[THIN] Re: Adobe 7.x Reader Editing PDf files and Mandatory/ Hybrid Profiles
- From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 31 Mar 2006 09:04:03 +0100
On the very lowest level, I always used to heavily rely on filemon and regmon
when trying to make apps work with mandatory profiles.
Remember, there's nothing inherently magic about them - the shell and apps CAN
update HKCU during the session, the only difference between them and normal
profiles, being that nothing is saved at logoff.
So accepting that, there's nothing with mandatory profiles that should break
apps, the only things that may be required, is either ensuring certain things
are actually in the mandatory profile, or that certain things are dynamically
created at login (by whatever means suits you individually: scripting, reg
files, GPOs, a combination...).
I suspect that regmon and filemon are your best step forward at this stage, to
try and find what is missing that may be required. However, spotting missing
stuff is a bit more time consuming, than simply identifying what couldn't be
updated.
Neil
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of M
Sent: 30 March 2006 23:00
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Adobe 7.x Reader Editing PDf files and Mandatory/
Hybrid Profiles
Hello there,
Thanks for the replies.
I thought you had disappeared off the planet Neil ... no posts for a
while :¬)
I have been experimenting with this and Adobe Reader 7.x simply treats
a mandatory profile as a guest profile no matter how you load the certs. Unless
of course im not doing something correctly.
I have pre loaded our internal certificates into active directory ,
which works for our https based portals and this works a treat
with our Mandatory Profiles and Hybrid Profiles.
Any pointers on how you pre empt things ?
Thanks for your time.
----- Original Message -----
From: Braebaum, Neil <mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx>
To: thin@xxxxxxxxxxxxx
Sent: Thursday, March 30, 2006 4:08 PM
Subject: [THIN] Re: Adobe 7.x Reader Editing PDf files and
Mandatory/ Hybrid Profiles
You won't have to do it for every possible cert - just the one
each individual would use.
As to how, well in this instance, the same way you would in a
normal roaming profile (ie it's something that get's entered into the registry
- specifically HKCU).
As to doing it with a mandatory profile, you just have to bear
in mind that like the hybrid profile model, you'll need to do it at every login.
I certainly wasn't advocating preloading every possible user
cert into the central mandatory profile.
Neil
_____
From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Marc-André Lapierre
Sent: 30 March 2006 16:05
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Adobe 7.x Reader Editing PDf files
and Mandatory/ Hybrid Profiles
I agree... but you'll have to preload all the possible
certificate that anyone can be using!!!!.
In this case, he needs that for PDF documents.. I guess
he uses many different certificates for many different PDF documents???
Anyway, how do you preload the Certificates in a .man?
You use a .dat, load the certs then rename it .Man???
_____
De : thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] De la part de Braebaum, Neil
Envoyé : 30 mars 2006 09:57
À : thin@xxxxxxxxxxxxx
Objet : [THIN] Re: Adobe 7.x Reader Editing PDf files
and Mandatory/ Hybrid Profiles
That said you can pre-empt user certs with mandatory
profiles, I've been doing that for years for mandatory profile users, that
use(d) a web based, and ActiveX enabled, and user-signed app.
Neil
_____
From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Marc-André Lapierre
Sent: 30 March 2006 15:41
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Adobe 7.x Reader Editing
PDf files and Mandatory/ Hybrid Profiles
Mandatory profiles does not support user
certificate.... You'll have to use the tool from Jeroen....
_____
De : thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] De la part de M
Envoyé : 27 mars 2006 15:58
À : thin@xxxxxxxxxxxxx
Objet : [THIN] Re: Adobe 7.x Reader Editing PDf
files and Mandatory/ Hybrid Profiles
Hello there,
Thanks for the suggestion.
The issue happens on workstations and terminal
servers/Citrix servers. Simply renaming an existing profile on any
workstation/server from ntuser.dat to ntuser.man causes the issue.
Example:
Im a Domain admin with a local profile and i
can edit the pdf files. I log out and log in with another account to rename my
profile to ntuser.man.I log back in and i am unable to edit the pdf files.
I have also loaded the Adobe cert via AD GPO
but still doesnt work.
After much testing it appears that adobe reader
doesnt like mandatory profiles. It treats anyone with a mandatory profile as a
guest/temporary user.
Regards
----- Original Message -----
From: Marc-André Lapierre
<mailto:malapierre@xxxxxxxxxxx>
To: thin@xxxxxxxxxxxxx
Sent: Monday, March 27, 2006 9:36 PM
Subject: [THIN] Re: Adobe 7.x Reader
Editing PDf files and Mandatory/ Hybrid Profiles
DO you use the flex profile from
loginconsultant?
If so, maybe your issue is related to
the certificate not being saved in a mandatory profile... use the FlexFramework
to enable the certificate!
_____
De : thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] De la part de M
Envoyé : 25 mars 2006 18:38
À : Thin@xxxxxxxxxxxxx
Objet : [THIN] Adobe 7.x Reader Editing
PDf files and Mandatory/ Hybrid Profiles
I have found a bug in Adobe 7.x and was
wondering whether anyone else had come across the issue.
Since Adobe 7.0 it is possible able to
modify certain pdf files depending on how they were generated. The PDF files
also have an emdedded Adobe Trusted root certificate. 7.x.
We have use Hybrid profiles and have
now found that Adobe 7 does not actually work with PDf files that can be edited.
This can be for any user including
local admins and domain admins.
This also is the case if a local
profile is simply renamed to ntuser.man.
Anyone seen this ?
********************************************************************************
This email and its attachments are confidential and are intended for the above
named recipient only. If this has come to you in error, please notify the
sender immediately and delete this email from your system. You must take no
action based on this, nor must you copy or disclose it or any part of its
contents to any person or organisation. Statements and opinions contained in
this email may not necessarily represent those of Littlewoods Shop Direct Group
Limited or its subsidiaries. Please note that email communications may be
monitored. The registered office of Littlewoods Shop Direct Group Limited is
1st Floor, Skyways House, Speke Road, Speke, Liverpool, L70 1AB, registered
number 5059352.
********************************************************************************
This message has been scanned for viruses by
BlackSpider MailControl <http://www.blackspider.com/>
********************************************************************************
This email and its attachments are confidential and are intended for the above
named recipient only. If this has come to you in error, please notify the
sender immediately and delete this email from your system. You must take no
action based on this, nor must you copy or disclose it or any part of its
contents to any person or organisation. Statements and opinions contained in
this email may not necessarily represent those of Littlewoods Shop Direct Group
Limited or its subsidiaries. Please note that email communications may be
monitored. The registered office of Littlewoods Shop Direct Group Limited is
1st Floor, Skyways House, Speke Road, Speke, Liverpool, L70 1AB, registered
number 5059352.
********************************************************************************
This message has been scanned for viruses by BlackSpider
MailControl <http://www.blackspider.com/>
Other related posts:
