Set security preferences via GPO

Hi
Is there a way to set either security policy in Acrobat via GPO, so all a user would have to do is select:
Tools > Protection > Encrypt > select premade security policy (password protected)
Or a way to set the Adobe PDF printer preferences with Adobe PDF Security as 'Use the last known security preferences' with predefined settings via GPO.
We need to set up security on 100 or so acrobats and I am struggling to find a way to do this.
Thanks

Well if you can point me to this registry key i would appreciate it.
Applying the security settings via 'print to pdf' via gpo would be really handy right about now.
I managed to find a security file (security-policy.acrodata) that contains the details of security policies, I managed to copy this to another pc and the policy was displayed in adobe. However it doesn't save the password and a password must be entered manually.
Also I don't think the above would work for Acrobat 8 (we use both versions 8 and 10) and it doesn't make the security policy I create as the only favourited one as default.

Similar Messages

  • Error at RSOP while trying to set Audit settings via GPO

    Hello,
    i've configured Audit Policy via GPO and when i run RSOP on the server 2008 R2 i get X with the error "the policy engine did not attempt to configure the setting For more
    information, see %windir%\security\logs\winlogon.log on the target machine.
    Please help???

    Hi,
    This problem may occur if the "Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" policy setting is enabled. To resolve this issue, use one of the following methods, as appropriate for your situation.
    Method 1: Disable the policy setting by using Group Policy Object Editor
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
    Method 2: Disable the policy setting by using Registry Editor
    Note: Please backup the registry key before modify.
    1.Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA
    2.Right-click SCENoApplyLegacyAuditPolicy, and then click Modify.
    3.Type 0 in the Value data box, and then click OK.
    Restart the computer after you make the change.
    For more information, please refer to:
    Security auditing settings are not applied to Windows Vista-based and Window Server 2008-based computers when you deploy a domain-based policy
    http://support.microsoft.com/kb/921468/en-us
    RSOP: the policy engine did not attempt to configure the setting
    http://social.technet.microsoft.com/Forums/en-AU/winserverGP/thread/fde42cfc-bb74-4e11-8b60-c1a3cb5d80ed
    If the problem still continues, please check the %windir%\security\logs\winlogon.log and reply the information in this log.
    Regards,
    Bruce

  • Setting WMI and Registry permissions via GPO?

    Hi,
    I am configuring SCOM 2012 R2 for my environment. To configure it for SQL Serve,r I neeed to do the following:
    Grant Read permission on HKLM:\Software\Microsoft\Microsoft SQL Server registry path for SQLDefaultAction and SQLMPLowPriv
    Grant “Execute Methods”, “Enable Account”, “Remote Enable”, “Read Security” permissions for root, root\cimv2, root\default, root\Microsoft\SqlServer\ComputerManagement11 WMI namespaces to SQLDefaultAction and SQLMPLowPriv
    Grant Read permission on HKLM:\Software\Microsoft\Microsoft SQL Server\[InstanceID]\MSSQLServer\Parameters registry path for SQLMPLowPriv for each monitored instance
    So I need to assign registry permissions and wmi permissions.
    Is there a way to do this via GPO?
    Thanks

    Hi,
    You can not change the permission by using group policy directly.
    Steps to solve your requirement,
    1. Using the SetACL tool you can automate the management of Windows permissions.  It is inherently automatable and scriptable. The
    COM version provides the full functionality to any COM-enabled programming language (C#, Visual Basic, C++, Delphi, PowerShell, VBScript, …). 
    Supported object types: files and folders, registry keys, printers, services, network shares, WMI
    So using this tool you can create script to automate Windows permissions.
    2. Then you can use the created script as the Startup script in the GPO with privileges to allow the permission changes. 
    Checkout the below links on similar discussion,
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/87d4ed25-5247-41e4-8bb6-e29a078a1da0/change-permissions-for-a-specific-key?forum=winserverGP
    http://social.technet.microsoft.com/Forums/en-US/c60ad5bb-309e-471d-9f48-e04e897ba61b/problems-setting-registry-permissions-via-gpo?forum=winserverGP
    Regards,
    Gopi
    www.jijitechnologies.com

