Flash hangs IE as user/non admin with protected mode
Windows 2008 R2. IE 8
Versions of flash since 11.4 all exhibit this behavior.
Install as Admin on 2008r2 works fine.
Log on as user and flash hangs IE. The only way to get page to be functional is to disable protected mode or disable the shockwave plugin.
I have seen a few post with different issues. I have tried most recomedations except the beta 11.6
We cant load beta in our production enviroment and we cant disable proteced mode for our users.
Is there a way to tell which thread I should be participating in and sending debug reports to.
This happens in a Citrix Xenapp on Vmware ESX enviroment with 15 clean installed servers running on HP hardware. This also happens in RDP for these servers to rule out citrix. We also see this in Win 7 VDI machines,
This bug was causing the Flash player to delete the "broker" file upon exit in IE. Normally this isn't a problem, as an admin level account has permissions to recreate this file. That isn't the case with a normal user though. Our fix stops the deletion from occurring unless the broker is specifically a temporary version.
You might be able to work around this by running the script attached to this FAQ. I've heard at least one positive report that this helps. This script goes through and resets file, folder and registry permissions.
How do I fix Windows permission problems with Flash Player?
Similar Messages
-
Better to run with an older version of Flash (11.2) or with the latest with protected mode off?
The newest version of Flash (12) doesn't work correctly on my Windows 7 system(using Firefox). I tried fixing the issue in many ways (reinstalled my video driver, disabled hardware acceleration, clean Flash install, etc.) without luck. The only thing that worked was the "last resort" (found that the bottom of this article: http://forums.adobe.com/message/4468493): disabling protected mode. My question is "Is it better for me to run with an older version of Flash (11.2) or with the latest version with protected mode turned off?" Thank you,
You should always run the latest version, with one exception, which wouldn't apply in your case (PowerPC Macs CAN'T run anything newer than 10).
That's with or without Protected Mode enabled. -
Reader X crashes after 30 secs with Protected mode enabled
Having just deployed Reader X to over 100 PC's via group policy I'm a little dishartened to find that Reader X crashes after 30 secs of being open when protected mode is enabled.
Current setup is as followed:-
Clients are XP SP3, Vista SP2 & Win7 (all crash)
Server 2003 R2 domain
Reader X deployed via MSI using GPO with a transform created using the Reader X customization wizard (only set to disable updates as I'll push these out via GPO also when available).
The problem occurs with standard domain users (doesn't happen if you use an admin account to login and run Reader X), once you disable the setting for "enable Protected mode at start up" and restart Reader X it doesn't crash. I've been reading also that the protected mode creats a sandbox environment that some AV products are currently having issues with, so I've also tested by removing my AV on a test client rebooting and running Reader X with protected mode enabled, the Pc will still crash, so that rules out my AV product.
After each crash the client logs an event in the application log
Event ID: 1000
Aource Application error
Description:
Faulting application AcroRd32.exe, version 10.0.0.396, time stamp 0x4cc5e97b, faulting module WININET.dll, version 8.0.6001.18999, time stamp 0x4ccfa98f, exception code 0xc0000005, fault offset 0x0002387b, process id 0xd54, application start time 0x01cbc2ec89ab4cba.
Anyone any ideas on why this happens?I am seeing the same problem on Vista SP2 32-bit. I enabled the Protect Mode log and see a bunch of errors relating to registry entries. I am running Adobe Reader X 10.0.1 as a standard privilege user. The problem has been intermittent. Repeated attempts to open the same PDF will result in Adobe Reader X failing after 45 seconds, then the next attempt will work fine. I have had situations where an Adobe Reader X instance has been open for hours but a new instance crashed. I have not been able to identify any trigger that might explain the difference in behavior. The problem has gone away since disabling Protect Mode.
