After testing deployment of the January 2014 release of Adobe Reader 11.0.06 we noticed new behavior on any machine that was not a fresh build. The following pop-up was displayed upon first launch:
“Adobe Reader Security: Trusted certificates from your previous version of Adobe Reader were found. Would you like to import them? Any certificates that are not imported in this step will not be available in this version of Adobe Reader.”
According to the Release Notes found here Adobe has added an improvement that will allow you to silently import any existing addressbook.acrodata file, which contains the certificate details used in signature workflows. The problem is that the default behavior of this new registry key is set to 1, which prompts the user for action.
The improvement adds a setting to the Windows Registry reference (under Security –> Addressbook Import) with three options an administrator can make to avoid the first launch pop-up.
The setting is “iImportAddressBook” and has three options;
- 0: Do not copy the old address book. The user is NOT prompted and the address book should NOT be installed.
- 1 or null: Default: The user is asked whether the address book should either be installed or not.
- 2: Import the address book silently.
To suppress this message and silently import the address book, you should set the suggested DWORD-value to 2:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USERSoftwareAdobeAcrobat Reader11.0SecuritycDigSig] "iImportAddressBook"=dword:00000002
Our recommended approach for deployments to existing machines would be to include this in the Adobe Customization Wizard, modifying the Registry section and verifying the change in the Direct Editor under custom MSI table EnterpriseRegistries. One thing to note, the alternative approach would be to control this in Group Policy and unfortunately the latest group policy ADM Templates from Adobe modified September 2012 (found here) does not include the iImportAddressBook setting.