Office 2013 Group Policy Deployment

Similar Messages

• Using Office 2013 group policy template to define Trusted Locations and Template Locations doesn't work

  User Configuration/Policies/Administrative Templates
  - Using Office 2013 group policy template to define Trusted Locations and Template Locations doesn't work
  Microsoft Word 2013/Word Options/Security/Trust Center/Trusted Locations
  - Allow Trusted Locations on the network: 
  Enabled 
  - Trusted Location #1: 
  Enabled 
  Path:  //server/sharedfoldername   [Edit:  Path:
  \\server\sharedfoldername]
  Date: June 10, 2013
  Description: Trusted Location
  Allow sub folders: Enabled
  The policy appears to apply to the client correctly by adding the following registry key and values:
  HKEY_CURRENT_USER\Software\Policies\Microsoft\office\15.0\word\security\trusted locations\location1
  allowsubfolders: 1
  date: June 10, 2013
  Description: Trusted Location
  Path:  //server/sharedfoldername  [Edit: Path: 
  \\server\sharedfoldername]
  However, when you open Word Options/Trust Centre/Trust Centre Settings…/Trusted Locations
  There are no trusted locations listed under ‘Policy Locations’
  I have tried setting similar settings for setting the Shared Templates folder location and just like the trusted locations policy, the registry keys are created properly in HKEY_CURRENT_USER\Software\Policies however word doesn’t
  seem to recognize these either.
  This used to work flawlessly using the administrative templates for Word 2007 and 2010. Has anyone been able to get these policies to apply successfully, or know why office doesn’t recognize these settings from the Policies registry
  Key?

  This would have been an easy solution to the issue.  Unfortunately it isn't the problem.  This question was originally posted on another Microsoft site and
  was transferred here and when it was transferred the path's changed from the original post: 
  \\server\sharedfodlername to //server/sharedfoldername.  (I will edit the question to show up as it did in the original post) Not sure how that happened.  This
  is still an issue that I haven't been able to get working correctly.
  As it turns out the 'New from Template' interface Word 2013 has developed is very bulky with large thumbnails and is not very customizable nor practical for an office
  that has a large number of templates.   Because I am unsatisfied with the display and performance of the 'New' template chooser I sought after a solution to change the way word creates a document from a template in another thread: 
  http://answers.microsoft.com/en-us/office/forum/office_2013_release-word/how-can-you-change-the-display-of-templates-in/d49194b9-a6b4-4768-8502-7d7b50e9dd65 working through this issue with Jay we were able to develop
  some VB script with handles a very large number of templates in a list view and it works much faster than the built-in Word interface.  The above thread is how I've worked around trying to define a shared template location and I am quite happy with it.

• Office 2013 group policies - not working

  I'm using Office 2013 Pro Plus SP1 (volume license) on a Windows 7 Pro machine [both are 32 bit].   While I have Server 2003, it's configured to work with Windows 7 and Office 2013 Group Policy templates.  I use RSAT on a Win 7 computer to
  create/manage the Group Policies.
  Since we're not using Office 365, I'm trying to block some of those features, as well as disabling the Office Start screens.
  Thinking that SP1 might be the problem, I downloaded the group policy templates for SP1 and copied them to the server.
  If I create a policy (Office_2013_settings), with a few settings, like "Block singing into Office".  In Group Policy, I disabled the Computer Configuration, leaving the User Configuration enabled.  If I force group policy on the target
  computer and look at RSOP, I see the computer configuration settings disabled, but nothing for the user configuration, although it's enabled in the policy. 
  If I put a junk policy entry on the computer configuration and enable both policies on the backend, force group policy on the computer, and look at RSOP, under computer configuration, I see the Office_2013_settings policy, but the policy still doesn't appear
  in the user configuration.  If I scroll to the bottom of the file, where I can see other Administrative templates and their settings, my Office_2013_settings aren't visible.

  I have created a group policy with a few settings, and applied to my own computer. It seems to be very nice to me. Please first check the apply status on the client site based on the GPSVC.log
  Thinking the issue might be on the way how you create/manage the Group Policies on Windows Server side. Please check the model of how you deploy your group policy, on a domain or OU level?  Loopback Merge or Replace? This might affect whether the user
  would receive all settings from GPO applied to User or Computer. This article might be useful to you:
  http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx
  This might be an issue on Windows server side, you may need to post your question to below forum to get more suggestions:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver

• Deploying office through group policy

  Hi people,
  English is not my mother language so i'll hope you'll understand me.
  I have a school project. Deploying office through group policy worked. But now my teacher has given me a command to give all OU's a different OFFICE packet when they logged in. So.. it will change the current installation when a different user from a different
  OU logged in. I'm out of options. Please can anybody help me:(:(