>>>
[05:31/19:10:43] Adobe Reader Protected Mode Logging Initiated
[05:31/19:10:43] NtCreateKey: STATUS_ACCESS_DENIED
[05:31/19:10:43] real path: \REGISTRY\MACHINE\Software\Adobe
[05:31/19:10:43] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[05:31/19:10:43] NtCreateKey: STATUS_ACCESS_DENIED
[05:31/19:10:43] real path: \REGISTRY\MACHINE\SOFTWARE\Adobe
[05:31/19:10:43] Consider modifying policy using this policy rule: REG_ALLOW_ANY
[05:31/19:10:44] OpenEvent: STATUS_ACCESS_DENIED
[05:31/19:10:44] name: MSFT.VSA.COM.DISABLE.5900
[05:31/19:10:44] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[05:31/19:10:44] OpenEvent: STATUS_ACCESS_DENIED
[05:31/19:10:44] name: MSFT.VSA.IEC.STATUS.6c736db0
[05:31/19:10:44] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY -
Adobe Reader Performance with Protect Mode On
We are getting very poor performance in opening PDF documents with Adobe Reader XI with Protected Mode on, particularly for users remote from our central server. With Protected Mode off, performance is much better (10-20X faster opening). Note that we are running Windows 7 with Application Data Roaming and Adobe Reader XI with Protected Mode on, Protected View off, and Advanced Security on. We have diagnosed the problem as follows: We are using the Windows 7 Application Roaming Data feature to house some profile data for our remote users, and when they try to open a PDF document with Protected Mode on, Adobe sends numerous I/O packets (approximatel 6000!) across the "wire" for security checking against the Application Roaming data file on the central server, thus greatly slowing PDF opening. We would like to know the following: 1) Is there a way to turn-off Protected Mode for company server stored documents, while keeping it active for documents received from external sources (e.g. from the internet, e-mail, etc.). 2) is there a way to have Protect Mode security verification done only on the local machine profile data and not on the centrally stored Application Roaming Data file (thus greatly reducing the "across the wire" I/O traffic). Thanks for any help, CCB.
I don't think any of the scenarios you are envisaging are possible. Protected Mode is enabled/disabled on a user basis (in HKEY_USERS).
-
Allow printing with protected mode enabled
Hi!
I distributed Adobe Reader XI within a GPO and I have a lot of users asking for remove the warning when they want to print the document.
With the protected mode enabled they should press the "activate all" button each time they want to print.
I know the protected mode it's for more security but this kind of bugging messages will force users to disable the "protected mode" to bypass the bugging messages, not regarding to the security issues below this.Ok, I understand.
It seems there it's a bug in the spanish translation of Reader, because in the Enhaced Security zone it says protected mode instead of protected view on the three radios (All files, files from potentially unsafe .., Off)
Check this image:
I will look where to send this bug to Adobe.
Regards, -
Unable to launch Adobe Reader using ShellExecute with Protected Mode on
HI
Using the latest Adobe Reader 11.0.9, I open a PDF via ShellExecute in a legacy 32bit application, I get an unsupported configuration dialog and prompt to open with Protected Mode disabled always, once or don't open.
I need it to open with Protected Mode enabled.
The folder is in the Security (Enhanced) Privileged Locations.
I turned Protected Mode logging on and I see these messages when I call ShellExecute:
[12:02/18:17:12] interceptions setup failed - error:0x0
[12:02/18:17:12] Failed to add target - error:0x0
[12:02/18:17:12] Failed to launch sandbox process. ResultCode: 1 error:0x5A4
[12:02/18:17:12] Sandbox Process Initialization Failed - error:0x5A4
I've read the Unsupported Configurations section of the Protected Mode Troubleshooting guide but nothing matches my system as far as I can tell.
I am running the 32bit legacy application in Windows Server 2008 R2 (64bit) as a member of Domain Administrators
What can you suggest is the unsupported configuration?
Thanks
CraigI've tried another PDF viewer and it works fine so I think it's time to say goodbye to Adobe Reader.
-
App Locker: admin user (non-admin token) unexpected run behavior
As an administrative user with a filtered token (not choosing Run As Admin), when I double-click an .exe residing in a location that no App Locker rule would allow a non-admin token to run - I expect to see the application blocked by App Locker, but it runs
instead.
Background:
No App Locker rule exists that would allow the .exe file's location (on my administrative user's desktop) or any of the other .exe's I'm able to run from my user's profile directory. I checked several of these with ProcExp and they all show
BUILTIN\Administrators = DENY on the security tab.
The only App Locker rule that would allow me to run this is the default rule for BUILTIN\Administrators.
I have verified with ProcExp that the current Explorer.exe is running with a filtered token (BUILTIN\Administrators is denied).
My administrative user is a member of a group, Workstation Local Admins, which is a member of BUILTIN\Administrators. I am not expecting this to match the Default rule for BUILTIN\Administrators.
