Many system administrators have encountered this at least once in our lifetime, or should I say at least once a week: We constantly find ourselves trying to control our network and environment, protecting it from malware, constantly keeping it up to date, and in many cases also protecting it from users that can be blamed for our hair loss among many other things.
One of these struggles is to keep our software, operating systems, and hardware up to date with the latest patches, fixes, or service packs. However, because many of these updates were known at one time or another during IT history to cause serious issues with whatever they were supposed to fix, we as responsible IT pros usually want to test these updates before applying them blindly on our productions systems. What makes out life more complex is the fact that for some software, such as the ones from Adobe, updates can be done by our end users. You know what this can lead to, right? We need to control these updates and prevent regular users from updating their workstations. When we’ll be done with our testing, we’ll let those updates flow in, or perhaps we never will, it all depends on what we see fit at that time. In this article, I’ll walk you through the steps to disable Adobe Reader XI updates with Group Policy.
How to Disable Adobe Reader XI Updates
So how do we block Adobe updates from being installed by our end users? A common and very useful way of doing that in a domain environment is using Group Policy.
Note: Of course there are many other methods of pushing registry changes to workstations.
In this article I will show you an easy way to disable automatic Adobe Reader XI updates from running per users requests. You might still want to apply the updates to your network, but maybe you prefer doing it in a time frame you choose or want to test it before applying.
If you open now the Adobe Reader application and you click on Help menu, you will see those updates are available.
The idea behind disabling the Adobe Reader update is very simple. There is one registry key which gives you the ability to disable updates functionality.
The key located under:
The registry entry called: bUpdater and it is a DWORD value. By simply setting the value to 0, the updates will be disabled. This registry entry does not exist by default, so it has to be created. Of course it can be created manually using registry editor (regedit.exe), but in large environments you surely want to automate the process and apply it to large amount of computers.
Warning! If you make an error while editing the registry, you can potentially cause Windows to lock-up, fail, or be unable to boot, requiring you to reinstall Windows or restore from a backup. Edit the Windows registry at your own risk. As always, you should back up the registry before making your changes.
- If you are using an AD-based GPO, open Group Policy Management Console (Start > Run > gpmc.msc) from a Windows Vista/7/8/2008/R2/2012 computer that is a member of the domain.
- In the GPMC window, browse to the required GPO that is linked to the OU or domain where the computers are located, then edit it, or, if needed, create a new GPO.
- Select the desired OU, right-click and create new GPO (I assume you want to create a new one, but of course you can edit an existing one).
- Give a name to the GPO object.
- Select the GPO link that was just created, then right-click and select Edit.
- In the Group Policy Editor window, browse to Computer Configuration > Preferences > Windows Settings > Registry.
- Right-click and select New, then select Registry Item
The New Registry Properties screen will appear and you will have to enter few values so at the end it will look like that below.
- You have to fill in the below details:
Key Path: SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
(In case Adobe Reader is installed on the computer that you creating the GPO on, you just have to browse to above location).
Value name: bUpdater
Value type: REG_DWORD
Value data: 00000000
- Click OK and your screen should look like the image below.
- That’s it! Your GPO is ready to be applied to the relevant OU. After a computer receives the setting (a restart is needed), its local registry will look like the image below.
And as I mentioned before, this key did not exist before we applied the GPO; instead, it was created by our GPO.
Remember how the Help menu looks like before? Now if you check the Help menu, you see that Check for Updates is missing.