Deploy Adobe Reader 11.0.4 with ConfigMgr 2012 SP1

Today Adobe released another quarterly patch for Adobe Reader. If you’d like to dig deep into the details, you’ll find the security bulletin here. I you’ve not yet read about how to slipstream Adobe Reader I suggest that you read up upon my previous post about Adobe Reader 11.0.3. This post will cover the steps necessary to slipstream Adobe Reader 11.0.4 and customize it for an enterprise environment.


  • Create the slipstream folder structure
  • Download the required files
  • Create the AIP package
  • Create a MST transform
  • Notes when creating the Adobe Reader 11.0.4 application

Create the slipstream folder structure
Create the following folder structure:

Download the required files

Download the required files and save them in C:\AdobePatch\AdobeReaderDownloads.

Create the AIP package

1. Open an elevated command prompt and browse to C:\AdobePatch\AdobeReaderDownloads.
2. Run the following command:

AdbeRdr11000_en_US.exe -nos_o"C:\AdobePatch\AdobeReaderDownloads\11.0.0" -nos_ne

3. Run the following command:

msiexec /a 11.0.0\AcroRead.msi /qb TARGETDIR=C:\AdobePatch\AIP

4. Run the following command:

AdbeRdr11004_en_US.exe -nos_o"C:\AdobePatch\AdobeReaderDownloads\11.0.4" -nos_ne

5. Copy the AdbeRdrUpd11004.msp from C:\AdobePatch\AdobeReaderDownloads\11.0.4 to C:\AdobePatch\AdobeReaderDownloads.
6. Run the following command:

msiexec /a C:\AdobePatch\AIP\AcroRead.msi /qb /p AdbeRdrUpd11004.msp TARGETDIR=C:\AdobePatch\AIP

7.  Copy Setup.ini from C:\AdobePatch\AdobeReaderDownloads\11.0.0 to C:\AdobePatch\AIP.

Create a MST transform

1. Download Adobe Customization Wizard XI from here.
2. Install the application and launch it when done.
3. Click on File -> Copy Package.
4. Enter the information as in the picture below:
5. In the left pane on the Personalization Options, check EULA Option: Suppress display of End User License Agreement (EULA).
6.  On the Installation Options page, select Make Reader the default PDF Viewer, Silently (no interface) and Suppress reboot.
7. On the Shortcuts page, remove Adobe Reader XI under Desktop.
8. On the Security page under Protected View, select All files. Under Enhanced Security Settings, select Enable & Lock for both Standalone and Browser. Under Privileged Locations, add the network shares your company stores common data. You can also add C:\ and other local drives. Check the box next to Prevent end user from adding trusted hosts. See the picture below for how I’d recommend to tighten the security in Adobe Reader. Remember though, these security settings may not apply in your environment. Perform thorough tests before deploying the application.
9. On the Online Services and Features page, check the following boxes:

  • Disable product updates
  • In Adobe Reader, disable Help > Purchase Adobe Acrobat
  • Disable Product Improvement Program
  • Disable Viewing of PDF with Ads for Adobe PDF
  • Disable all Adobe online services based workflows and entry points

10. Click File -> Save Package.
In C:\AdobePatch\AcrobatTransform\Adobe Reader 11.0.4 you’ll now have the complete package that can be deployed to your clients with ConfigMgr 2012 SP1. Copy the contents of the Adobe Reader 11.0.4 folder to your source structure on a fileserver (or however your environment looks like). In my case it will be \\fileserver\ContentLibrary$\Software\AdobeReader\11_0_4.

Notes when creating the Adobe Reader 11.0.4 application

What’s important to point out is that an application with AIP source files will not be able to install “over” existing Adobe Reader installations since it’s not a patch to your existing Adobe Reader installations. On the bright side though, once you’ve adapted and deployed this type of applications (AIP), you can take advantage of the superscedence feature in the application model.
In order to install Adobe Reader 11.0.4 with the transform, you need to put this as the Installation program command on the application deployment type in ConfigMgr 2012 SP1:

msiexec /i AcroRead.msi /qn TRANSFORMS=AcroRead.mst

Happy slipstreaming!

Nickolaj Andersen

Chief Technical Architect and Enterprise Mobility MVP since 2016. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows devices and deployments including automation. Awarded as PowerShell Hero in 2015 by the community for his script and tools contributions. Creator of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService to name a few. Frequent speaker at conferences such as Microsoft Ignite, NIC Conference and IT/Dev Connections including nordic user groups.


