Must read for everyone trying to deploy VSTO solutions

I am breaking the silence to get the word out (to those loyal souls that still aggregate my blog) about 2 articles on VSTO deployment. First article is an in depth overview of VSTO deployment models and proposed solutions. The second one is a complete walkthrough for setup project creation with code samples. Most important – this is a must read for every VSTO developer. If your setup does not install pre-requisites – tons of people won’t be able to use your add-in. If your setup does not make sure PIAs are on the machine – tons of people won’t be able to use your add-in. If your setup does not deploy CAS policies correctly – tons of people … But If your setup does deploy CAS policy incorrectly and allows evil hackers take control over the machine – you are done (if you are not Microsoft, of course:)). The articles address all these points.

Deployment is VSTO’s pain point. Part of it is because of the extremely scrutinous security model. Another part is because of our initial desire to support ClickOnce-like capabilities for offline scenarios when ClickOnce was not ready yet to support VSTO-like solutions. The above articles do not remove the pain but help controlling it. In the future we are loooking at removing it at all and making deployment complete part of VSTO experience as it should be – easy and sometimes pleasantly surprising :).

Any development in this area should not go without mentioning some excellent work that has been done by VSTO community. In the past Mads Nissen (helped by Peter Jausovec ) posted a solution for VSTO deployment. What Mads has done is very good work even though it suggested to manipulate CAS policies using the CAS APIs (Peter Torr would not be very happy about this because manipulating security APIs directly is prone to errors. And security bugs may be very costly to both you and your customer).

Finally I wanted to congratulate my colleagues Lubo, Darryn and McLean for getting this article out.

Comments (16)

  1. Luther Miller says:

    Great stuff. I have integrated the bootstrapper referenced from Mads’ blog. I’ve noticed that our Word VSTO Task Pane application will not run properly if the prequisites are installed until there is a reboot. Is there a way to specify that if any pre-reqs were installed that the user should reboot before running the app? Note that the installation can complete without the reboot.

  2. Misha Shneerson says:

    Are you sure it is the pre-reqs problem? I would think that you would only need to re-start Word to pick up changes in the CAS policy.

  3. Luther Miller says:

    99% sure. This was a Windows 2000 Server that had neither the .NET 2.0 Framework or the VSTO redistributable. I ran the bootstrap installer (which works great, by the way), Word was not running. Then I tried the app – Word crashed. I rebooted and tried again and it worked.

    The 1% – maybe I had Outlook open, which meant there may have been a WinWord.exe process running in the background… of course, this is also a typical user scenario. In any case, THIS problem has not been reported by any of our testers yet, although one person needed a reinstall of Windows XP after installing everything (ugh).

  4. rasx says:

    Just in case automated deployment does not quite work out or there is a need for more "surface area" control, check out the VSTO Assembly Linker. This tool is essentially a .NET UI wrapper for the OfficeToolkit.Persistence ActiveX object.

  5. Kevin Farley says:

    I solved the multi-assembly deployment problem with the SetSecurity project. See my solution on the Forum. Basically, the SetSecurity project wasn’t designed for multi-assembly projects that shared the same AssemblyGroup name.

    I updated the project to allow all the Assembly file policies to live neatly under the AssemblyGroup policy and now I don’t have to trust the entire -url path.

  6. Marcela Moreno says:


    I already generate setup with tutorial Deploying Visual Studio 2005 Tools for Office Solutions Using Windows Installer: Walkthroughs

    I already trusting the assemblies….but in my equipment dont work. I have this error:

    The customization assembly could not be found or could nor be loaded…..

    And in another equipment it does not leave this error, but the actionspane does not open when the solution is opened after installation. When I manually open it using Templates/Add-in tools option, it just opens a blank Document Actions pane.

    Can you help me, please?



  7. OmegaMan says:

    My goal was to just get a local copy running of a VSTO document. The MSDN pages read like stereo instructions and seemed to be out of date. I found this Microsoft blog which gives step by step instructions on how to deploy a VSTO document locally on a box or off of a network and it deals with the trust issues.

  8. OmegaMan says:

    This is directed to Marcela’s post or anyone else having problems with running on a client’s machine. One needs the VSTO runtime libraries installed on the client. Sometimes that is not enough, I have had the runtime installed only to see exceptions thrown by the application when it would hit one of my remote assemblies. I have had to install the runtime, with other components from the Microsoft Office developer VSTO install for programmers.

  9. Mahesh Patil says:


    I have developped a a solution in VSTO2005.  for programming Task Pane (ActionPane) in MS Word

    I ave created my own user ActionPaneControl and added to the Task pane.

    The elements inside the Task pane will fetch the data from webservice.

    When I run the project  (F5) , an instance of word is opening and the task pane is appearing with elements having data from web service.

    My question is ?

    I would like to deploy this assembly, when any word instance is opened, this task pane should appear.

    Could any one has worked please let me know how this can be acheived?



  10. Neil Davis says:

    The VSTO2005RASK.exe file does not seem to be preserving the directory structure when it extracts the files.  As a result, certain files are overlaid and only create one copy, such as global.cs and app.config.  Is there some command line option to make it preserve the directory structure on extraction?

  11. Omar had a problem: he was using VS 2005 SP1 on Vista to build his Windows Installer setup package for

  12. Omar had a problem: he was using VS 2005 SP1 on Vista to build his Windows Installer setup package for

  13. The original deployment paper targeted deployment aspects of customizations built using VSTO 2005 release