Office 365 Centralized Deployment

See Office 365 Centralized Deployment

Quick Start

This install.bat file will automatically install the Add-in. It needs

See below for details of unattended installation and what this .bat file does.

Automating Manual Installation of the Add-in

Installing the CheckTLS Outlook Add-in requires a user to:

  1. execute setup.exe (click Install LINK and then click setup.exe)
  2. click Install on the "Are you sure you want to install this customization?" popup
  3. click Close on the "The Microsoft Office customization was successfully installed." popup
  4. configure the Add-in (click Configure LINK and then click Send in Outlook)

You can elimate all but the success popup (#3) if your Windows management system (Group Policy, Microsoft SCCM, etc) can:

Install Certificate

You can silence the first installation popup (#2) that asks the user to verify the Add-in's publisher by installing the SecurEmail LLC publisher certificate into each user's Trusted Publisher Certificate Store. You can install this certificate from the command line with:

certmgr.exe -add SecurEmailLLC.cer -c -s -r localUser TrustedPublisher
Or see below for how to do this manually on a PC.

Run setup.exe

You can "click the Installation LINK" and "click setup.exe" (and maybe a step inbetween that asks "what do you want to do with this file") by running our setup.exe program for the user.

Suppress "Success" Message

We have not found how to remove the second popup:
The Microsoft Office customization was successfully installed

Copy Config File

You can eliminate the Configure LINK step by installing your specific Config File on the user's PC using:

C:>CsOA_CopyConfig.bat [configfile.xml]
where [configfile.xml] is your config file.

CsOA_CopyConfig.bat is:


@ECHO OFF

REM ClickOnce programs directory
FOR /F "delims=" %%i IN ('reg query HKCU\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0 /v ComponentStore_RandomString') DO set bin=%%i
set "subdir=%bin:~-24%"
set "subdir=%subdir:~0,8%.%subdir:~8,3%\%subdir:~11,8%.%subdir:~19,3%"
FOR /F "delims=" %%i in ('dir /B "C:\Users\%USERNAME%\AppData\Local\Apps\2.0/%subdir%\csch..vsto*"') DO set dir=%%i
REM echo %dir%

REM ClickOnce datafiles directory
FOR /F "delims=" %%i IN ('reg query HKCU\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager /v StateStore_RandomString') DO set bin=%%i
set "subdir=%bin:~-24%"
set "subdir=%subdir:~0,8%.%subdir:~8,3%\%subdir:~11,8%.%subdir:~19,3%"
set "filepath=C:\Users\%USERNAME%\AppData\Local\Apps\2.0\Data\%subdir%\%dir%\Data"
REM echo %filepath%

REM make CsCheckTLS_OA subdirectory and copy in CsOA config file
mkdir %filepath% 2>nul
copy "%1" %filepath%\CsCheckTLS_OA.xml

Almost

We do not (yet) know how to stop the final "Installation Successful" popup.

What the Steps Above Are Actually Doing

Importing a Certificate Interactively

Instructions for removing the first popup:
Publisher has been verified

When this popup appears, clicking on the SecurEmail LLC link brings up a Certificate Information screen:
Certificate Information

Clicking on Install Certificate brings up a Certificate Import Wizard screen:
Certificate Import Wizard

Clicking on Next brings up a Certificate Import Wizard screen asking what certificate store to use:
Certificate Import Wizard Certificate Store

Clicking on Next brings up a Certificate Import Wizard screen asking you to verify your choices:
Certificate Import Wizard Verification

Clicking on Next should tell you the import was successful:
Certificate Import Successful

Closing the Certificate Information screen returns you to the CsCheckTLS_OA install popup. Cancel the install, then click the setup.exe program again. The Install proceeds without asking you to verify the publisher.

Config File Path

However, the Config File (and part of the path to it) does not exist until Outlook runs after installing the Add-in, so you cannot just search for it (it's named "CsCheckTLS_OA.xml").

Constructing the pathname of the Config File is tedious. Microsoft stores ClickOnce data files in an obfuscated path. The steps to add a copy of your Config File to a PC:

  1. Find the pathname where Microsoft stores ClickOnce programs on this PC.
  2. Find the specific sub-directory where Microsoft put the CheckTLS Outlook Add-in.
  3. Find the pathname where Microsoft stores ClickOnce data files on this PC.
  4. Create the same specific sub-directory for the CheckTLS Outlook Add-in data files.
  5. Copy your Config File to "Data\CsCheckTLS_OA.xml" in that sub-directory.

To find the pathname where Microsoft stores ClickOnce programs on this PC:

  1. get the obfuscated string for all Add-in binaries with
    c:>reg query HKCU\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0 /v ComponentStore_RandomString
    for example
    ComponentStore_RandomString    REG_SZ    AC5T435LTOYK8ZOZVXPTZ08K
  2. make a sub-path from that string as:

    1. first 8 characters
    2. "."
    3. next 3 characters
    4. "\"
    5. next 8 characters
    6. "."
    7. next 3 characters
    8. "\"
    9. ignore the two characters that are left over
    So the example would be "AC5T435L.TOY\K8ZOZVXP.TZ0\"
  3. browse to

    1. "C:\Users\"
    2. Windows USERNAME
    3. "\AppData\Local\Apps\2.0\"
    4. sub-path from above
for example: C:\Users\Steve\AppData\Local\Apps\2.0\AC5T435L.TOY\K8ZOZVXP.TZ0\

To find the specific sub-directory where Microsoft put the CheckTLS Outlook Add-in, look for the sub-directory in this directory that starts with "csch..vsto_"

for example: csch..vsto_a71174562e0ff7cb_0001.0017_105a71ea7a396ece.

To find the pathname where Microsoft stores ClickOnce data files on this PC:

  1. "C:\Users\"
  2. Windows USERNAME
  3. "\AppData\Local\Apps\2.0\Data\"
  4. value of
    c:>reg query HKCU\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager /v StateStore_RandomString
    for example
    StateStore_RandomString    REG_SZ    CEMK17B9BC0ZKC92XOR6T3R9
  5. make a sub-path from that string as:

    1. first 8 characters
    2. "."
    3. next 3 characters
    4. "\"
    5. next 8 characters
    6. "."
    7. next 3 characters
    8. "\"
    9. ignore the two characters that are left over
    So the example would be "CEMK17B9.BC0\ZKC92XOR.6T3\"
for example: C:\Users\Steve\AppData\Local\Apps\2.0\Data\CEMK17B9.BC0\ZKC92XOR.6T3\

To create the specific sub-directory for the CheckTLS Outlook Add-in data files. In the directory where Microsoft stores ClickOnce data files (that you just found in the step above):

  1. mkdir csch..vsto... (the specific sub-directory you found above)
  2. mkdir csch..csto.../Data

for example C:\Users\Steve\AppData\Local\Apps\2.0\Data\CEMK17B9.BC0\ZKC92XOR.6T3\csch..vsto_a71174562e0ff7cb_0001.0017_105a71ea7a396ece\Data\

To copy your Config File to a file named "CsCheckTLS_OA.xml" in the Data directory you just made for example:

copy myconfigfile.xml C:\Users\Steve\AppData\Local\Apps\2.0\Data\CEMK17B9.BC0\ZKC92XOR.6T3\csch..vsto_a71174562e0ff7cb_0001.0017_105a71ea7a396ece\Data\CsCheckTLS_OA.xml