  • Hi Nickolaj,
    thanks for that guide. Good work 🙂
    I ran into a problem, that after the installation, all users got no .pdf file type icon anymore. Its always the generic white icon. (thumpnails work!) even changing .pdf files to another prog to open with and back, still no icons. Any ideas how to fix that or what i made wrong?

    • Hi Max,
      Thank you!
      I’ve never run into that sort of problem, so I can’t say I know any solution to it. I’d suggest that you google for the problem that you’re experiencing to see if others have run into it previously.

  • Thank you for this fabulous post!
    I have one question though. I am trying to deploy Adobe Reader 11.0.10 with SCCM to an environment where there is a lot of different versions. Let say I have Adobe Reader 10.x installed, it will uninstall it and install version 11.0.10 but if I have versions 11.0.2 and try to install 11.0.10, it will install correctly but version 11.0.2 will stay in Programs and Features (Control Panel). Do you have an idea why?
    I would like to deploy 11.0.10 to a collection where Adobe Reader is installed and versions is < 11.0.10, but I don't want to have a bunch of PCs with two versions of Adobe Reader in their Programs & Features.
    Thank you!

  • I have followed all the steps, replacing all the AdbeRdrUpd11004.msp with AdbeRdrUpd11010.msp, since that’s the current version I am installing. When I get to step 6 creating the AIP Package, I type the command msiexec /a C:\AdobePatch\AIP\AcroRead.msi /qb /p AdbeRdrUpd11010.msp TARGETDIR=C:\AdobePatch\AIP, I get the following error. “The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch.”
    Can anyone help with this? I am lost on what to do now!

  • I just want to say thanks! I’ve been dealing with getting Acrobat 11 Pro deployed and installed for about two weeks now with little success. I’m sure there are 10 different wants to install it that I’m not aware of with SCCM2012 R2, but this one worked for me. SImple and easy to follow! I was able to use this guide as a template while substituting “AroRead.msi” with “AcroPro.msi”. Everything worked like a charm.
    I had to dig around to remember where to input the last command when you say to “In order to install Adobe Reader 11.0.4 with the transform, you need to put this as the Installation program command on the application deployment type in ConfigMgr 2012 SP1:”
    I’ve deployed this to about 9 test machines, and so far all have installed correctly, and since I used a full version of Acrobat, I was able to remove old version of Reader and Acrobat. Everything is updated and slip streamed. Many kudos!

  • Nicely written instructions. I have version 11.0.08 successfully bundled using the customization wizard. I have a couple of questions you may be able to help with in regards to deployment through SCCM2012: Our current version installed across the majority of our fleet is 11.0.03. Using the application model with supersedence we should be able to cleaning upgrade this. However there are other versions still floating around (have identified using both reporting and compliance settings) – will supersedence remove ALL versions of 11.0.X and how should I go about removing older versions (10.x & 11.x)

    • Hi Amiel,
      The only down-side with supersedence is that it can only remove a software if you’ve created an Application in ConfigMgr 2012 for each version that you want to supersede. You could of course create an Application that has a bogus install command line, and then for the uninstall command line (of the deployment type), runs a VB-wrapper (VB-script) that searches through the registry for all products of Adobe Reader, fetches the uninstall string stored and then executes it as a command. See how it’s done here for JRE:
      If you’re not that into VB-scripting, I’d suggest that you either create an Application for all the previous version that you would like to remove, or simply create a single Application with several deployment types for each version. Then you could use supersedence with the latest version to remove all previous.

      • The customization wizard provides a check box ‘Remove all versions of Reader’ when generating an MST, which I believe will remove versions 10.X and older. You have provided some good insight in tackling removal of older 11.X versions – so thanks for the link, very helpful!

      • Hi Amiel,
        Yes, there’s a tick box for that. But I’ve seen some occasions where this doesn’t work 100% at the time, so I normally go with supersedence in ConfigMgr. Thank you for your kind words! 🙂

  • When updating Adobe with this method what is the best approach as far as maintenance windows go? Should I create a task sequence and kill adobe background processes etc… Or does this seem to work by just deploying the application and using supersedence.

    • Hi Aaron,
      Regarding the maintenance window question, how has your company decided upon software distribution and when it’s allowed to happen? Using a task sequence could be a way to do it. But I’d rather go with a VBscript wrapper, if you really needs to make sure that there’s no Adobe Reader processes running, and only use the application model. Have a look at this post I wrote a while back:
      That’s actually for a MSP file for Adobe Reader, but you could just amend the command line switches to suit your needs. When I worked at my previous job and deployed Adobe Reader, I barely used the wrapper though. The supersedence took care of it without a problem in that environment. I’d recommend that you test both solutions and see what works out best for you.

