatures value to 1 NOTES Controls the application's ability to detect that a file came from a Sharepoint server, disables the check-out prompt, and removes the SharePoint specific menu items. Possible values include: 0: Enable SharePoint and Office 365 integration. 1: Disable SharePoint and Office 365 integration.
These entries will prevent your users from saving files to the Adobe Document Cloud, Office 365/SharePoint and Dropbox (for now, more to come). In a small business with only a few users the entries can be applied to individual machines one at a time.
If you want to cut down the time it takes to make these changes you can export the registry keys from a computer that has been changed and then import those keys on the remaining computers.
For detailed instructions on exporting and importing registry keys see the following article.
The cloud has been a great tool overall. The ability to work from anywhere with any device has made workers more mobile. Sharing documents speeds up business processes. But enabling all these features without some consideration can lead to problems later on.
The fact that these features are turned on by default is risky and business owners, as if they don’t have enough to worry about already, need to keep this in mind.
As always your questions and comments are welcome below.
Is all this too much for you? Looking to lock down your network and protect your company documents? Then give us a call at (866) 753-6279 or send us an email.