Wednesday, August 08, 2012 8:57 PM
We developed MS Word, Excel and PowerPoint VSTO 3 addins using Visual Studio 2008. Office versions 2007/2010.
We don't user ClickOnce.
To supress the Verify publisher prompt(Microsoft Office Customization Installer) we used the Office replication/propagation mechanism.
Recently we modified our installer to using Security Inclusion List API inside the custom action.
This works for Vista and Windows 7 installations, but we're beginning to get complaints from our Windows XP users. They get that "Are you sure you want to install this customization?" prompt.
I did some investigation and discovered that the inclusion entries are created under
So, I launched a Procmon, started Microsoft Word, but couldn't find any process that was accessing the inclusion entries in that location.
Anyone has any idea about Security Inclusion mechanics under Windows XP?
- Changed Type Office2007 Developer Wednesday, August 08, 2012 10:23 PM
Thursday, August 09, 2012 2:09 AMModerator
Thanks for posting in the MSDN Forum.
What's "Procmon" mean?
Have a good day,
Tom Xu [MSFT]
MSDN Community Support | Feedback to us
Thursday, August 09, 2012 4:06 AM
ProcMon is a Process Monitor
It logs all the filesystem and registry access calls.
I ran the tool on both Windows 7 and windows XP systems to see what process/thread read the info from
But doesn't look like that registry location is accessed by any process.
After running my installer I can see 3 separate entries are created in that location for each of my VSTO addins (Word, Excel, PowerPoint)
On Win7 the Office applications load my addins all right, but on Windows XP I get "Are you sure you want to install this customization?" prompt.
I would hate to plug the code relying on Office replication/propagation mechanism back into my installer.
Thursday, August 09, 2012 9:42 AMhow are you adding inclusion list entry in your installer? show us relevant code.
Thursday, August 09, 2012 4:17 PM
Hi Damian, here is the code snippet,:
public static ActionResult AddToInclusionList(Session session)
SecurityPermission permission =
session.CustomActionData.TryGetValue("Application", out applicationName);
Uri deploymentManifestLocation = null;
UriKind.RelativeOrAbsolute, out deploymentManifestLocation) == false)
ErrorMessage("The location of the deployment manifest is missing or invalid.", session);
AddInSecurityEntry entry = new AddInSecurityEntry(deploymentManifestLocation, GetPublicKey(applicationName));
session.CustomActionData.Add("VSTOCustomAction_ManifestLocation" + applicationName, deploymentManifestLocation.ToString());
Thursday, August 09, 2012 6:16 PMcan you show us value of deploymentmanifestlocation, either frm registry itself or from your installer action (as you already have commented out messagebox.show)
Thursday, August 09, 2012 9:18 PM
I uncommented the line with the MessageBox, rebuilt the installer and ran it on a test system
here is the manifest location (which is correct)
file:///C:/Program Files/My Company Name/Product Name/Bin/addinname.vsto
Installing on Vista and Windows 7 is no problem. Only Windows XP triggers the Office Customization Installer prompt.
Friday, August 10, 2012 8:06 AMcustom action seems to be ok. so problem is with msi that somehow executes custom action in profile that is not the same as current user (hence HKEY_USERS\.DEFAULT). Do you fix your MSI installer with customactionnoimpersonate flag?
Friday, August 10, 2012 2:09 PM
Yes, I set the "Impersonate" attribute to "no" in Wix
That's what I'm trying to find out:
On Windows 7 and Vista I don't have security inclusion entries under HKEY_USER. They are done under HKEY_USERS\.DEFAULT
All addins (Word, Excel, PowerPoint) load without any additional prompts.
But the prompt pops up on Windows XP
Friday, August 10, 2012 2:26 PMdisregarding OS version, i do not think that adding that entry under HKEY_USERS\.DEFAULT is a proper or supprted way to go. It might work on newer versions because they changed the way registry works. I do not have much knowledge about that, inclusion list entries that are execuyted from my MSI custom action are added under current user HKCU key.
Friday, August 10, 2012 4:12 PM
I have no clue either.
So, to summarize:
1 My installer uses Security Inclusion List API to add addin to the list
2 Entries are written to HKEY_USERS\.DEFAULT instead of HKCU
3 Office 2007/2010 apps load my addins without a hitch on Vista and Win7. But on Win XP my users see the Office Customization Installer prompt
I guess, I will have to fallback on the replication mechanism for Windows XP.
Thanks for your help Damian
Wednesday, August 15, 2012 4:51 AM
I ended up modifying my Wix Installer to activate Office replication mechanism for Windows XP installations, via MSI installer "conditions" and a custom action. For Vista and Win7 I use Security Inclusion List API custom action.
Thank you DamianD for your help and feedback.
- Marked As Answer by Office2007 Developer Tuesday, August 28, 2012 9:26 PM