  • Hi,
    in software centre it is saying that its already installed but the installed version is an older version.
    I presume the detection method isn’t working correctly.
    Any Ideas?

    • Hi Paul,
      Have you used supersedence on the latest version? It would seem that with 11.0.6 Adobe managed to get the Product ID wrong, so you’d have to use another detection method than the AcroRead.msi. Also, if you’re having problems with applications not being superseeded, have a look in these log files:
      – AppDiscovery.log
      – AppEnforce.log
      – AppIntentEval.log

  • Nickolaj
    1. Can i do this with adobe reader 11.0.06?
    2. We have Adobe reader XI MUI, how do you do this with MUI?

  • Hey, sorry one other question: is it really necessary to copy the Setup.ini file to the AIP? Just looking at it’s contents it looks like it is used by the Setup.exe, but since we are using MSI files, it seems like this would not be needed. I just want to make sure I am not neglecting anything.

    • Hi James,
      There can never be too many questions! You’re totally right, it’s used by the setup.exe. It’s a mistake from me to have that step, it should not be necessary for it to work.

  • I have since tried slipstreaming 11.0.5 “msiexec /a C:\AIP\AcroRead.msi /p C:\AdobeReaderDownloads\AdbeRdrSecUpd11005.msp” but receive this message “The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch.”
    Can anyone help ?

  • Do you really have to download both the 11.0.0 base and 11.0.04 exes? It appears that the base MSI and subsequent MSP are contained in the latest exe. So extracting the 11.0.04 update using
    AdbeRdr11004_en_US.exe -nos_o”C:\AdobePatch\AdobeReaderDownloads\11.0.4″ -nos_ne
    Should give you the base MSI and the .04 update MSP. Correct me if I am wrong, just seems like a step can be saved. Thanks!

    • Hi James,
      You’re totally correct. You can do it this way also. Thanks for pointing that out! 🙂

  • this works great in SCCM 2012 for me except for one small issue. i use the Adobe Customization Tool as specified and removed the desktop icon and for some reason it always installs. i use SCCM 2012 to image pc’s and to push out applications via software manager. if the end user deletes the desktop shortcut software manager reinstall the app because the desktop icon is missing. is there another way to stop the desktop icon because the wizard isn’t doing it.

    • nevermind, i figured it out. had to run this string in order for it to work correctly
      msiexec.exe -i “C:\AdobePatch\AcrobatTransform\Adobe reader 11.0.5\acroread.msi” /qb TRANSFORMS=acroread.mst

      • Hi,
        I’m glad that you got it sorted out, because when applying the transform it will in fact remove the shortcut (if you’ve chose to do so in the customization tool).

  • Thanks for these instructions! I’ve run into a weird problem though where after I deploy Adobe Reader the version shows up as 11.0.00. I still had my command prompt open and verified that I had done the following step:
    msiexec /a c:\adobepatch\aip\acroread.msi /qb /p adberdrupd11004.msp TARGETDIR=C:\adobepatch\aip
    I tried reapplying the patch but got an error saying that it couldn’t be installed because the patch may update a different version of the program, so to me that seems to indicate that it was patched. Do you have any ideas as to what is going on? Thanks again!

    • Hi Erik,
      I’ve experienced that error too sometimes when I’ve applied the patches in the wrong order. I’d empty the AIP folder and start over, that’s what I’ve done in the past and it has worked out fine.

  • I tried this method out for the first time. We have a lab with acrobat 11.0.3 and needed to upgrade to 11.0.4 using SCCM. Followed all the steps. If go to one of the PCs that reports as finished and login I get the action center popup saying Acrobat has an update. I have everything set to silent install so I have no idea why this is coming up. If I look in add/remove progs the version shows 11.0.4 but the install date is from the 11.0.3 version. Launching the program confirms it is 11.0.3 still. Any ideas?

    • Hi Mike,
      From what you’re describing it doesn’t sound like the old 11.0.3 was uninstalled before the new slipstreamed version was installed. I recommend to use the Supersedence feature from the Application Model in ConfigMgr 2012. Can you try to enable supersedence on the new application and make sure you check mark in the “Uninstall” box?

  • Fantastic post. Been packaging adobe updates for years and never looked into slipstreaming. Certainly a good idea. One question though, does it speed up the installation because the MSPs don’t need to apply in a chain afterwards?

    • Hi Jeffrey,
      Thanks 🙂
      I’ve not made any tests to see which approach is the fastest, but I’d assume that since the MSP’s are baked into the original MSI that it would go slightly faster than chaining them.


Categories use cookies to ensure that we give you the best experience on our website.