Deploy Adobe Reader 11.0.4 with ConfigMgr 2012 SP1
Today Adobe released another quarterly patch for Adobe Reader. If you’d like to dig deep into the details, you’ll find the security bulletin here. I you’ve not yet read about how to slipstream Adobe Reader I suggest that you read up upon my previous post about Adobe Reader 11.0.3. This post will cover the steps necessary to slipstream Adobe Reader 11.0.4 and customize it for an enterprise environment.
- Create the slipstream folder structure
- Download the required files
- Create the AIP package
- Create a MST transform
- Notes when creating the Adobe Reader 11.0.4 application
Create the slipstream folder structure
Create the following folder structure:
Download the required files
Download the required files and save them in C:\AdobePatch\AdobeReaderDownloads.
Create the AIP package
1. Open an elevated command prompt and browse to C:\AdobePatch\AdobeReaderDownloads.
2. Run the following command:
AdbeRdr11000_en_US.exe -nos_o"C:\AdobePatch\AdobeReaderDownloads\11.0.0" -nos_ne
3. Run the following command:
msiexec /a 11.0.0\AcroRead.msi /qb TARGETDIR=C:\AdobePatch\AIP
4. Run the following command:
AdbeRdr11004_en_US.exe -nos_o"C:\AdobePatch\AdobeReaderDownloads\11.0.4" -nos_ne
5. Copy the AdbeRdrUpd11004.msp from C:\AdobePatch\AdobeReaderDownloads\11.0.4 to C:\AdobePatch\AdobeReaderDownloads.
6. Run the following command:
msiexec /a C:\AdobePatch\AIP\AcroRead.msi /qb /p AdbeRdrUpd11004.msp TARGETDIR=C:\AdobePatch\AIP
7. Copy Setup.ini from C:\AdobePatch\AdobeReaderDownloads\11.0.0 to C:\AdobePatch\AIP.
Create a MST transform
1. Download Adobe Customization Wizard XI from here.
2. Install the application and launch it when done.
3. Click on File -> Copy Package.
4. Enter the information as in the picture below:
5. In the left pane on the Personalization Options, check EULA Option: Suppress display of End User License Agreement (EULA).
6. On the Installation Options page, select Make Reader the default PDF Viewer, Silently (no interface) and Suppress reboot.
7. On the Shortcuts page, remove Adobe Reader XI under Desktop.
8. On the Security page under Protected View, select All files. Under Enhanced Security Settings, select Enable & Lock for both Standalone and Browser. Under Privileged Locations, add the network shares your company stores common data. You can also add C:\ and other local drives. Check the box next to Prevent end user from adding trusted hosts. See the picture below for how I’d recommend to tighten the security in Adobe Reader. Remember though, these security settings may not apply in your environment. Perform thorough tests before deploying the application.
9. On the Online Services and Features page, check the following boxes:
- Disable product updates
- In Adobe Reader, disable Help > Purchase Adobe Acrobat
- Disable Product Improvement Program
- Disable Viewing of PDF with Ads for Adobe PDF
- Disable all Adobe online services based workflows and entry points
10. Click File -> Save Package.
In C:\AdobePatch\AcrobatTransform\Adobe Reader 11.0.4 you’ll now have the complete package that can be deployed to your clients with ConfigMgr 2012 SP1. Copy the contents of the Adobe Reader 11.0.4 folder to your source structure on a fileserver (or however your environment looks like). In my case it will be \\fileserver\ContentLibrary$\Software\AdobeReader\11_0_4.
Notes when creating the Adobe Reader 11.0.4 application
What’s important to point out is that an application with AIP source files will not be able to install “over” existing Adobe Reader installations since it’s not a patch to your existing Adobe Reader installations. On the bright side though, once you’ve adapted and deployed this type of applications (AIP), you can take advantage of the superscedence feature in the application model.
In order to install Adobe Reader 11.0.4 with the transform, you need to put this as the Installation program command on the application deployment type in ConfigMgr 2012 SP1:
msiexec /i AcroRead.msi /qn TRANSFORMS=AcroRead.mst
Principal Consultant and Enterprise Mobility MVP since 2016. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows devices and deployments including automation. Currently working for TrueSec as a Principal Consultant. Awarded as PowerShell Hero in 2015 by the community for his script and tools contributions. Creator of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService to name a few. Frequent speaker at conferences and user groups.