Installing Custom Office 2003 Addin via GPO or SCCM

Posted on 2010-11-10
Last Modified: 2013-11-21

We have recently been asked to delpoy 3 components via GPO or SCCM to ensure all computers get them and also to save IT staff from having to walk to each computer and install manually.

We are doing this with a simple batch file that runs each setup in turn silently and this works fine with manual installs as an Admin account. If we do the same script in a GPO or SCCM, the software all appears to install correctly with success entries in the Windows event log, but the Addin will not appear in Office. Also if the script is run manually this addin works for all users.

"\\servername\vstoseruntime\vstor.exe" /q
msiexec.exe /i "\\servername\office2003pia\o2003pia.msi" /q /l* "C:\windows\PIA_Setup.log"
msiexec.exe /i "\\servername\protective markingsetup.msi" /q /l* "C:\windows\PM_Setup.log"

One other thing is that with SCCM there is an error in the log about not being able to elevate privellages for the o2003pia.msi file, even thought it is set to run with elevated privellages.

I have been trying to work out why this will not install as the System account as it does for a user account and an coming up with nothing after searching through many sites.

NB: We have many other GPOs and SCCM installations that work fine with batch files, msi and setup.exe and this is not 'how to use GPO or SCCM issue'.

All help is much appreciated.

Question by:Scott_Gardner
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 10

Expert Comment

ID: 34110182
When you're running programs from within a batch file in SCCM you are elevating the batch file rights, not the rights of the files being launched inside it.

What about adding those files to your package distribution, and calling each command line from within a program and linking the programs?


Author Comment

ID: 34110551
All of the files install as they are running in the context of the SYSTEM user in the GPO, which has full permissions to the computers. The event log shows that the installs were successfull also and you can see the installed products in Add / Remove section on computer. The only difference is that the addin does not load. I have checked in the Disabled Addin section of Word and it is no listed, although it is in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\. I have even run the Microsoft PSS VSTO 2005 Client TroubleShooter  and this shows that all is installed as required.
LVL 10

Expert Comment

ID: 34110594
I think I know what the issue is.... we had a similiar problem deploying vsto addins for all users and we implemented a hotfix and added extra code to the addin in the registry for this to work.   have a read of this site and it may assist you.

Author Comment

ID: 34110972

The thing is that this works perfectly fine and applies to all users if we run the batch file once in an Admin account. The same can not be said if run it from GPO or SCCM. Is the VSTO or o2003pia.msi needing to do something when installing that the SYSTEM account can't perform. It would not be so bad if the install at least failed, but it says successfull in the event log for all 3 components.

LVL 10

Accepted Solution

Kezzi earned 500 total points
ID: 34111350

The system account has no profile whereas the administrator account does.  The above articles explains why the sytem account is used during windows installations as technically both have the same permissions.  So I imagine its because msi cannot find the "profile related" areas it needs to update it.

Also, do you know if the ALLUSERS property is set to 1 or 2?  To make sure, add this to your msi command line : ALLUSERS=1
that might help it install properly under an all users context instead of per user

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are client relationship the only driver of a successful MSP? While important, client relationships are only one component. Learn how else MSPs can broaden their horizon and differentiate themselves.
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
Viewers will learn the different options available in the Backstage view in Excel 2013.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question