  • Allow anonymous SID/Name translation - Setting via registry instead of the Local Security Policy (or GPO)

    I have a Windows 2008 R2 server and I am building a script to set a bunch of security settings via the registry.
    I am stuck on one.
    I am trying to set: Network Access - Allow anonymous SID/Name translation to 'Disabled' via the registry, I know this can be done through the local security policy or via a GPO but that is not what I am interested in. I want to do it making
    changes to the registry.
    I found some people saying this can be done at:
    HKLM\System\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock
    However, when I browse to the registry this TurnOffAnonymousBlock registry key does not exist. Even if I set the policy to enabled or disabled manually in the local security policy. The key doesn't exist. This leads me to believe this is not the correct
    registry key that controls this setting.
    Can anyone shed light what the appropriate key is in the registry?

    Hi,
    As others mentioned, we can change the value of registry key “HKLM\System\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock”
    to set Network Access - Allow anonymous SID/Name translation to ‘Disabled’.
    In your case, this registry key does not exist.
    Please try to add this registry key to your Windows 2008 R2 server, then find out if this registry key could solve your issue.
    Here are some links below could be helpful to you:
    Configure a Registry Item
    http://technet.microsoft.com/en-us/library/cc753092.aspx
    You may not be able to connect to an instance of SQL Server by using an anonymous login
    http://support.microsoft.com/kb/839569
    I hope this helps!
    Best Regards,
    Amy Wang

  • How to disable Security Alerts message in IE10 via GPO

    I'm trying to disable annoying Security Alert message "You are about to view pages over a secure connection" in IE10 via GPO.
    I tried different GPO settings but neither of them did the trick.
    Any advice\suggestion would be appreciated.
    Thx. Boris 

    Hi,
    You can try going to Tools > Internet Options > Advanced and uncheck the box next to "Warn if changing between secure and not secure mode".
    And via the GP setting:
    Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\ Turn off the Security Settings Check feature.
    Regards,
    Ada Liu
    TechNet Community Support

  • What have i to do so my pdf security preferences are set each time i create  a pdf?

    Good morning,
    I'm looking for  the option so each time i create a pdf, my security preferences are on it automatically. I know the option on Adobe acrobat X but not on XI; any clue?
    Thanks in advance for answering my question.

    On acrobat X, I was using this option that we found in preferences.
    In that menu, i was looking for the button conversion au format pdf/convert to pdf, then microsoft office excel/word/powerpoint and i could set the important option: utiliser les dernières options de protection connues/use the last security's options known.
    However it disappears in the new version Adobe Acrobat XI.
    Can i have the same thing  in a different way?
    Respectfully,
    M. Vig

  • 'Disable or enable software Secure Attention Sequence' GPO setting | Security Risk

    Hello,
    In implementing SCCM we discovered that the 'ctrl+alt+del' button for the SCCM Remote Control client, will not work, unless we enable the 'enable software Secure Attention Sequence' GPO setting with 'Services and Ease of Access Applications' set.
    Our info sec team is looking for some reassurance that this introducing a lot of risk to our orgnization. Does anyone have any guidance they can provide for this?
    Thanks

    Hi jh,
    As you mentioned In Configuration Manager 2012 does bring the 'ctrl+alt+del' back which required enable the 'enable software Secure Attention Sequence' GPO setting.
    by default, only Ease of Access applications running on the secure desktop can simulate the SAS. If you set this policy setting to "Services and Ease of Access applications," both services and Ease of Access applications can simulate the SAS.
    When services or other application simulate the SAS, since services or application which could launches at logon it takes risks.
    We suggest you refer to system center configuration manager forum because you might get more useful suggestion there
    https://social.technet.microsoft.com/Forums/en-US/home?category=systemcenter2012configurationmanager
    Regards
    D. Wu

  • How to Disable Usb Selective Suspend Setting For Windows 8.1 Via Gpo/Registry

    Hello everyone,
    Could help me with a question ?
    How do I disable USB Seletive Suspended settings in Windows 8.1 is GPO / Registry ?

