Deploy Acrobat Reader DC through GPO

Posted on by Andy

Well this was more difficult than i thought to have an updated version installed through GPO. There are many howtos but only this worked for me. So here now the RIGHT WAY:

Download the latest enterprise version here:

https://get.adobe.com/uk/reader/enterprise/

Now save it to your local disk, open powershell and goto where the file is saved. Extract all installer files with:

PS> .\AcroRdrDC1900820071_en_US.exe -sfx_o"C:\AcroRdrDC_Deploy" -sfx_ne

Note that the filename may be different due to newer or older versions.

Great! You should now have several files, including an .MSI in the extracted folder. Now go there:

PS> cd C:\AcroRdrDC_Deploy

Now the following step is optional and only needed if you want to customize your MSI:

Download the Adobe Customiser here:

https://www.adobe.com/devnet-docs/acrobatetk/tools/Wizard/index.html

After installing the Customiser, launch it and open the C:\AcroRdrDC_Deploy\AcroRead.msi file. Do your customisations and save the transformation file next to the MSI. This will generate a .MST file.

Now you need to create an AIP folder with:

PS> msiexec.exe /a AcroRead.msi

An installer opens up. Follow the wizard and save to a folder, e.g. C:\AcroRdrDC_Deploy\AIP

Copy the .MSP update file AcroRdrDCUpdXXXXXXXXX.msp and AcroRead.mst file to C:\AcroRdrDC_Deploy\AIP

When done, go to the AIP folder and execute:

PS> msiexec.exe /a AcroReader.msi /p AcroRdrDCUpd2001320074.msp

This applies the patch. Then copy the whole AIP to a network share and go to your Group Policy Management.

To deploy the MSI now you need to add the software as ADVANCED, not ASSIGNED. Go to the Modifications tab and select the .MST file here.

Launch an gpupdate /force on your client machine and after a reboot, the latest Adobe Reader DC should be installed.

Enable TLSv1 in Ubuntu 20.04

Posted on by Andy

By default, Ubuntu 20.04, or better the used OpenSSL version, disables all ciphers below TLSv1.2 and you need to re-enable it in order to use older ciphers. It is quite simple, add following text at the top of /etc/ssl/openssl.cnf:

openssl_conf = default_conf

[ default_conf ]

ssl_conf = ssl_sect

[ssl_sect]

system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=1

Now reboot the machine and you should be done.

Warning: this can harm your machine, not physically but mentally. make sure you know how to restore the openssl.cnf if you have to.

Offline FortiClientVPN

Posted on by Andy

Unfortunately Fortigate is only providing online installers for their VPN clients. This sucks badly because most of the time their download servers are overloaded and downloading within the online installer takes way too much time.

So here is how you can extract the offline installer from the online installer the first time it downloaded it.

For macOS users:

  • Download the online installer from https://www.forticlient.com/downloads
  • Start the online installer and let it finish the download
  • Then open your terminal while the installer is open and type:
    open $TMPDIR/fctupdate
  • copy FortiClient.dmg to your desktop
  • proceed with the installation

For Windows users:

  • Download the online installer from https://www.forticlient.com/downloads
  • Start the online installer and let it finish the download
  • Then open PowerShell while the installer is open and type:
    explorer $env:TEMP
  • copy FortiClientVPN.exe to your desktop
  • proceed with the installation

So basically the online installer saves an offline version in your users temp folder and you need to copy that to another location.