|
Posted by Mathieu CHATEAU on August 18, 2007, 4:53 pm
Please log in for more thread options
As you can feel, it's always much better when the root problem is solved :)
enjoy
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
> Hello Mathieu, Anthony and Roger!
>
> Thank you for Your replays! And special thanks to
> Mathieu Chateau, who was around all the time
> and gave me many suggestions!
>
> After reinstalling Office 2007 a few times, the only
> catch I noticed was a warning application event from
> before the reinstallations... Word had some problems
> accessing "HKEY_CLASSES_ROOT\.pip". I deleted the
> related keys, but even after clean reinstallation,
> my problem remained.
>
> Visual Studio 2008 beta 2 had stopped working due to
> Office reinstallation. I was really tired for things
> were getting worse and worse with every step I did.
>
> But when I analyzed the permissions for that key
> I noticed that they were very restrictive:
> System:F, Administrators:R
> Limited users had no chance for accessing anything
> under "HKEY_CLASSES_ROOT". I compared this to the
> virtual machine where the permissions are:
> System:F, Administrators:F, Users:R, Power Users:special
>
> I applied the proper security settings to the entire key
> "HKEY_CLASSES_ROOT" and then reinstalled Office 2007.
>
> Now everything works just fine for the limited users.
> Word will not attempt to install, not even for once -
> as some of you had told me.
>
> Visual Studio repair took a lot of time, but at least
> it's ready to work again!
>
>
> It's time for the big backup! :-)
> I've about 31 GB backups to compress (hopefully on 2 DVDs)
> This is about 24h CPU time at the slowest 7-zip settings.
>
> Cheers everyone, and thanks again!
>
>
>
> George Valkov
>
>
>
> "Mathieu CHATEAU" wrote:
> | just about the "install mode", all recent MSI do it automaticaly:
> |
>
http://technet2.microsoft.com/windowsserver2008/en/library/6656a734-b480-4533-b131-281d755df4b31033.mspx?mfr=true
> | If you install a program from an .msi package, you do not have to run
> these
> | commands to switch the system in and out of install mode. Instead, you
> can
> | run the .msi package or associated Setup file directly.
> |
> |
> | BUT, office 2007 seems to need it as it's a setup:
> | Deploy the 2007 Office system on a Terminal Services-enabled computer
> |
>
http://technet2.microsoft.com/Office/en-us/library/7e816caa-7c1c-4d78-ac28-693aa4ea58d81033.mspx?mfr=true
> |
> | =>George, did you use it (change user /install) ?
> |
> | By the way, about the way to install office 2007:
> | When users run the 2007 Office release on a Terminal Services-enabled
> | computer, they cannot install, configure, or uninstall features or
> | applications. This is because the features and applications are
> installed
> on
> | the terminal server and not on the client computer, and users do not
> have
> | administrative rights to install, configure, or uninstall software on
> the
> | terminal server. Consequently, you must be sure that the installation
> state
> | for each feature and application is configured as Run from My Computer
> (that
> | is, fully installed) or Not Available (that is, not installed). If the
> | installation state for a feature or application is configured as
> Installed
> | on First Use, users will see a warning if they attempt to use the
> feature
> or
> | run the application. For example, if you configure the installation
> state
> | for an application to Installed on First Use, the following error
> appears
> | when a user tries to run the application:
> |
> |
> | --
> | Cordialement,
> | Mathieu CHATEAU
> | http://lordoftheping.blogspot.com
> |
> |
> | > George,
> | > The Office "repair" need to set up the per-user settings for each
> user,
> in
> | > the user profile and HKCU. If you stop it, Word will start but without
> | > user settings. The "repair" should only be running in the user
> context,
> as
> | > it does not require admin rights to set the per-user settings.
> | > As you are installing it on a server, I am wondering if you are using
> | > Terminal Services. If so, you have to install Office in Install Mode,
> | > otherwise the per-user elements (like the shortcuts on the installing
> | > user's desktop) will be installed incorrectly.
> | > If you want to customise Office (for example by removing the ShellNew,
> you
> | > will need to do it by using the Office Resource Kit. I doubt if you
> can
> do
> | > it successfully by blocking the permissions, as that will just trigger
> | > continual repairs.