  No you don't misunderstand :p  My teacher first did it wit Office 2003 and know i must do it in office2010.. and i also thought it was a stupid idea.. But who am i... i have not much knowledge in IT.. i'm still learning.
  But i have 2 options
  To confince him that this is not a good idea... (and i dont know with wich argument)
  or find a way to do this... 
  Hmm, so, I think that kind of crazy was possible with very old versions of Office, which could be "advertised" via GPO to achieve per-user scenarios, but Office2007 and later versions, don't provide such different per-user options as part of setup.
  Office2007 and later, uses the MSPfile etc for customization, and that is per-machine (common to all users of that machine).
  You might be able to achieve something similar, by using AppLocker (e.g. AppLocker rules which deny excel.exe to be executed by GRP_Students).
  But this doesn't address the matter nicely, because the Students can see the Excel shortcut/icon/program, but are forbidden to execute it.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Group Policy Deployment Acrobat Standard XI Version 11

  I was able to successfully create a Windows 2008 R2 SP1 Group Policy that would be able to distribute the Adobe Reader Application using the Adobe Customization Wizard XI. I tried to use the same procedure from the Adobe Acrobat Standard 11 download from the adobe licensing site and was unable to get the Group Policy to work. The error message that I am getting is...
  The install of application Adobe Acrobat XI Standard 11.0 from policy  Deploy Adobe Acrobat 11 failed. The error was : %%1603
  This is the procedure that I created for deployment of Adobe Acrobat XI using Group Policy.
  How to create a group policy deployment of Adobe Acrobat XI
  Overview:
  This procedure covers the steps needed to create a group policy that will deploy the Adobe Acrobat installation.
  Requirements
  •    Windows 2008 Group Policy
  •    Adobe Acrobat Customization Wizard
       o    ftp://ftp.adobe.com/pub/adobe/acrobat/win/11.x/11.0.00/misc/CustWiz11000_en_US.exe
  •    Adobe Acrobat XI (Version 11)
       o    download from adobe account
  Procedure:
  1.    Download the Adobe Acrobat XI package.
  2.    Extract the contents of the Adobe Acrobat XI package.
  a.    Type msiexec.exe /a AcroStan.msi
  b.    Click Next
  c.    Put in the Network Location Share where everyone can extract the installation.
  d.    Click Install
  e.    The package will then extract to the network location as indicated above.
  f.    Click Finish, once the installation has completed.
  g.    Open the Adobe Customization XI Wizard, and customize the package by selecting the AcroStan.msi file. 
  h.    Customize the AcroStan.MSI installation file   
  i.    Default viewer of PDF files: Make Acrobat the Default PDF Viewer
  ii.    Remove previous versions of Acrobat
  iii.    Run Installation: Silently
  iv.    If reboot is required at the end of installation: Suppress reboot
  i.    Shortcuts: Remove the desktop Shortcut
  j.    Online and Adobe Services: Disable Product Improvement Program: checked.
  k.   Generate Transform File
  i.    Click Transform > Generate Transform File
  ii.   Create an Setup.Ini file in the folder of the Distribution Package.
  iii.  Name the Transform File something useful like “CompanyConfigs”.
  3.    Create a Group Policy to deploy the software package. It is usually best to have a group policy for each software installation package.
  a.    Update the Domain Default Policy with Always install with elevated privileges. This will allow all software deployment packages to install. 
  i.    Computer Configuration > Policies > Windows Settings > Administrative Templates > Windows Components > Windows Installer > Always install with elevated privileges : Enabled.
  b.  Create a Group Policy to enable Windows 7 Verbose Mode
  i.    Computer Configuration > Policies > Administrative Templates > System > Verbose vs normal status messages : Enabled.
  c.    Create a Group Policy for the Software Installation
  i.     Computer Configuration > Policies > Software Settings
  ii.    Right click and select New > Package
  iii.   Click the AcroRead.msi
  iv.   Click Advanced
  v.    Click the Modifications Tab and click Add
  vi.   Optional: Click the Uninstall this application when it falls out of the scope of management.
  Note: This setting can be used to uninstall the application if the group policy ever changes in that the application should be removed.
  vii.    The package is now created …
  4.    Test the Client in a Virtual Machine
  a.    Go to a windows client and run “gpupdate /force”.
  b.    The system will then respond that it needs to restart the computer.
  c.    Type Yes, and allow the computer to reboot.
  d.    If Group Policy is not setup to allow for verbose messages in Windows 7 then the user will just see “Please wait…”, if verbose message is enabled the user will see “Installing Adobe Acrobat…”.
  Can someone please tell me what I am missing to get the group policy deployed? It has the same permissions as the Adobe Reader folder and I have done everything exactly the same, except that Adobe Standard has the license number, and owner information included in the Transform file (.mst).
  Thank you.

  Your case isn't unique. We've heard this a lot. While Acrobat has a small, very small percentage of settings available in the ADMX files,
  in case you don't know, PolicyPak software has a solution to manipulate, basically, near 100% of the settings in Acrobat Reader and Professional.
  You're welcome to check out how it works. These videos are for Acrobat X, but there is also tempaltes in the download for XI.
  Here are links to the pages with full how-to videos:
  http://www.policypak.com/products/manage-acrobat-reader-with-group-policy.html
  and
  http://www.policypak.com/products/manage-acrobat-x-pro-and-acrobat-x-standard-using-group- policy.html
  You can be up and running in 20 minutes, but note, it's NOT a template.. PolicyPak is full application management and lockdown system.

