Installations That Require Elevated Privileges

In Microsoft Windows NT 4.0 and Microsoft Windows 2000 environments, different groups of users have different levels of rights and permissions. In these environments, default users have limited access to system areas of the computer. Because Microsoft Office XP Setup updates system files and writes to system areas of the Windows registry, you must have administrator rights to the computer to install Microsoft Office XP.

Users without administrator rights cannot install Office XP. To install Office on computers where users lack administrator rights, you must run Setup with elevated privileges. After Office is installed, users without administrator rights can run all installed features, including installing features on demand, provided the initial installation was performed in an elevated context.

Under Windows NT 4.0 and Windows 2000, power users cannot install Office XP without elevated privileges. Elevated privileges are not required under Microsoft Windows 98 or Microsoft Windows Millennium Edition because these operating systems consider each user an administrator of the computer.

There are three methods of elevating the Office installation:

  • Log on to the computer as an administrator and install Office XP.
  • Assign, publish, or advertise Office applications.

You use Windows 2000 software installation, a feature of IntelliMirror® management technology, to assign or publish Office XP. Under Windows NT 4.0 or Windows 2000, you can also log on to the computer as an administrator and run Setup with the /jm command-line option to advertise Office.

  • Use Microsoft Systems Management Server in an administrative context to deploy Office.

Setting the Windows Installer system policy Always install with elevated privileges allows a user without administrator rights to the computer to install any Windows Installer package. Similarly, setting the policy Enable user to use media source while elevated allows users without administrator rights to install programs from a CD. The installation runs with elevated privileges, and the user has unlimited access to system files and the registry. Setting either of these policies leaves the computer highly vulnerable, potentially allowing an attacker to run malicious code on the computer. Using these policies to elevate an Office XP installation is not recommended.


Because all of the core Office XP products are installed as Windows Installer packages, any of the preceding methods grants users elevated privileges and allows them to install Office and any chained packages. When the initial installation is performed with elevated privileges, all subsequent installations — including install on demand and automatic repair of features — are also elevated.


 Note    Under Windows NT 4.0, you cannot install the System Files Update merely by elevating the installation. Instead, you must log on to the computer with administrator rights when you begin the System Files Update installation, and log on again after the computer restarts to complete the installation. Alternatively, you can create a Systems Management Server script to elevate the installation.


Logging on as an administrator

You automatically install Office XP, the System Files Update, and the MUI Packs from the Office XP Multilingual User Interface Pack (MUI Pack) with elevated privileges if you log on to a computer with an account that has administrator rights. However, this method requires that all users have administrator rights or that an administrator visits every computer.

Under Windows 2000, you can also give users an administrator name and password and have them use the Run as command to install Office XP or the Multilingual User Interface Pack in an elevated context. If you create a shortcut to Setup.exe, you can include command-line options to customize the installation.

To create a shortcut to Setup.exe for users to run as administrators
  1. Create a shortcut to Office XP Setup.exe.
  2. Right-click the shortcut and then click Properties.
  3. On the Shortcut tab, enter your command line in the Target box.

To specify a custom INI file, use the /settings option; to apply a transform, use the TRANSFORMS property.

  1. Select the Run as a different user check box, and then click OK.

You must distribute this shortcut with the domain, name, and password of an administrator account. The following procedure outlines the steps users must take.

To start Office XP Setup as an administrator (Windows 2000)
  1. Press SHIFT and right-click setup.exe and then click Run as.
  2. Click Run the program as the following user.
  3. Enter the user name, password, and domain of the administrator account.

Assigning, publishing, or advertising Office XP

If all the computers in your organization run under Windows 2000, you can elevate the Office installation by using IntelliMirror technology to assign or publish Office XP and the MUI Packs. Because Windows 2000 already provides the necessary level of system files, the System Files Update is not required.

Alternatively, if you are running Windows NT 4.0 or if you are not using Windows 2000 software installation, you can advertise Office XP by logging on as an administrator and then running Setup with the /jm option. If you also include a Windows Installer transform (MST file) to customize the installation, use the /t command-line option to specify the MST file. For example:

setup.exe /jm proplus.msi /t office.mst

When you advertise Office XP in this way, Windows Installer shortcuts for each application appear on the Start menu, and a minimal set of core Office files and components is installed on the computer. When a user clicks a shortcut or opens a file associated with an Office application, Windows Installer runs with elevated privileges to install the application, regardless of how the user logged on. After Office is advertised, users can also run Setup from an administrative installation point and install Office with elevated privileges.

Note that Windows NT 4.0 does not support Windows Installer shortcuts without an updated version of the Windows shell. The updated shell is included with Internet Explorer 4.01 Service Pack 1 or later. Even without the updated shell and Windows Installer shortcuts, however, core Office files and components are installed on the computer, and Windows Installer considers the initial installation complete. Users can subsequently run Office XP Setup from the administrative installation point and install with elevated privileges.

Like Office XP, the MUI Packs in the Office XP Multilingual User Interface Pack are Windows Installer packages, and you can advertise them to grant users elevated privileges when installing them. However, you must be logged on as an administrator when you advertise a package. Because the System Files Update cannot be advertised, advertising Office XP on Windows NT 4.0 fully installs the System Files Update on the local computer when the update is required.

See also

By using a Systems Management Server script, you can install Office in an elevated context. For more information, see the Microsoft Windows Systems Management Server 2003 Deployment Guide Web site.

For more information about assigning or publishing Office XP, see Using Windows 2000 Software Installation.

For more information about advertising Office, see Distributing Office to Users' Computers.

 
 
Applies to:
Deployment Center 2003