UAC group policy is configured as follows and I have verified this policy is applied to this system and registry keys have been set to match by group policy processing: ENABLED -> [Admin Approval Mode, Only elevate UIAccess applications...secure locations,
Run all administrators in Admin Approval Mode, Switch to secure desktop when prompting..., Virtualize file and registry write failures...]; DISABLED -> [Allow UIAccess applications to prompt...without using the secure desktop, Detect application installs...,
Only elevate executables...signed and validated]; PROMPT FOR CONSENT -> [Behavior of the elevation prompt for administrators..., Behavior of elevation prompt for standard users]
AppIDSvc is running and seems healthy
all rules categories are set to enforce
So what is going on here? App Locker event log happily reports that all these "were allowed to run" - but how are the rules evaluating to allow them to run?
born to learn!> Admin), when I double-click an .exe residing in a location that no App
> Locker rule would allow a non-admin token to run - I expect to see the
> application blocked by App Locker, but it runs instead.
This guy experienced the same issue:
http://superuser.com/questions/744350/applocker-and-uac-on-windows-8-1
Seems to be a design change in W8, although I couldn't find any
information about it...
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Dashboard Doesn't Work In User/Non-Admin Account
While Dashboard works in my Admin. account, it doesn't consistently work in the user accounts. Sometimes it's there, sometimes it's not. If it is there it is probably because of something I have fiddled around with in the accounts and parental controls but I can't remeber what I did!
Clicking to activate dashboard produces nothing and dragging icons to the desktop (after clicking the + sign) gives nothing. (blurriness/waves, then blank..)
I have tried repairing permissions and deleting various .plist files as suggested on the forums but to no use. What should I do?
iMac G5 iSight Mac OS X (10.4.7)I have precisely the same problem as the poster. DB works in admin and not in non admin. The permissions were ok. I had not tried deleting plists. I did download another widget and then without seeming to have done anything apposite it worked. Now after restarts and close down no go in non admin.
I have by the way got all the widgets in the HD Library so as I am told they are available to all users.
As for the reference to parental controls, 'dashboard.app' can only be got to through the 'locate' button and when I try that the message is that the app won't work under the restrictions on the non admin. He is set to be forbidden some apps like Apple script and Terminal. He does not have full access to the system prefs, or ibnstaller, what I think are sensible erstrictions. So what facilities does 'dashboard.app' require? Can't find info in the KB.
Incidentally when I try another posters recommendations to kill dashboard processes in Activity monitor the processes merely pop up again under a different PID. They are all running under the admin user where I performed this action. Must I effectively have to try AM under the 'faulty' non admin to test the Activity Monitor kill? That still leaves the issue of the facilities needed by dashboard to run under the non admin.
After all what need should there be for dashboard in an admin account. Its 'proper' use is the 'normal' account, in this case a non admin. -
Flash Player Administration - upgrade users without admin privileges
Is this possible? How have you answered this painfully obvious problem in your enterprise?
We have a remote Sales Force which do not connect to our domain. I looked through the Admin Guide - I do not want to disable the auto-update. I want to make the auto-update work for users without admin privileges.Currently, the user does need to be an admin account for an update to occur. However, the good news is that this will change in 11.2. Once 11.2 is installed on Windows (using an admin account), there won't need to be further user interaction for future updates. Users on limited accounts will be updated silently, without admin interaction.
Chris -
Trouble with Protected Mode whitelisting and file links
Our system details first: Adobe Reader 11.0.7, Windows 7 SP1 32bit, IE9
We have some documents that contain URLs (file://...) which point to other documents (mostly PDF and DOCX files) on the local harddrive or on remote network shares. Those links work perfectly fine when Protected Mode is turned off - you click on it, IE opens and displays the document (PDF) or prompts you to open/download it (DOCX). As soon as you turn on Protected Mode those links stop working completely and I can see an access denied entry in the AdbeReaderBroker.log. All as expected.
Where it get's weird is that the links still don't work even if I whitelist nearly everything. I can click on them and nothing happens, they don't even generate an entry in the broker logfile anymore. Just so you have an idea, here is my current whitelist used for testing:
FILES_ALLOW_ANY = \??\C:\*
PROCESS_ALL_EXEC = \??\C:\*
REG_ALLOW_ANY = HKEY_LOCAL_MACHINE\Software\Adobe*
REG_ALLOW_ANY = HKEY_LOCAL_MACHINE\SOFTWARE\Adobe*
REG_ALLOW_ANY = HKEY_CURRENT_USER\*
And here's everything contained in the broker logfile (including when I click on links):
[07:07/15:29:57] Adobe Reader Protected Mode Logging Initiated
[07:07/15:29:57] Found custom policy file: C:\Program Files\Adobe\Reader 11.0\Reader\ProtectedModeWhitelistConfig.txt
[07:07/15:29:57] Adding custom policy: FILES_ALLOW_ANY = \??\C:\*
[07:07/15:29:57] Adding custom policy: PROCESS_ALL_EXEC = \??\C:\*
[07:07/15:29:57] Adding custom policy: REG_ALLOW_ANY = HKEY_LOCAL_MACHINE\Software\Adobe*
[07:07/15:29:57] Adding custom policy: REG_ALLOW_ANY = HKEY_LOCAL_MACHINE\SOFTWARE\Adobe*
[07:07/15:29:57] Adding custom policy: REG_ALLOW_ANY = HKEY_CURRENT_USER\*
So the policies get applied, Protected Mode isn't blocking anything anymore, the links still don't work and now I'm out of ideas. I also tried all of this with the Trust Manager setting "Allow opening of non-PDF file attachments with external applications" turned on, same situation.