    Good morning.
    The procedure worked , sorry for the delay because the tests were running in the environment, will replicate via GPO solution.
    I appreciate the help .

  • Restart computers via GPO

    Hello all,
    I would like to do restart all our lab computers (joined into domain) daily at 23:59. Is there anyway I can schedule the script via GPO ? My domain controller in on windows 2003 ent server.
    Throw your ideas or point me in right direction how to achieve this.
    Madal

     
    Hello Madal,
    Thank you for your reply.
    “Is there a way to encrypt the password ?”
     Based on my research, you can create a “Schtasks Helper script” and “Encode” it to improve security as described in the following example:
    1. On this share create a VBS file called Schtasks.vbs with the following code:
    Schtasks.vbs
    set shell=wscript.createobject("Wscript.shell")
    shell.run "schtasks /create /ru <administrator> /rp <password> /sc dialy /st 23:59:00 /tn shutdown /tr \\servershare\shutdown.bat”
    shutdown.bat
    shutdown /t 0 /r
    2. Download the Windows Script Encoder from:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=e7877f67-c447-4873-b1b0-21f0626a6329&displaylang=en&Hash=2eeLrR1Fo%2bgy0pOMTILIDCo2B6FWF5ncnlQW61ur2UdX0K7ZsIKKjttmjR%2bpFX5MMlQ4EW7GWRIwNA%2f4WFS0rw%3d%3d
    3. Encrypt the original .vbs file:
    screnc original_vbs_file.vbs vbs_encrypted_file.vbe
    The script encoder is a command-line tool that allows a scriptwriter to protect the contents of a script from unauthorized copies or modifications while (at the same time) allowing the script to run.
    Disclaimer
    This sample script is not supported under any Microsoft standard support program or service. The sample script is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for
    any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages
    Actually, I also agree with Darren. You may use Group Policy Preferences to achieve the goal. It is a feature new in Microsoft Windows Server 2008. Group Policy preferences include mapped drives, scheduled tasks, and Start menu settings. For many types of operating system and application settings, using Group Policy preferences is a better alternative to configuring them in Windows images or using logon scripts. In fact, the new policy features in GPP support XP, Server 2003, Vista and Server 2008 “clients”. In order for clients to process GPP policy settings, they must install the GPP Client Side Extension (CSE) package, which is available from following site.
    Group Policy Preference Client Side Extensions for Windows XP
    http://www.microsoft.com/downloads/details.aspx?familyid=E60B5C8F-D7DC-4B27-A261-247CE3F6C4F8&displaylang=en
    For more details, you can download Group Policy Preferences Overview
    http://www.microsoft.com/downloads/details.aspx?FamilyID=42e30e3f-6f01-4610-9d6e-f6e0fb7a0790&DisplayLang=en
    regards,Nick Gu - MSFT

  • Loginscript via GPO does not work when local admin

    Hi
    We are in the middle of deploying Windows 8.1 to our
    organization. We are using Windows 7 Pro today. We a mapping network drives
    with a logon script via GPO. It is done with the good old net use commands that
    has been working for years e.g.:
    net use K: \\server1\Data /PERSISTENT:YES
    net use L: \\server1\Design /PERSISTENT:YES
    It works perfectly on Windows 7, but on the new
    Windows 8.1 machines, no network drives are mapped. I can see that the GPO are
    applied fine to the machines. It seems to have something to do with UAC and the
    fact that the users is local admins. If I remove the use from the administrator
    group, the script works fine and the drives are mapped just like in Windows 7 (5
    minutes delayed, but it works...!). If I keep the user in the administrator group
    and instead disable UAC by setting the EnableLUA to 0 in the registry it works
    too, but then it gives me a lot of other issues with Metro apps and the Windows
    Store.
    Has anyone found a good solution to map network drives
    for users that needs to be local administrators, without disabling UAC completely
    in the registry?
    Any help would be
    appreciated!
    Thomas | MCP | http://www.techwork.dk