> | > Apologies in advance if I have misunderstood,
> | > Anthony.
> | > http://www.airdesk.co.uk
> | >
> | >> Thank You for the replay, Mathieu, but this doesn't fix my problem.
> | >>
> | >> I don't want any exceptions for any services. Limited uses must not
> be
> | >> able
> | >> to start services.
> | >>
> | >>
> | >> Now about Your suggestion, this is what I did to test it:
> | >>
> | >> create account "testUser"
> | >> member in groups "Users", "Remote Desktop Users"
> | >> remote desktop to localhost, login as testUser
> | >> start Word, asks for Name and Initials...
> | >> Office 2007 setup starts and completes in 2 minutes.
> | >> Word displays "Privacy Options", I unchecked all
> | >> Quit Word.
> | >>
> | >> Start Word again... Office 2007 setup again...
> | >> Word is ready for use in 2 minutes,
> | >>
> | >> Disable and stop "Office Source Engine" service
> | >> Disable and stop "Windows Installer" service
> | >>
> | >> Start Word... 'An error occurred and this feature
> | >> is no longer functioning properly. Please run
> | >> Setup and select "Repair..." to restore this
> | >> application."
> | >>
> | >> Click OK -- Word shows and is ready to use!
> | >> No delays, no problems, no any kind of trouble!
> | >>
> | >> I've tried reinstalling or repairing Office, but
> | >> nothing helps! This problem is ever since I
> | >> installed it for the first time. I also had the
> | >> same problem with Office 2003. I also had the same
> | >> problem in my previous and my current installation
> | >> of Windows 2003 server.
> | >>
> | >> Well this could be because I've removed the "ShellNew"
> | >> for all of the office documents, of course Word wants
> | >> to restore it, but to prevent this I've set explicit
> | >> Deny permissions for changing that keys in the registry.
> | >>
> | >>
> | >>
> | >> George Valkov
> | >>
> | >>
> | >>
> | >> "Mathieu CHATEAU" wrote :
> | >> | Hello,
> | >> | Only administrators can start/stop services
> | >> |
> | >> | These services are exceptions, they are called to impersonate
> Office
> | >> through
> | >> | the MSI technology
> | >> |
> | >> | If you create a fresh user, it should only do that once, no more.
> | >> |
> | >> | --
> | >> | Cordialement,
> | >> | Mathieu CHATEAU
> | >> | http://lordoftheping.blogspot.com
> | >> |
> | >> |
> | >> | > Hello everyone!
> | >> | > I'd like to know, how can I configure the permissions for a
> service
> | >> so
> | >> | > that
> | >> | > only Administrators can start it.
> | >> | >
> | >> | >
> | >> | > I have a problem with Microsoft Office 2007 installed on Windows
> 2003
> | >> SP2
> | >> | > Enterprise. When I start for example Word as an Administrators
> | >> member -
> | >> | > all
> | >> | > seems just fine. But if I change that account to User or Power
> User
> | >> and
> | >> | > remove it from the Administrators group:
> | >> | >
> | >> | > When Word is started as a limited user, it starts Windows
> Installer
> | >> | > service
> | >> | > and Office Source Engine service. It takes about 2 minutes to
> | >> complete
> | >> the
> | >> | > installation and Word is ready for use. But the next time he
> starts
> | >> Word,
> | >> | > it
> | >> | > starts installing again.
> | >> | >
> | >> | > On the other hand, if those two services are disabled, Word
> starts
> | >> just
> | >> | > fine
> | >> | > with no delays, no installations and is ready for use. So that's
> why
> | >> I'd
> | >> | > like to prevent limited users from starting those two services.
> | >> | >
> | >> | > Oh, by the way It will be much better if the limited users cannot
> | >> start
> | >> | > any
> | >> | > services or drivers at all. This will increase the security. Is
> there
> | >> any
> | >> | > such setting or group policy, and where?
> | >> | >
> | >> | >
> | >> | > Thank You for any help or web-link!
> | >> | >
> | >> | >
> | >> | > George Valkov
> | >> | >
> | >> | >
> | >> | >
> | >> |
> | >>
> | >>
> | >
> | >
> |
>
>
| 
XML Sitemap