I hope someone here can point me in the right direction, maybe I'm missing something completely obvious here.
Edit for people having the same issue:
After some further testing it became clear that the issue only occurs when the PDF containing the hyperlinks is created using the built in PDF generator of Word 2010. PDFs generated with Adobe Acrobat Professional work just fine and can also open the applications directly without opening IE first. I'm not sure about the exact difference in the generated link, Word seems to generate file:// URLs which I can access with right click -> Copy Link Location, something that's not possible for the links generated by Acrobat.Maybe the information http://samwel.tk/laptop_mode/faq might help. Particularly #3 and onward.
I only use powerdown. Thread = https://bbs.archlinux.org/viewtopic.php?id=134109
packer -S powerdown
substitute packer with yaourt or do manually if you wish so. -
Saving with protected mode enabled
Hi,
Can anyone tell me how to configure protected mode so we can save pdf files with it enabled? Right now if you try to save a pdf it gives you an error saying something about the disk being full and it won't save it. I found the information on configuring a white list but i'm not real sure exactly what I need to put in it to allow us to save.
Thanks!Ok, I understand.
It seems there it's a bug in the spanish translation of Reader, because in the Enhaced Security zone it says protected mode instead of protected view on the three radios (All files, files from potentially unsafe .., Off)
Check this image:
I will look where to send this bug to Adobe.
Regards, -
Air App will not read local text file using openAsync/readUTFBytes on user (non-admin) mode
I am running an Air App I did for the desktop, from the actual installed executable already deployed in the machine (Not from Flash Pro / Flex dev. environment). For some reason the app will not read a text file stored in the same application folder unless I run my app as administrator from the OS.
When I run the app as admin, or within the development environment it works fine. Maybe this is related to some security issue? I read the adobe air documentation, and this should work...
I am using openAsync/readUTFBytes on user as shown here:
var continueGamesConnection:FileStream();
var continueFile:File = new File(File.applicationDirectory.resolvePath("continueGames.txt").nativePath.toString());
continueGamesConnection.addEventListener(Event.COMPLETE, openSavedGames);
continueGamesConnection.openAsync(continueFile, FileMode.UPDATE);
function openSavedGames(event:Event):void
continueGamesConnection.removeEventListener(Event.COMPLETE, openSavedGames);
var content:URLVariables = new URLVariables();
var loadedContent:String = new String();
loadedContent = continueGamesConnection.readUTFBytes(continueGamesConnection.bytesAvailable);
content.decode(loadedContent);
variableX = content. variableX
//etc, etc.
continueGamesConnection.close();
By the way, I have also, tried using FileMode.READ, and others, and it still gives me the same problem. Only works if ran on admin mode or from the dev. environment.
It's very frustrating, I tried reading other posts without any luck... What solutions do people use for this kind of problem?
I have seen that you can set the app to run as admin somehow, and I guess that could work. However, this should work just fine, since it doesn't seem to violate any of the security APIs of Air. Seems like an overkill. But even so, how do I do that?
You help is greatly appreciated!Thanks kglad.com. I will try this and see if it works. Can you check my code a bit to see if it's right?