    Thank you Techguy
    "Group Policy Preference Drive Maps", does not just resolve my issue it does also give me some a lot of new awesome options I don't have with net use commands via GPO :-)
    I have not tested it with Windows 7 yet, but I am pretty sure it will work there too
    Thomas | MCP | http://www.techwork.dk

  • Changing default picture viewer via GPO without changing image type and icon (Windows 7)

    Hello,
    I am trying to change the default picture viewer for some file extensions (.bmp, .jpeg, .png and .tiff). Actually Windows Photo Viewer is the default viewer and we need to replace it with Microsoft Office Picture Manager.
    I managed to do that change via GPO using the 'open with' preference under User Configuration\ Preferences\Control Panel Settings\Folder Options. So now the files are opened with Microsoft Office Picture Manager (office 2010). The problem is that the image
    type became 'OIS.EXE' for all the specified file extensions. Moreover the icon is now the same (Microsoft Office 2010).
    When I change manually the associated program for a file extension, the icon change but no the image type... this is different using GPO.
    Is there a solution in order to change the default program but keeping the image type and associated icon ?
    I tried to do that modification using the 'new file type' preference under Computer Configuration\Preferences\Control Panel Settings\Folder Options. I specified the 'open' action for OIS.exe, selected file extension BMP with associated class 'Bitmap Image'.
    It solves the problem for image type, Microsoft Office Picture Manager opens the files ... but I have to specify the icon file path and icon index and I don't know where I can find the default icons for the file extensions ...
    What is the best solution ? Am I right ? Am I doing something wrong ?
    Thank you in advance !

    Hello,
    thank you very much for your answers.
    For the rollback, I will reimport the original/default keys for all the image types, this should be ok.
    Here are the problems I have trying to pu Microsoft Office Picture Manager as default picture viewer (I just want  .bmp, .jpg ... files to be opened with Microsoft Office Picture Manager by default).
    1 Using new file type under Computer Configuration\Preferences\Control Panel Settings\folder options. : I define a new file type (BMP for example), associated class Bitmap Image, I configure the icon (imageres.dll,65) and an open action where OIS.EXE
    is the application used to perform the action.
    Result : Icon is correct, file type is correct, image files are opened with OIS.EXE (correct) ... BUT now Microsoft Office 2010 appears twice in open or open with menu
    2 Using new open with under User configuration\Preferences\Control Panel Settings\Folder Options : new open with preference, action (update or replace same result), file extension BMP, associated program (path to OIS.EXE), i check set as default.
    Result : Office 2010 opens image files (correct) but icon is Office 2010 one and the file type is now 'OIS.EXE' for all image file extensions I have specified ... so it won't be possible to sort the file by image type if I select that method...
    3 Using ftype : OIS.EXE doesn't open the file when I double click on it but Microsoft Office 2010 appears twice in the open or open with list ...
    I am a bit lost ... what is the best method to put Microsoft Office Picture Manager as default picture viewer, keeping the image type (Bitmap image, JPEG image etc) and without having Microsoft Office 2010 twice in the open or open with list ??
    Last question : by default an image file is opened and previewed with Windows Photo viewer and edited with Paint. I would like just to open images with Office 2010 but keep Windows Photo viewer for preview and Paint for edit ... Is it possible ??
    Thank you in advance for any help and support !!

