Back to Knowledge Base
What is the Global Object Security policy and what do I need to do when I see this message?

The Global Object Security (GOS) policy is a setting in Adobe Reader and Adobe Acrobat that controls how cookies in Adobe products behave. The default setting is to "enable global object security policy" which means that every time someone renames a file or moves a file to a different location, a different cookie is created each time. Since Vitrium Security's content security solution relies on these cookies to track the number of 'devices' that a user opens the secured content on, it is STRONGLY recommended that end users disable this feature. 

How to disable the Global Object Security Policy:

  1. In Adobe, go to Edit > Preferences
  2. Click the JavaScript tab
  3. De-select (uncheck) the "global object security policy" field
  4. Click OK

Users will only need to do this once for one computer. If they wish to open the protected PDF file on a 2nd computer (assuming they have permission to do so), then they will need to disable the GOS policy in Adobe on the other computer as well. 

To learn more about disabling the GOS check out the 'How to Support Your End-Users' guide.

Why do users need to disable the Global Object Security Policy in Adobe?

Because otherwise the user may exceed the limit that was set for them in their DRM policy and they will encounter the vc3 error message (You have exceeded your PDF or browser limit) even if they have only opened the file on the same computer.

By disabling Adobe's GOS policy, the user can then safely move the protected file from one folder to another, or rename the protected file to something else, but not reach their limit as the cookie is saved with the file on that same computer. 

Can I remove the Adobe global object security policy pop-up message?

Yes, you can remove this message but we only recommend this to Vitrium customers who DO NOT set a PDF limit in their DRM policy settings.

To remove the message on a new content setting: 

  1. In Vitrium, create a new Content Setting
  2. Click the Advanced Options tab
  3. Check "Set Acrobat cookie policy"
  4. For both Acrobat 10.0 and Acrobat 11.0+, select "No prompt and no close document" for both fields
  5. Ensure all your other Content Settings are created (i.e. no print, no copy, etc.)
  6. Click Save & Exit
  7. Then apply this new Content Setting to all files or only those files where you do not require a PDF limit for users

This can also be done in an existing document content setting as long as the content setting has not been applied to more than 25 files. If it has been applied to more than 25 files, feel free to reach out to to get the change made for you.

Using Vitrium Security's VersionUnique API, this content setting can be changed/overridden by including this parameter:

    "AcroJsGosBehaviourType": "NoPromptAndNoClose",
    "AcroJsGosUnlimitedBehaviourType": "NoPromptAndNoClose"


AcroJsGosBehaviourType would apply to Acrobat v10 and earlier releases
AcroJsGosUnlimitedBehaviourType would apply to Acrobat v11 and newer releases

Definition of each Acrobat GOS policy setting:

  • PromptAndCloseDocument - this will prompt the user if they don't have the global object security policy setting disabled and will close the document until they make this change. This is the default setting. 
  • PromptOnly - this will prompt the user if they don't have the global object security policy setting disabled but will not close the document. You then run the risk of the user reaching their PDF limit if they did not follow the instructions.
  • PromptOnce - this will prompt the user only once if they don't have the global object security policy setting disabled but will not close the document. The prompt will appear once per document, not per device. You then run the risk of the user reaching their PDF limit if they did not follow the instructions.
  • NoPromptAndNoClose - this will neither prompt the user nor close the document and is only recommended in scenarios where you DO NOT require setting a PDF limit for users. When set, a new device ID/Tracking ID is generated when the user first opens the document; a new deviceId is generated if the user then renames and opens that document; and a new deviceId is generated if the user moves the document to a new folder and opens it from there. So be aware that a small device limit (1 or 2) can be exceeded by a user who simply renames or moves the Protected PDF on disk.


How do I save a copy for offline use?

For the secured web documents to work offline, a copy needs to be saved in the user's browser cache. This is a quick video shows how you can save a copy on your browser cache for offline use of the secured web document (Vitrium's Web Viewer):

Basically, the web document needs to be saved in the browser’s cache (as cookies) so it can be used later when the User decides to access it ‘offline.’ You’ll notice in the video also the delete button to remove this ‘saved copy’ from the browser for when their use is done.

We highly advise for the User to clean up their browser cache soon after they’re done reading the document offline as it will eventually fill up their browser caching storage (which gets stored on the hard drive). Simply put, if they save all  the documents they have permission to for offline use, the browser cache can get quite large and it will start to slow down their computer speed for processing things.

Here’s an article online that you can read for more  clarification on the browser cache:

What kind of password should I set up for the recipients of my content?


We recommend that you initially set up your Users (the recipients of your content) with a strong password, minimum 8 characters, and one that uses a combination of letters, numbers, and special characters.

We also recommend you select "Force user to change password" when you're adding Users into your Vitrium account as this way, the User can select their own password which may be more familiar to them. 

For additional password controls, be sure to read more about our "Security Settings" in the Vitrium Security Admin Manual. 

What is the difference between offline days and expiry date?

Offline days, when greater than 0, allows Web Viewer users to click the toolbar icon "Save to Browser" and save that content to the browser's cache and be offline -- no Internet access -- for those number of days. The user would also have to bookmark the Web Viewer URL in order to access that content offline.  Once the number of days lapses, if the user is online, they will automatically be authenticated once again and be granted another (N) days offline. If the user is offline, the content will be locked and the user logged out. The user will need to be online and log in once again to continue to access the content. This re-authentication forces the Webviewer content to communicate back with Vitrium’s server to re-validate the User’s authenticity while checking if the content and/or DRM policy is still valid.

Expiry date is when content is set to expire, depending on the level the DRM Policy is set, it renders all access for the User(s) or Group(s) to be denied when the date comes. This is determined by setting a specific date of expiry. 

Thus, the most predominant difference is that Offline days used for those users who can’t connect to the internet and this feature enables them to have access to the protected content without an internet connection. On the other hand, Expiry dates limits user(s) or group(s) from accessing the content after the date you’ve set. Subscription-based businesses can benefit from the Expiry date feature and also expiry after first unlock.

NOTE: If Expiry date is set, offline days will be shortened if it allows the user to go beyond the expiry date.