In January 2008 I published an article Installing Adobe Acrobat Reader centrally with Active Directory group policies. The time has come to upgrade to Acrobat Reader 9 now. So I’ll be taking you through some simple steps today to get that part done.
If you want to push out Adobe Reader for the first time I suggest you follow the old guide located at http://www.nixadmins.net/node/317 and substitute everything Acrobat 8 related with 9.
What you need to complete this how-to is the Adobe Customization Wizard 9 and Acrobat Reader 9.
Adobe customization wizard 9:
Adobe Reader 9
Getting the MSI package
As you might have noticed the Acrobat Reader 9 is a .exe file. It does include a MSI we just need to get it out of there.
Run the install from a command prompt or a run field.
You will find your fresh adobe packages in
%Userprofile%\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\READER9
%userprofile%\AppData\Local\Adobe\Reader 9.0\Setup Files\READER9
Copy out all the files in that directory. I copied them to the desktop.
Let’s get on to the customization wizard.
Modifying the Adobe reader 9 installation package
Now that we have the MSI package we can start modifying it. So start up Adobe Customization Wizard and open your fresh MSI and let’s get started.
Now you should read and understand the settings in the wizard. And also read the End user license agreement (EULA). If you select not to show it YOU agree with it for your whole organization.
The following are the settings I changed.
- Installation options
- Make Adobe Acrobat reader the default viewer if Acrobat and Reader are installed. I set this because there are some new features in reader 9 and our organization still uses Acrobat 8.
- Enable optimization
- Enable caching of installer files on local harddrive
- Run installation silently, we don’t want the user to participate at all in the process.
- Suppress reboot, users reboot often enough and most our computers are set to install updates 3 A.M so they will reboot soon enough.
- I left Programs->Adobe Reader 9 but removed the desktop icon. I see no reason at all in having it clutter the desktop. Most I’d guess over 99% of users click the file to open not start up Adobe Acrobat reader and then open the file.
- EULA and document status
- Suppress display of End User license agreement. I really don’t want the users to see it. Bu be sure to read it yourself BEFORE you accept it.
- Hide document message bar
- Online and Acrobat.com features
- Disable all updates, I want to see to the updates myself, to keep application compatibility.
- Load trusted root certificates from adobe, check Enable and install silently
- In adobe reader, disable Help purchase of Adobe Acrobat. All our software is bought by the IT apartment, not single users.
- Disable product improvement program. I really hate theese.
- Disable viewing of PDF with ads for Adobe PDF
- Display in browser, enable
- Disable all acrobat.com access including initiation and participation.
That’s it, now save the file and copy all the files to the fileshare you use to deploy software, in my case \\server\userapps\Adobe Reader 9. On the next page we continue with assigning the policy to the computers in your organization.
Working with the policy
Start up your Group policy management console and select your Software installation policy. Select edit, go to Computer Configuration\Software Settings\Software Installation.
Right click and select new package. Browse to the folder where you dropped the MSI and INI file. Select the file and choose open.
At the deploy software screen select Advanced to check the following.
At the Upgrades tab you should see Upgrade Adobe Reader 8.?.?.
Checking the old Acrobat package
This is not generally something you have to do but I like to check and double check before I expect results. So select the old acrobat package and bring up its properties.
Go to the tab Upgrades where you should see the Adobe Reader 9 package.
That’s it, now you can push this out to your test environment and see that everything is working like it should.
Command line tools
Group policies are queried over a period of 30-180 minutes. This is to ensure not all computers query at the same time. So to speed it up you can use.
To check which policies are applied to a user/computer you can use
This lists all the policies applied to the computer you are at and the user logged in.
Working with Active directory group policies is a really straight forward process. If something doesn’t work check your event viewer for errors. I’ve even seen out of date network card drivers halt the whole group policy deployment.
If you need help with this comment here and I’ll try to get you trough the process.
I take no responsibility if this doesn’t work or setting this up makes a mess at your organization. This article is written only to help on the way and you should know what you are doing, not just “copy & paste”.