  • Printers deployed via GPO not deploying

    Hi
    I have deployed printers via a GPO and mostly all printers have deployed correctly with the exception of a few. The printers that do not deploy to client workstations have different permission than the ones that do deploy correctly. If I add the everyone
    group the print permission then the printers do appear, but we do not want everyone to have print permission we just want a few members of staff to be able to print. 
    Does anyone know if the everyone group has to have print permission for the printers to appear when deployed through a GPO?
    Thanks in advance
    Shane Walford

    Someone else was having the same issue as reported in this post.
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/da80a891-2b2c-454b-afb6-48d2de189494/cant-deploy-printer-via-gpo-without-everyone-in-printer-security?forum=winserverprint
    If you are using Group Policy Preferences to deploy the printer connection, I'd suggest posting the Group Policy forum also. 
    Alan Morris formerly with Windows Printing Team

  • FormsCentral - save as PDF security preference options

    Hi, After reading other FAQs I can see there is no Footer feature within FormsCentral...so I was trying to save the design from FormsCentral as a PDF Form and then open it in Adobe Acrobat and insert the footer via the Page Tools BUT each time I try it says that I don't have permission to change the form. I get why the permissions are set this way so once it's distributed others can't change it....BUT I can't see how I change the security preferences for the PDF Form export from FormsCentral to allow me to open it in Adobe Acrobat, inesrt the footer and then save it as a locked down Form can anyone help me with the permissions?

    http://forums.adobe.com/docs/DOC-3661

  • Deploy IP Printer Locally without a print server via GPO

    I have a client that has 1 main site and 3 smaller satellite sites. They only have one (yes 1) server for all of their clients. There is a 100MB connection between so bandwidth is not an issue. The server is 2008 R2,
    clients are a mix of XP and Windows 7. I have deployed client side extensions to the XP clients.
    My project: Install a new network printer in each site (its the same printer for all 4 sites), configure clients to use printer in their site via GPO.
    Each site has its own OU with users in their respective site OU. Normally, if this were a single site I could add the print services role, install the drivers for the printer on the print server, and use GP preferences;
    User config -> Preferences -> Control Panel -> Printers -> add new TCP/IP and then apply this to the users OU. The problem is that it requires a local name and local path, which would require a local print server in each site. 
    Is there a way to use GP to add a printer to each client computer (and set as default) throughout multiple sites, while only having the One server in 1 out of 4 sites? 
    All help is greatly appreciated! 
    NOTE: when I say site, I mean physical location, it is all one domain. 

    I am really getting close to the deadline of new printers arriving so I will walk through exact steps I have taken to get this set up. 
    Ok. I have a server running 2008 R2. I added the Print services role. 
    Right click 'Printers' -> Add printer
    select 'Add a TCP/IP Printer by IP address or hostname'
    'Type of device' = 'Autodetect'
    'hostname or IP address' = 'x.x.x.x' (IP address that printer will be set to)
    'Port name' = 'x.x.x.x_2'
    do NOT select 'auto detect printer driver'
     select 'Generic Network Card'
    select 'Install new driver'
    select 'Have Disk' and browse to driver
    'Printer name' = Printer Name
    select 'share this printer'
    'Share name' = Printer Name
    next, next, driver installs and printer installs, and finish. 
    Now you have the printer installed and showing up under printers. 
    Now, I right click printer and -> deploy with group policy
    Browse to the OU where my user is located in ADUC, select the GPO that I have linked to that OU, click 'add' and click 'OK'.
    Now, log in to a win 7 computer, gpupdate, printer shows up in devices and printers. I can't print to it obviously since it's not connected to the network yet. But, when I log in to an XP computer, run gpupdate, it does NOT populate in devices and printers. 
    What am I doing wrong? 
    Thank you in advance. 

