Forum Discussion
Acrobat DC Reader Vulnerabilities - Endpoint Manager - PowerShell
To whom it may concern,
Please excuse me but I believe the post belongs here not in the PowerShell discussion.
I deleted the post placed in the PowerShell group
Background:
- I have a test tenant that is pure "Microsoft Modern Management"
- There is no on-premise SCCM nor is there one in the cloud
- 2 systems are joined (as they should be) the remaining 3 are registered BYOD
- All solutions are applied from WDATP recommendations that can be without GP (so Intune direct or via registry entries (PowerShell)
- All systems are MDM managed not MAM (I have checked this at least 6 times)
- I currently have 9 PowerShell scripts that are deployed all users and all devices.
- This one is causing me grief, in that it has been set to check that the program is installed, and reset the values.
- What I don't understand is why it is throwing an error. It shouldn't throw anything.
- What have I done wrong.
The code is here.
#Adobe DC Reader feature lockdown
#Call the registry value and then set the value. If the value doesnt exit app not installed so exit
#Updated 24-01-2021 and tested on machine with Adobe DC installed - MDM is failing where program doesnt exist
If (Get-ItemProperty -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown')
{
#If the key already exists just set the value
Write-Output "True"
Set-Itemproperty -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown' -Name 'bDisableJavaScript' -value '1'
Set-Itemproperty -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown' -Name 'bEnableFlash' -value '0'
Get-ItemProperty -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown'
}
else
{
#If the key doesnt exist then the program is not installed and doesnt need rectification
Write-Output "False"
}
Although it is not a Biggy
- Does this mean the code has failed because of code or
- Is this is what it is meant to do and report in Endpoint manager (I like all green reports)
You can see the result in Endpoint Manager here.
Thanks in advance. I'm sure its programming but as I said I have another 5 of these that are roughly the same sort of coding format, and I am not getting the same issues.
Hello braedachau,
the issue is caues by the if condition, the path you try to check cannot be found because it does not exist when Adobe DC is not installed. (I believe that the registries have not been set by Adobe DC then.)
Try it with "Test-Path"
Example:
#Check path If (Test-path -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown') {}
- MK_NilsCopper Contributor
Hello braedachau,
the issue is caues by the if condition, the path you try to check cannot be found because it does not exist when Adobe DC is not installed. (I believe that the registries have not been set by Adobe DC then.)
Try it with "Test-Path"
Example:
#Check path If (Test-path -Path 'Registry::HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown') {}
- braedachauBrass ContributorGreat. I'll do that, thanks
- travisrauhCopper ContributorHey braedachau,
Did MK_Nils suggestion work? If so, do you think you'd be willing to show me exactly where you added that "test-path" in to your code? I'm unfortunately self-teaching, our environment is setup the exact same way as yours (pure cloud, recommendations from WDATP, etc.), and I'm trying to follow those two same recommendations.