var continueFile:File = new File(File.applicationStorageDirectory.resolvePath("savedgames/continueGames.txt").nativePath.toString());
Does this look right to work across all desktop OS? -
Calendar Server 3.5: Problem using user's ID with uniuser -mod command
When there are two users who have the same Common Name (CN) in LDAP but
different User ID's (uid
field), I have a problem using the uid
field as an argument to
uniuser -mod in Netscape Calendar
Server (NCS) 3.5. For example, there may be two users, User1 and User2, who
both have the CN "John Smith."<BR>
<P>
<B>User1</B>
uid: jsmith2
sn: Smith
givenname: John
nscalxitemid: 10001:00314
<B>User2</B>
uid: jsmith
sn: Smith
givenname: John
nscalxitemid: 10001:00213
<P>
Let's say I want to change the value for nsCalOrgUnit2
for User1 to "jsmith." In NCS 4.0,
I can specify the uid as
an argument to uniuser -mod
. However, in NCS 3.5, if I specify the
uid as an argument to
uniuser -mod, the entry
for the user does not get changed.<BR>
<P>
<B>Calendar Server 4.0</B><BR>
<P>
%uniuser -mod "ID=00314" -m "OU2=jsmith/OU3=People" -n 10001
<BR>
uniuser: modified "Smith, John"<BR>
<P>
(The LDAP entry for User1 also reflects this change.)
<P>
<B>Calendar Server 3.5</B><BR>
<P>
%uniuser -mod "ID=00314" "OU2=jsmith/OU3=People" 10001
<BR>
uniuser: no need to modify "Smith,John"<BR>
<P>
(The LDAP entry for User1 does not reflect the change.)<BR>
<P>
%uniuser -mod "S=Smith/G=John/ID=00314" "OU2=jsmith/OU3=People"
10001<BR>
uniuser: no need to modify "Smith,John"<BR>
<P>
(The LDAP entry for User1 does not reflect the change.)<BR>
<P>
If I use the command uniuser -mod "S=Smith/G=John"
"OU2=jsmith/OU3=People" 10001
in NCS 3.5, the script will change the entry of the first "John Smith" in the
database and will cause the LDAP entry for this user to be updated as well.
However, the entry modified may or may not be the correct one. So, in
NCS 3.5, is there a way to specify a particular uid
to ensure that the correct LDAP entry
is modified?
<P>
To modify a user's information using the uid
field in Calendar Server 3.5, change
the user.ini file. The
following steps show how to change a user's information by modifying the
.ini file:<BR>
<P>
<OL>
<LI>Open the user.ini
file, which is in the path /users/unison/misc/user.ini
<P>
<LI>Add a section containing the desired changes. For example,<BR>
<P>
[Test]<BR>
OU2 = jsmith<BR>
OU3 = People<BR>
<P>
<LI>Run uniuser with
the following options:<BR>
<P>
% uniuser -mod "ID=00314" -s Test 10001
</OL>It turns out to be a problem with the user Keychain. It has some weird entry that was sending the wrong password. I delete all entries to the server and that corrected the problem
-
First time user..problem with compatibility mode
Old problem with a twist. Like others have experienced, when I open itunes I get a message that reads itunes.exe is set to run in compatibility mode and I need to turn it off. The problem I have is that I DON'T FIND a compatibility option when I right-click on Properties. Any ideas???
Refer to this article:
iTunes for Windows: How to turn off Compatibility Mode
http://support.apple.com/kb/TS1489 -
Videos only work if protected mode is disabled. I'd like videos to work with protected mode on?
''edit: locking this question as duplicate, continue here: [https://support.mozilla.org/en-US/questions/1013134 /questions/1013134]''
OS = Windows 7
Flash = 12.0.0.77
Firefox = 29.0.1Unfortunately upgrading to the latest version did not make a difference. Any other suggestions?
Maybe you are looking for
-
Given an older ipod , 5th generation and 30GB, can't restore
I was given an older iPod, 5th generation 30GB, I can't reset or restore it using windows 7 based computer even with the most current iTunes download. Is anyon e else having trouble resetting older iPods with windows or is their something wrong with
-
Text blinking when buttons are clicked in Acrobat
I have an interactive pdf that has buttons and layers. I am on a mac, and it works as it should. When an icon is clicked text changes out (shifts between layers) But my client is on a PC and is saying that when she clicks the icon, all the text on th
-
Search not extending to Share Point
OK so I have 5 macs one of which I use as a filer server. All running latest version of Mountain Lion. The File Server mac I have set up some share points and applied permissions. I have owner permissions and all other users have been set read only
-
I recently purchased music from I tunes; the music downloaded to my computer into file. but, i am unable to move this file to my media player or burn to a CD. what must I do to correct this problem if it's mine?
-
How to Push Java Performance to Its Limit
Hi there, I use java version 1.4.2.09 in HP-UX with 8 CPUs and 4GB Memories. I add -Xmx3072m & -Xms3072m parameters in a startup of certain java application. the java and the application run well. But, it use only 120%CPU. It means that it only use 2