  • Deploying Adobe Creative Cloud via GPO

    A few months ago my long and lasting journey with Adobe CC started and I was pretty eager to deploy the software in our enterprise. As it comes out, with a little help from Adobe, that just made me crazy and a few pretty pointless and sensless tests I finally managed it somehow to get Adobe CC deployment via GPO. None of our users have local admin rights due to restrictive policy in our enterprise. All testing and configuration was made on Windows 7 Enterprise (x86 and x64) machines.
    As we don't use SCCM in our environment it was critical to use "simple" GPO rollout for software. As there are MSI's with all the packages I started my journey...
    To start it all of:
    As it seems, you cannot buy licenses any more permanent and you can buy them via subscription. OK, that's one way to go and since we need all these products in future we went in evaluating it. Since we cannot buy licenses in a big order like adobe wants us to we were only left to buy the creative cloud for teams and not for enterprise. Still, this was fine to, since adobe offered the cloud packager and a lot of documentation, i thought at least.
    To test and make sure that we can deploy all of the wanted features of creative cloud we bought 2 licenses for the IT-staff. During testing, late semptember/october 2014, with the cloud packager in version 1.6 I was able to deploy the packages and software as we wanted. Just as information, we wanted our users to have Bridge, Photoshop, InDesign, Illustrator, Dreamveawer, Prelude and the most important thing, we did NOT want the creative cloud desktop application due to company restrictions. Well as mentioned before everything worked as charm and I was just happy to start ordering the licenses for all of our users and get things done
    Well, as a lot surely know, the process of ordering the licenses and getting things rolling in a enterprise sometimes takes a little (more) time. After about one or two months later everything was ready and set and I was feeling like this is going to be a piece of cake. Make new packages with the cloud packager, create the gpo's, test the deployment, invite the users and I'm the king of the jungle.
    That was what I thought...
    Adobe was so nice to release the newer and more improved version (I think 1.7 or 1.8) of the cloud packager, that suddenly hasn't been able to deactivate the creative cloud desktop application. Well, not a problem I thought to myself, I'll just uninstall it later on and it's fine. Since there are about 20 users that were getting the software it would be a not so nice job, but once done it's done and it shouldn't happen again.
    Then i was hit by Adobe with a colossal fist right in the face! Why are you asking? Well as I mentioned above, the deployment via GPO worked fine and now? Not anymore, since the exception deployer couldn't install the applications it just broke everything and didn't even try to install the other applications that don't need the exception deployer. After a few e-mails and further testing, run as local admin, run installation after being copied to local, I lost fate that this is ever going to work.
    Adobe gave me the best help they could and I even had a deployment expert in on a web session and he gave me a short commandlet (exception deployer) and said that it has to work this way but surprise, it didn't. As I was getting more and more frustrated by this situation and the exception deployer I started to shrink down the packages as much as possible so that there are no applications that needed to be deployed with the exception deployer. I run tests and guess what? It worked! Man, was I happy that after almost a month things started getting in the right shape. As I couldn't sleep because of this mess I started testing the applications that Adobe techs said needed the exception deployer. I created a new package just for Lightroom 5 (yeah, I know there is a newer version out now, but not at that moment) and saw that it landed in this exception folder that is made during packaging with the cloud packager. I was just curious to test it and made a new GPO for just Lightroom, as a MSI was also within the package I figured, why not give it a try? It worked again!?! I was pretty surprised due to the information that it shouldn't be working, as Adobe techs stated.
    The simpler problem was the creative cloud desktop application. After having the Adobe techs in on a websession they stated, that it should work if I choose enterprise licensing to get rid of this software. But due to Adobe's updating policy of the creative cloud packager, there has been a newer version released (1.9) that opted out this feature to deactivate the installation of the creative cloud desktop application. I thought myself, why? Just please tell us why Adobe do we need this? But OK, there was also a solutions for this problem, the adobe creative cloud cleaning tool. If you create and XML file that is being read from the cleaning tool you can run this and "almost silently" uninstall the software via GPO. I gave it a shot and it works like a charm.
