replacing adobe acrobat readerPosted by joshua.smith on Mar 19, 2010 in network administration, vbscripts | 0 comments
after a lot of looking and quite a bit of testing and customization, i think i have finally found a replacement for adobe acrobat reader.
why replace acrobat reader? off the top of my head:
- security issues. everywhere. frequently.
- and hence because of the security issues, you have to patch often. very often. which requires time, testing, and a fair amount of good luck to not break *anything*.
- and lastly, i was interested in replacing adobe because of its tendency to crash, specifically in our AD environment (see this post for more details). its not often, but often enough that i get some calls
so here is what i did. i searched. a bunch. i of course found foxit, and i tested foxit pretty heavily. i like foxit, and it was very close to what i was looking for, but then i ran across tracker software’s pdf xchange viewer. not only was it small and fast like foxit, i could mod the heck out of it to get it to look the way i wanted, and it could modify pdf’s, all for free.
heres how i turned this:
in order to roll this out via a GPO, i downloaded the 32-bit msi (2.048) from docu-track and did the following modifications (brace yourself, this takes some time):
- got rid of the ad in the top right corner (info from here). to do this, you:
- download the xn resource editor
- open the xchange viewer exe (pdfxcview.exe) using xn resource editor
- delete the “Ukranian” key under png -> 255
- save the exe
- changed the icons (sorry docu-track, but your default icon is hideous)
- went out to google and got a nice, clean png file to associate to pdf files
- downloaded heaventools.com resource tuner and opened up the pdfxcview.exe
- went to the icon entry folder, and looked at the size and bit depth of every icon (click on the icon number then resource editor)
- once i had all the icon information, i used paint.net 3.5.4 to modify my png off of google to mimic all the sizes and depths and replaced all the icons in the exe with my new icons (replace button in resource tuner is right next to the icon size and depth)
- all my other requirements for the program were accomplished via reg hacks. specifically, i wanted:
- a clean interface (not too many menus showing)
- no pro options to be available
- no splash screen
- no search provider options (only be able to search the pdf)
thankfully, pdf xchange viewer stores most settings in hkey current user in the registry. so, once i configured xchange viewer and made all my desired changes, i just exported the hkcusoftwaretracker software key and i had a clean starting point to deploy to users (see below for my configured reg file)
- repackage the msi back up into a cleaned up msi with no desktop shortcut, the new exe, and a new name to show up under the start menu. i used advanced installer to do this, although we have the paid version of it. i think you can do the same with advanced installers free version, but ymmv.
- now that we have a cleaned up exe, and all the settings ready to go, all packaged in a msi to deploy, the last hurdle was file association. i had to fight with this a bit to get right, but finally got it working on our server 2008 and xp sp3 machines. one major problem i ran into was that the location server 2008 stored the pdf association in the registry had a explicit deny permission for each user. to get around this, i used a built in command-line tool called regini.exe to modify the permissions on the key which allowed me to change users file association to whatever i wanted to be. see comments in code for more detail.in a nutshell, this script looks for a custom reg key (that we create). if the key doesn’t exist, we run the registry import of our reg file to get the user a clean start (if the custom reg key exists, we don’t do the import since the user might have made customizations that we want to carry over). we next move on to checking if the registry associations are correct. if they are not correct, we adjust the permissions of the key with regini, then set the keys to the correct values to associate them with our new pdf viewer. one note here. the script can run, and correctly re-associate your pdf’s from adobe to xchange viewer, but the icons don’t change until the next logon or rebuild of the icon cache. here is the script as we are using it:
' Idea to create a temp file to run regini against from this blog: ' http://blogs.msdn.com/alejacma/archive/2008/03/11/how-to-change-registry-permissions-with-regini-exe-vbscript.aspx ' ' I found I also needed to use a temp folder along with the temp file. Example located here: ' http://www.devguru.org/Technologies/vbscript/quickref/filesystemobject_gettempname.html ' ' A good read on file association and some others that ran into issues and provided a few ideas for solutions ' http://social.technet.microsoft.com/Forums/en/itprovistaapps/thread/55d11c00-b77b-46af-925b-5555b962b490 ' ' VBscript and registry basics ' http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/registry/ On Error Resume Next const HKEY_CURRENT_USER = &H80000001 strComputer = "." set objFSO = CreateObject("Scripting.FileSystemObject") Set objRegistry = GetObject("winmgmts:\" & strComputer & "rootdefault:StdRegProv") set objShell = CreateObject("WScript.Shell") ' Specify registry keys to modify for default PDF application association. ' The first key is for the PDF association on Server 2008. The second key is for XP SP3 PDF association strKeyPath_01 = "SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pdfUserChoice" strKeyPath_02 = "SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pdf" strValueName = "Progid" strValueData = "PDF-XChangeViewer.1" ' Specify registry key settings to show pdf settings have already been imported (or not) from reg file strSettingsKeyPath = "SettingsSoftwarepdf_viewer" strSettingsValueName = "pdf_xchange_viewer_settings_imported" strSettingsValue = "1" strRegistryFilePath = "\domain.localsysvolscriptspdf_xchange_viewer_user_config_v1.reg" ' Query the existing values of the registry keys objRegistry.GetStringValue HKEY_CURRENT_USER,strKeyPath_01,strValueName,strValue_01 objRegistry.GetStringValue HKEY_CURRENT_USER,strKeyPath_02,strValueName,strValue_02 objRegistry.GetStringValue HKEY_CURRENT_USER,strSettingsKeyPath,strSettingsValueName,strSettingsCurrentValue ' Check and see if the registry settings have already been imported If (IsNull(strSettingsCurrentValue) = TRUE) Then ' Import in the settings to get the user starting with a clean layout objShell.Run "reg import " & strRegistryFilePath ' Create reg key indicating settings have already been applied, don't apply them again objRegistry.CreateKey HKEY_CURRENT_USER,strSettingsKeyPath 'Set your registry value objRegistry.SetStringValue HKEY_CURRENT_USER,strSettingsKeyPath,strSettingsValueName,strSettingsValue End If ' Check and see if either of the keys values are not set to the new PDF viewer If (strValue_01 <> strValueData Or strValue_02 <> strValueData) Then ' Create temp file to run regini.exe against (Server 2008 has a Deny permission set up on the key which regini fixes) strFileName = objFSO.GetTempName Set strTempFolder = objFSO.GetSpecialFolder(2) set objTempFile = strTempFolder.CreateTextFile(strFileName) objTempFile.WriteLine "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pdfUserChoice [1 5 17 21]" objTempFile.Close ' Change registry permissions with regini.exe objShell.Run "regini.exe " & strTempFolder & "" & strFileName, 8, true ' Delete temp file objFSO.DeleteFile strTempFolder & strFileName ' Set registry values to new PDF viewer ' The first key is for the PDF association on Server 2008. The second key is for XP SP3 PDF association objRegistry.SetStringValue HKEY_CURRENT_USER,strKeyPath_01,strValueName,strValueData objRegistry.SetStringValue HKEY_CURRENT_USER,strKeyPath_02,strValueName,strValueData End If
if you are interested, write me and i can provide the exe, vbscript, or registry file.
one last plug for why you should switch from adobe acrobat reader (and it doesn’t have to be to pdf xchange viewer). check this image out from the zero day blog:
as a security guy, this says a lot.