Secure Messaging

Learning Center

Back to top

Search Results

Office Add-in Enterprise

Subscribe to feed

This section describes the system requirements and the installation files & guide for the Secure Email Office Add-in for standard, GPO and terminal services versions. The Add-in is a .NET Framework 4.0-based COM add-in for Microsoft Office. It fully integrates within Microsoft Outlook to allow seamless secure communication and added productivity features.

Enterprise edition MSI installation packages (Last Updated November 16 2016):

System requirements

The Secure Email Office Add-in supports the following software configurations:

  • Microsoft Windows 7/8/10, Windows Server 2008, 2008 R2, 2012 & 2012 R2 (for server deployments).
  • Microsoft Office 2007, 2010, 2013, 2016, 32 & 64 bit, all editions, with the latest security / service packs installed.
  • The add-in requires the following pre-requisites:
    1. Microsoft .Net Framework 4.0 Full or above (automatically installed with the standard edition).
    2. Microsoft Windows Installer 3.1+ (required only for the standard version, typically present on all Windows versions).

Note that for the enterprise edition we are unable to provide the .NET Framework installation. Please follow the standard procedure as described by the provider:

Standard edition

The deployment and upgrade management for the Secure Email Microsoft Office Add-in standard edition is based on Microsoft’s ClickOnce technology. The benefits of using ClickOnce include the ability for individual users to self-provision their installation as it does not require (in most cases) administrative rights on the computer. In contrast, the enterprise edition can be deployed to multiple desktops relying on Group Policy for centralized deployment (GPO) or Terminal Services.

For ease of use and a more viral deployment, use the standard edition available in the secure webmail. Users can click on the ‘Apps’ menu and select to download and install the add-in. If users don’t see this link, they should contact their administrator to grant permissions to install the add-in. A step-by-step guide is provided to each user within the secure webmail.

Automatic Group Policy (GPO)

For organizations where group policy deployment is available and the majority of the computers belong to the domain, the recommended procedure is to first deploy the pre-requisites followed by the add-in.

Note: Windows Server 2008 and above with Group Policy enabled are supported.

The following steps are required to install the add-in using Group Policy:

  1. Create a distribution point.
  2. Create the group policy object.
  3. Assign the installation package to the selected users/groups in the domain.

Step 1: Creating the add-in distribution point:

  1. Log in to the server with a user name which has administrative rights.
  2. Create a folder to hold the add-in installation files in. This folder must be on your shared network.
  3. Set permissions on your shared network to allow your Users READ access to this folder.
  4. Download the add-in installation files to the selected folder. Contact your account manager to obtain the installation files (MSI).
  5. Take note of the final location of the software, e.g., \\SERVER\shared_folder\OfficeAddinGPOSet
  6. Unzip the file.

Step 2: Creating the group policy object in Windows Server 2008, 2008 R2, 2012 & 2012 R2:

  1. Log in to the server with a user name which has administrative rights.
  2. Start the Group Policy Management snap-in (Start -> Administrative Tools -> Group Policy Management).
  3. Right-click on your domain in the console tree, and then choose Create a GPO in this domain, and Link it here.
  4. Type the name you want to call this policy (e.g. ‘Secure Email add-in’), and click OK.
  5. Expand the Group Policy Objects item and select the newly added policy.
  6. If you know what users/groups this policy will apply: Click the Remove button to delete the Authenticated Users security group. Click the Add button to add security groups or users.

Step 3: Assigning the installation package:

  1. Log in to the server with a user name which has administrative rights.
  2. Start the Group Policy Management snap-in.
  3. Locate and expand your domain in the console tree, then expand Group Policy Objects, right-click on the group policy object that you want, and then click Edit. The Group Policy Object Editor will start.
  4. Under User Configuration, expand Policies, then Software Settings.
  5. Right-click Software installation, point to New, and then click Package.
  6. In the Open dialog box, type the full Universal Naming Convention (UNC) path to the shared folder with the MSI package that you want (e.g. \\server\share\setup.msi).

    NOTE: If the Windows Installer file resides on the local hard disk, do not use a local path. You need to use the UNC path to indicate the location of the installation files.
  7. Click Open.
  8. Click Assigned, and then click OK. The package will be listed in the right pane of the Group Policy window.
  9. Right-click the package, click Properties, switch to the Deployment tab.
  10. Select the Install this application at logon check box, and click OK.
  11. Set the ‘Always Install with elevated privileges’ option to DISABLED in the Local Group Policy editor (see ‘User Configuration’->’Administrative Templates’->’Windows Components’->’Windows Installer’ and ‘Computer Configuration’->’Administrative Templates’->’Windows Components’->’Windows Installer’)
  12. Close the Group Policy Editor, then quit the Active Directory Users and Computers or Group Policy Management snap-in. When the user logs on, the managed software package is automatically installed.

Terminal Services / Citrix deployment

For organizations that use Terminal Services, the recommended procedure is to first deploy the pre-requisites followed by the Secure Email add-in.

Step-by-step procedure:

  • Login as Administrator on the server. Please note that each time before you install the add-in, you must be logged on with local administrator rights or, if necessary, domain administration rights.
  • Download the latest MSI for Terminal Services / Citrix. If pre-requisites are missing, the installation package will NOT download them and attempt to install them. Please ensure all pre-requisites are properly installed.
  • Before the installation can start, the Terminal Server must be switched to ‘installation mode’. You can perform this manually in DOS using the CHANGE USER command: CHANGE USER /INSTALL. The current mode can be determined with the /query command. Alternatively, you can perform the installation via the ‘Control Panel > Add/Remove Programs’. The Terminal Server will automatically switch to the right mode, and revert back to the execute mode when the installation is completed.
  • Distributed Installation with Load Balancing: If you are using a Citrix server farm with two or more servers, you can install the Add-in on every one of these servers.
  • Follow the prompts provided by the installer. Specify the path of the destination folder and remember that all users must have access to this folder on the server.
  • It is important that the administrator starts the Secure Email add-in for the first time as this is when entries must be added to the Windows registry. To start the Add-in, simply launch Outlook and confirm that the add-in is present.

    NOTE: Before starting Outlook, the Terminal Server must be switched back to execute mode.
  • Once properly installed, users can activate the Secure Email add-in with their Secure Email portal simply by selecting a secure message in their Outlook Inbox. These users can all work with the add-in simultaneously.

NOTE: Even if your COM add-in or RTD server is registered for all users on the server, it may not start for users that have no permissions to access the folder where it is installed.