    To be honest I thought, that Adobe due to it's status as THE software company when it comes to creating/editing multimedia content they would know about the problems some of their customers across the globe could be having. As it seems, they don't care enough or haven't ever had somebody with a similar problem(what I cannot believe, but all right) to share some more detailed information about a case like this.
    I know, why have we bought it, if we don't need any cloud space? Well it's simple, Adobe creative products are needed and the CS6 products won't be here forever so it's better to start sooner than later with migration to a newer release. Still I was hoping to get more help from Adobe....
    Just to share the packages with you:
    "Complete 32Bit" package includes: Audition CS6+Updates, Bridge CC, Dreamweaver CC 2014.1, Edge Animate CC 2014, Fireworks CS6, Illustrator CC 2014, Incopy CC 2014, InDesign CC 2014, Photoshop CC 2014, Prelude CS6
    "Complete 64Bit" package includes: Audition CS6+Updates, Bridge CC, Dreamweaver CC 2014.1, Edge Animate CC 2014, Fireworks CS6, Illustrator CC 2014, Incopy CC 2014, InDesign CC 2014, Photoshop CC 2014, Prelude CS6, Premiere Pro CC 2014, SpeedGrade CC 2014
    "InDesign 32Bit" package includes: InDesign CC 2014
    "InDesign 64Bit" package includes: InDesign CC 2014
    "Lightroom 5 32Bit" package: Lightroom 5
    "Lightroom  5 64Bit" package: Lightroom 5
    None of these packages needed the exception deployer to be run. It was all tested on different (also different machine specs) 32bit and 64bit machines. The OS was always Windows 7 Enterprise.
    To uninstall the creative cloud desktop application i wrote a batch file:
    @ECHO OFF
    IF EXIST C:\log_adobe_cc_cleaner\*.* EXIT ## checks if this folder is existent. If not it continues. If there is the folder it stops and won't run again ##
    mkdir C:\temp_adobe_cc_cleaner ## creates a temp folder, as the uinstall tool can only be run locally ##
    xcopy \\your_server\your_share$\adobecc\adobecc-cleaner\*.* C:\temp_adobe_cc_cleaner\*.* /Y ## copies the complete content of the folder to the newly created local folder ##
    call "C:\temp_adobe_cc_cleaner\AdobeCreativeCloudCleanerTool.exe" --cleanupXML=C:\temp_adobe_cc_cleaner\cleanup_desktop_app.xml
    xcopy "%Temp%\Adobe Creative Cloud Cleaner Tool.log" "C:\log_adobe_cc_cleaner\*.*" /Y ## copies the log file to folder, creates the folder itself ##
    rmdir /q /s "C:\temp_adobe_cc_cleaner" ## removes the adobe creative cloud unintaller from local machine, leaves the log file folder for further check if the creative cloud uninstall tool needs to be rerun ##
    The XML file has following written:
    <?xml version="1.0" encoding="UTF-8"?>
    <Products>
    <Properties>
      <Property name="eulaAccepted">1</Property>
      <!--<Property name="removeFlashPlayer">1</Property>-->
    </Properties>
    <CreativeCloud>
      <Product productName="Adobe Creative Cloud" version="2.0"/>
      <!--<Product productName="Adobe ID CC2014 x32 AppBase" version="10.0"/>-->
    </CreativeCloud>
    <AdobeIdCredentials>
      <!--<Product productName="Adobe Id Credentials" version="1.0"/>-->
    </AdobeIdCredentials>
    </Products>
    Updating of the Adobe products is done with Secunia CSI in our enterprise, but there is also the posibility to remotely run the updatemanager.exe or via logon/logoff script.
    What I also found out, was the dependency of vcredist for adobe products. You need the 2010, 2012 of them and most importantly in the x86 and x64 version! In case you get a .DLL missing error.
    I hope this here helps someone who has lost a lot of nerves and a lot of time due to the deployment of Adobe creative cloud applications. I stil hope that there is going to be a better and easier way to deploy this.
    Excuse me for the bad english, good luck with your deployment and maybe we can get Adobe a bit smarter from our all experience to make us a good deployment method.
    Toni

    Slim.nl is an indirect seller of Adobe products whose policies are not known to us. In our server we do not see any purchase from Adobe.com.
    Please try to purchase from https://store2.adobe.com/cfusion/store/html/index.cfm?store=OLS-NL&event=displayProduct&ca tegoryPath=/Applications/AcrobatProX
    You do have an Adobe ID with the Email provided here.
    Regards
    Rajshree

Maybe you are looking for