Archive for the ‘Office’ Category

Install Office on Remote Desktop Server

You cannot install a standard version of Office on an RDS server.  Prior to Office 365 you had to buy Enterprise licenses for each user which are quite expensive.  I understand Enterprise licenses are still available and I assume they will still work but you may already have a suitable Office 365 subscription, or you can upgrade to one that will.   Your Microsoft 365 license must include Office Pro Plus, a Business Standard license will not work.  There is an Office Pro Plus license or an E3 or higher license includes Office Pro Plus.  With Office/Microsoft 365 you can use your current licenses but have to download a special installation version and jump through a few hoops.  This method is supported by Microsoft.

Note: when installing apps on terminal servers in the past you had to put the server in “Install mode” by running from an elevated command prompt 

  •    Change User /Install
  • and to exit Install mode run
  •    Change User /Execute

Though this is still recommended, I tried it without doing so and it worked, but make sure you are an administrator of the machine (local or domain) and all other users are logged out. I recommend a clean reboot before starting.

Create a shared folder such as \\RDS\O365 pointing to C:\Temp\O365  

Download the Office deployment tool from the link below and extract to your shared folder  \\RDS\O365

https://www.microsoft.com/en-us/download/details.aspx?id=36778

Create an .xml configuration file for the download and save to the same folder. I named DownloadConfig.xml 

<Configuration> 
  <Add SourcePath="\\RDS\O365" OfficeClientEdition="64"> 
   <Product ID="O365ProPlusRetail" > 
     <Language ID="en-us" />      
   </Product> 
   </Add> 
</Configuration>

Download the custom version of Office.  To do so open an elevated command prompt, change to the directory containing the .xml file  C:\Temp\O365\MayBeSubfolder and run the following command.

setup.exe /download DownloadConfig.xml

This may seem like it hangs, but wait.  I believe it took about 15 minutes with my connection.

Create another .xml configuration file for installation and save again to the same folder. I named InstallConfig.xml

<Configuration>
  <Add SourcePath="\\RDS\O365"
       OfficeClientEdition="64" 
       Channel="Monthly">
    <Product ID="O365ProPlusRetail">
      <Language ID="en-us" />
    </Product>
  </Add>
  <Display Level="None" AcceptEULA="True" /> 
  <Property Name="SharedComputerLicensing" Value="1" />
  <Logging Level="Standard" Path="C:\Temp" />
</Configuration> 

Deploy Office using:  \\RDS\O365\setup.exe /configure  \\RDS\O365\InstallConfig.xml

Note: you must use the full path

Again it may appear to hang, but be patient

If you ran Change User /Install before starting, run Change User /Execute

Microsoft has more detailed information and options to customize the xml files at:

https://docs.microsoft.com/en-us/deployoffice/deploy-microsoft-365-apps-remote-desktop-services

https://docs.microsoft.com/en-us/deployoffice/office2019/deploy

Microsoft 365, Outlook, & MFA

When you enable multifactor authentication in Microsoft 365 (formerly Office 365) with an existing tenant, Outlook starts asking for a password and will not accept your current Microsoft 365 password.  You then need to use app passwords for Outlook, rather than standard MFA with your password and a second option such as the Microsoft Authentication app, Txt, E-mail, or call.  Those options work fine with access to Web and other Office Apps but not Outlook. See the following link to manage App Passwords; https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords#:~:text=To%20create%20app%20passwords%20using%20the%20Office%20365,password%2C%20and%20then%20select%20Next.%20More%20items…%20

You can however enable standard MFA methods for Outlook using powershell.  The credit for most of the instructions below goes to; https://www.petri.com/enable-modern-authentication-exchange-online

Instructions to enable MFA with Exchange On-line (paraphrased)

When asked for credentials, you need to use an O365 admin account that does not have MFA enabled.  I create one without an Office license just for this.

I use the PowerShell ISE but I suspect standard PowerShell run as admin will work as well

Connect to an Exchange PowerShell session by running the following 2 lines

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

This is not in the Petri link above, but you need to run the following line to allow running scripts

Set-ExecutionPolicy RemoteSigned

Test if MFA is already enabled.  Will return “false” if not enabled

Get-OrganizationConfig | ft name, *OAuth*

Assuming not enabled run

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

Then run the following again to confirm now enabled, i.e. “True”

Get-OrganizationConfig | ft name, *OAuth*

Close session

Remove-PSSession $Session

I find it takes 30-60 minutes before the policy is applied and changes in use

Cannot open e-mail attachments on HP computer

Recently found on 3 two month old HP computers users could not open Office documents that were received as attachments to e-mails within Outlook. After troubleshooting, discovered it was due to an HP add-on utility “HP Single Click” a security app provided with many HP PCs. This can simply be uninstalled from Programs and Features, however any open apps that use it must be closed. A reboot will insure this. Also a reboot is required after uninstalling. Presumably this was caused by a windows or HP update as it had not been a problem in the past. Perhaps more recent updates have resolved the problem.

