I'm trying to figure out how to block my Adobe Reader users from having the capability to trust untrusted certificates. Basically I'm using the customization wizard to pre-build a Reader DC build with all needed settings, that trusts the Windows certificate store certificates and the Adobe EUTL lists. For that purpose, I don't want them to be able to add unknown certificates to the Adobe store.
The Adobe Windows Registry Reference is more than detailed, but there's a zillion of info in there and don't know where to start looking...