Advertised COM add-in won’t trigger on-demand install if you want to deploy the Add-in with the following conditions (HKEY_USERS + COM Add-in + managed desktop<non admin privileges>).


The Shared Add-In uses COM Shim, is obfuscated and is signed with Authenticode signature. I initially thought MSI advertisement would be the way to approach this. But, later investigations revealed that COM Add-Ins won’t be triggered using Advertisement.

We need to understand what part of it would require admin privileges while installing the Add-in:

1) Installation of Pre-requisites like: .NET Framework, PIA, KB908002

2) Copying of the Add-In and related/dependent files.

3) .NET component registration, COM Shim registration

4) Office Add-in related registry entries. 

The pre-requisites do need admin privileges, so we should separate them out into a separate setup so that this particular setup would be run by an admin locally (or GPO or SMS). For the Add-in project, we need to make sure that the files get copied to a "non restricted" folder like %userprofile% as copying to "Program Files" may not be allowed for managed users. The Add-In related entries need to go to HKCU. So we just used to put the files under "%userprofile%". The users will also have the ability to turn ON or OFF this add-in.


Comments (0)

Skip to main content