Deploy Adobe Acrobat Reader DC to macOS endpoints with an idempotent DMG and PKG installation flow
This Automox Worklet™ deploys Adobe Acrobat Reader DC to macOS endpoints by retrieving the installer through the Automox software cache, mounting the disk image, and invoking the macOS installer utility against the AcroRdrDC PKG. The Worklet handles the entire flow end to end, so administrators do not need to host the DMG on an internal share or pre-stage the package onto each endpoint.
Evaluation is a single test against /Applications/Adobe Acrobat Reader.app. If the bundle is present, the endpoint is compliant and the Worklet exits 0 with no remediation scheduled. If the bundle is missing, the evaluation phase exits 1 and Automox schedules the remediation phase on the next policy run.
Remediation calls the Automox download helper to fetch the signed Adobe Acrobat Reader DC installer DMG, attaches it with hdiutil, locates the AcroRdrDC PKG inside the mounted /Volumes/AcroRdrDC* volume, runs installer -pkg against the system volume, and detaches the disk image. A final probe against /Applications/Adobe Acrobat Reader.app determines the script's exit code: the bundle present returns 0, missing returns 1 with a message routed to the Automox activity log.
When Adobe Acrobat Reader DC is missing from a macOS endpoint, end users fall back to Preview or to a browser PDF viewer. Preview handles basic form fields and signatures, but does not run Acrobat-specific JavaScript and does not reliably render dynamic XFA forms, layered comments, or Acrobat-managed certified signatures. Standardizing on Reader gives the support team a single supported PDF client to troubleshoot against and removes the per-user prompts that browser viewers throw when a form needs a real PDF stack.
Run this Worklet across the macOS fleet to keep Adobe Acrobat Reader DC installed on every laptop. The Worklet runs unattended, skips compliant hosts, and reaches roaming endpoints that an MDM push or a manual installer often misses.
Evaluation phase: The evaluation.sh script tests for the application bundle at /Applications/Adobe Acrobat Reader.app. If the directory exists, the script prints "Adobe Reader is already installed. No changes are required." and exits 0. If the directory is absent, the script writes "Adobe Reader is not installed. Remediation will be scheduled to install software." to stderr and exits 1, which tells the Automox agent to schedule the remediation phase on the next policy run.
Remediation phase: The remediation.sh script first re-checks /Applications/Adobe Acrobat Reader.app to guard against a race where Reader was installed between evaluation and remediation. If the bundle is still missing, the script calls /usr/local/bin/wdk ottopm download adobe_acrobat_reader_dc_full to pull the signed Adobe Acrobat Reader DC DMG from the Automox software cache, parses downloaded_file_path out of the JSON response with wdk ottoq json, runs hdiutil attach against that path, locates the PKG with find /Volumes/AcroRdrDC* -type f -name 'AcroRdrDC*.pkg', runs installer -pkg "$pkg_file" -target "/Volumes/Macintosh HD", and detaches the disk image with hdiutil detach /Volumes/Acro*. A final check against /Applications/Adobe Acrobat Reader.app decides the exit code: bundle present returns 0, bundle missing returns 1 and the failure surfaces in the Automox activity log.
macOS 10.15 (Catalina) or later on either Intel or Apple Silicon; current Adobe Acrobat Reader DC builds ship a universal binary
Approximately 500 MB of free space on the system volume for the installer payload, the mounted DMG, and the installed application bundle
Outbound HTTPS reachability from the endpoint to the Automox software cache so the wdk ottopm helper can fetch the signed DMG
Automox agent installed and running with root context, which is the default install state; no additional privilege escalation step is required for installer -pkg or hdiutil
The /usr/local/bin/wdk helper present on the endpoint, which ships with the Automox agent; if the helper is missing, the remediation script exits 1 before attempting the install
No conflicting copy of Adobe Acrobat Reader.app mounted from a read-only volume or staged under /Users/<user>/Applications; the Worklet treats only /Applications/Adobe Acrobat Reader.app as authoritative
After successful remediation, the application bundle exists at /Applications/Adobe Acrobat Reader.app and the next evaluation run reports the endpoint as compliant without scheduling another install. Validate by running ls -la "/Applications/Adobe Acrobat Reader.app" or mdfind "kMDItemCFBundleIdentifier == 'com.adobe.Reader'" against the endpoint, both of which return the application path when Reader is installed. The pkgutil receipt is also visible via pkgutil --pkgs | grep -i com.adobe.acrobat for audit evidence.
Reader registers as a handler for the public.pdf uniform type identifier, though it only becomes the default PDF viewer if no other application has already claimed that role for the user account. Pair this Worklet with a recurring Adobe Acrobat Reader update policy to keep Reader patched against the advisories Adobe publishes on the second Tuesday of each month: the deployment Worklet only handles the initial install and does not upgrade an existing version.


Loading...
Consider Worklets your easy button
A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklets deploy named-CVE mitigations within hours of disclosure, perform configuration, remediation, and install or remove applications and settings across Windows, macOS, and Linux.

AUTOMOX + WORKLETS™
Uncover new possibilities with simple, powerful automation.
By submitting this form you agree to our Master Services Agreement and Privacy Policy
By submitting this form you agree to our Master Services Agreement and Privacy Policy.
Already have an account? Log in