Deploy Adobe Reader via GPO



The intent of this document is not to replace Adobe’s Administration Guide (, but instead be a “cheat sheet” of how I would deploy Adobe Reader via Group Policy.

In order to deploy Adobe Reader an Adminitrative Installation Point (AIP) needs to be created. The AIP is best if you need to administer multiple computers, because it allows you to create a standalone installer, that includes all the patches up to the current version. The Windows Installer allows applications to run directly from a network share, without the need for a local copy. They support patches (.msp files) and customizations of packages through transforms (.mst files) of a package's relational database.

A quarterly AIP update can not be applied to an AIP that security update that was recently applied. Quarterly updates include the changes implemented in all recent security updates, the quarterly update forcibly bypasses those updates entirely. To deploy a quarterly update from an AIP, create a AIP which includes only quarterly update. (

Here are a few notes:
I always keep the original .msi .msp and .exe files.
Substitute {network path} to a share directory that all users have read privileges to The images to the left gives a reference point of how the following command is used.

AIP Directory 1

X AIP Directory 1

Create Administrative Installation Point
Creating an Administrative Installation Point creates an uncompressed source so the application can be installed from a network location

msiexec /a \\{network path}\AdobeReader\11\11.0.0\AdbeRdr11000_en_US.msi TARGETDIR=\\{network path}\AdobeReader\11\AIP

Create administrative transform

msiexec /i \\{network path}\AdobeReader\11\11.0.0\AdbeRdr1000_en_US.msi TRANSFORMS=\\{network path}\AdobeReader\10\10.0.0\AdbeRdr1000_en_US.mst

AIP Directory 2

X AIP Directory 2

Add patch to installer

msiexec /a \\{network path}\AdobeReader\11\11.0.0\AIP\AdbeRdr11000_en_US.msi /p \\{network path}\AdobeReader\11\11.0.06\AdbeRdrUpd11006.msp

Customization Wizard

Security Protected View enabled with Files from potentially unsafe locations selected. This is done in an effort to prevent zero day attacks.

Enhanced security restricts several types of behaviors and content: • Unrestricted cross domain access • Silent printing • XObject (stream) access • Data injection • Script injection

Enhanced Security Settings both Standalone and Browser are Enabled

Testing 1. Copy .msp file to VM and install 2. Once installation is complete, open application and accept any Terms and Conditions. 3. Click Help, and select About Adobe Reader. Ensure that the version listed is the correct version. 4. Ensure that new installation is able to open documents


Follow Us

Copyright © 2007 - 2021. All Praise Media LLP. All Rights Reserved.