Office 365 authentication did not succeed

I have had a few questions regarding a message “Office 365 authentication did not succeed” suddenly appearing both in the daily reports and the Alert Viewer of Server Essentials.  The alert viewer suggests changing the admin account (or refresh it) in the Office 365 tab of the Essentials Dashboard, however doing so fails with a message stating you are using the wrong account or password.

image

In most cases if you log into the Office 365 site using the domain’s admin e-mail account you will find the password has expired and you are asked to update it.  Do so and return to the Dashboard entering the new password which should now allow it to validate and eliminate the error.

image

Microsoft Virtual Launch Event for the new Office 365

Virtual Launch Event for the new Office 365
for business.

Date Wednesday, February 27th 8 am PDT and 5 pm PDT

Why Attend?

• Learn how the new Office 365 can help people do
their best work in a world of devices and services

• Hear customers talk about how Office 365
is transforming the way they deliver productivity
tools across their organization

• See how Office 365 delivers new experiences
combining the power of social with collaboration,
email and unified communications

• Join in a live Q&A with Microsoft executives
and product experts

clip_image002

LinkedIn Phishing E-mails

Just as a “heads up” to our clients; there have been a large number of phishing e-mails lately claiming to be a LinkedIn reminder advising there is a pending invitation to add a new contact.  These look quite legitimate.

Always avoid clicking on links in e-mails, it is far better to visit the site in a normal fashion and check your messages and notifications on the site.  However to confirm the message’s legitimacy, hover your mouse over the link and you will see the true site destination in a popup.  Clicking on a masked link could be disastrous, a virus or an attempt to obtain user names and passwords.

 

image

Cannot open the Outlook window. Invalid XML

I recently came across an instance of Outlook 2007 which would not open.  A popup reported; “Cannot start Microsoft Office Outlook. Cannot open the Outlook window.  Invalid XML, the view cannot be loaded”.  This was only occurring on 1 PC, for one user, in an SBS 2008 environment.  If the user ran Outlook on another PC, there was no problem so it was obviously a local problem.  Doing a repair install of office did not resolve, nor did the diagnostics suggested when Googling the issue.  Assuming it was a problem with the Xml file; I closed Outlook, renamed the Outlook.xml file (safer than deleting), and restarted Outlook to find the problem was resolved.  Should you wish to try the same solution, the file path with Office 2007/2010, on Vista\Win 7 is C:\Users\<user name>\AppData\Roaming\Microsoft\Outlook\Outlook.xml   You will need to enable “Show hidden files, folders, and drives” and “Hide extensions of known file types” to view.

image

Office 2010 Protected View using a VPN client

When opening Office 2010 documents such as Word and Excel using a VPN client, you will receive a warning on the menu bar which reads; ” Protected View This file originated from an Internet location and might be unsafe. Click for more details. Enable Editing”.

Microsoft has provided options to add trusted network locations within the trust center in Word, Excel, and other Office 2010 applications, which also requires checking “allow trusted Locations on my network”. However it  does not accept using IP addresses such as \\192.168.123.123\ShareName. You can use the UNC path but that also requires proper name resolution be set up for DNS.

The simple solution is to simply make sure DNS is configured for the remote domain by adding the DNS suffix to the VPN/PPP network adapter. This allows you to open the documents located on the remote domain without the warning error, and without configuring Trusted Locations.  To do so, view properties of the VPN virtual network adapter and under the DNS tab of the advanced TCP/IPv4 properties, add your internal remote domain, in the “DNS suffix for this connection” box, such as MyDomain.local.

Then connect to the remote resource using the UNC name such as \\ServerName\ShareName.  If the client computer is a member of the domain it will immediately connect, if not you will be prompted for credentials
the first time you connect. For the user name use the format  MyDomain\UserName. So long as the local
session is active you will not be prompted for credentials again, even if the VPN connection is disconnected and reconnected.

Tag Cloud