Thursday, March 21, 2013

Adobe Reader Deployment - Derp

One of the most important aspects of software security these days is ensuring that you keep your applications updated. But as a matter of some environmental policy, you often times have to modify the installers to conform to your system usage policy. For example, to turn off automatic updates, to enable Protected View, etc.

I downloaded the Adobe Reader 11.0.02 executable installer which gives you some minor command line options. But to really get to the down and dirty, you need to use the Adobe Customization Wizard XI.

Steps
  1. Download Adobe Reader 11.0.02 executable.
  2. Use 7-Zip to extract the file.
  3. Run the Adobe Customization Wizard on the AdbeRdr.msi.
  4. Create an MST including your changes.
  5. The wizard also modifies setup.ini
  6. Add the TRANSFORMS="mytransform.mst" to the setup.ini CmdLine option.
  7. Run "setup.exe"
Here's the fun part...

The above process installs Adobe Reader 11.0.00!

Yes. When you use the 11.0.02 installer, extract it, modify it, and install it, it installs 11.0.00! Nowhere in the MSI nor the setup.ini file does it state that it's doing a patch update from Adobe during the install process.

So you have to download the 11.0.01 and 11.0.02 MSP files, put those into the same folder, and then modify your setup.ini to include the following:

PATCH=AdbeRdrUpd11001.msp;AdbeRdrUpdSec11002.msp under the Product section.

* Note, the file names might not be exact.