• Office 2013 pro plus deployment

  Hi,
  I am trying to deploy office 2013 to all in my organization through a group policy, the version that I have is 15.0.4569.1506. I have used oct to customize the setup and activate the product.
  All works fine but after the product is installed there are 2 GB of updates that are needed. I am trying to find the best way to push out the updates along with the initial installation.
  I have tried downloading a few updates and placing them in the updates folder in the package but this does not install the updates and it is not possible to download more than 100 updates and place them in the updates folder.
  Is there a latest version available with all the updates included that can be deployed straight away?

  Hi,
  Microsoft have used some rather confusing product marketing terms, which makes it hard to get clear, and also to be clear, when it comes to this release of Office :(
  Office 2013ProfessionalPlus - installation uses the classic setup.exe + MSI engine. Can be updated via WSUS.
  Office365ProPlus - installation uses the new ODT, and results in C2R virtualized "installation". Can't be updated via WSUS.
  So, if you're using the ODT, then you're not using Office2013ProfessionalPlus..
  Reference for the Product element:
  http://technet.microsoft.com/en-us/library/jj219426(v=office.15).aspx#BKMK_ProductElement
  Reference including Retail Product elements:
  http://support.microsoft.com/kb/2842297/en-au
  NB: the update process will probably be cantankerous even after you get it working ;)
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• How to disable attachment preview in Outlook 2013 - group policy

  How do I disable attachment preview in Outlook 2013 in GPO?

  Hi,
  We may follow the steps below to disable attachment preview in Outlook 2013:
  1. Download
  Office 2013 Administrative Template files, and then follow the instructions in the "Loading the ADMX templates" section of the
  Use Group Policy to enforce Office 2010 settings article to load the ADMX templates.
  2. Navigate to User Configuration > Administrative Templates > Microsoft Outlook 2013 > Outlook Options > Preferences > Email Options
  3. Double-click Do not allow attachment previewing in Outlook from the right pane.
  4. Select Enable bullet.
  5. Click OK.
  6. Run gpupdate /force command to force an update of GPO settings.
  7. Start Outlook and you should see the attachment previewing feature is disabled.
  Regards,
  Steve Fan
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Can I prevent a user from Deleting the Group Policy deployed power plan?

  I have Power Manager version 3.20 installed and am using the Group Policy template to deploy a customized power plan.  I do not want my users to have the ability to delete this custom plan, but I cannot find the option in the Group Policy to change the setting that would grey-out the Delete button in Power Manager.
  I have located the registry value that changes the function of Power Manager, it is: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenovo\PWRMGRV\PowerSchemes\42617646-BC99-48E2-B3AF-C562C25F4098\ProhibitModification.  If the value is 0, then the delete button is available.  If the value is 5, then the delete button is greyed-out.
  The problems is that the Power Plan ID number (the 42617646-BC99... part in the reg key above) changes from computer to computer.  That ID string seems to be tied somehow to the specific computer.  So, I cannot just create a Group Policy Preference to change that value in the registry, because that value is always going to have a different name.
  The computers are all ThinkPad T400 model and are running Windows 7 Enterprise 64-bit.
  Can anyone suggest a different method to change this setting?  If not, is there any chance that the Power Manager application can be upgraded to include this control?
  Thank you!

  welcome to the forum!
  to add to what gan said, page 6 of the power manager deployment guide covers this policy over active directory.
  http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=TVAN-ADMIN#pmat
  http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-70419
  ThinkStation C20
  ThinkPad X1C · X220 · X60T · s30 · 600

• ActiveX msi Flash Player 10.0.42.34 group policy deploy issue

  I have been deploying the flash player to our workstations since version 9.  We have a 2003 AD domain and XP SP3 workstations.
  I know that it is recommended to use the flash uninstall program to remove flash when installing a new version but I haven’t taken the time to work on that type of scripting for any install.  Any attempts to uninstall the previous versions of flash via group policy when deploying have never worked.  I had the same experience with java 1.5 jres…they would never uninstall via policy.
  I have had success so far with deploying the latest version to the workstations with a new policy while leaving the old policy applied until a few weeks have past when all the workstations have been updated.
  I am in the process of deploying Flash Player 10.0.42.34 to replace Flash Player 10.0.32.18
  My test deploy to my virtual XP test workstation worked with no problems.  The flash test paged detected the newer version and the correct version was in add/remove programs.
  I then did a test deploy to a production workstation and the software installed without errors (the group policy install went extremely fast so I knew something was wrong).  No errors were reported in the workstation application log.  However when you visited the flash test page no version of flash was detected.  I also checked in add/remove programs and the program icon was the windows installer icon instead of the normal red flash box….this has been associated with other installation issues in the past.
  I have tried this on 3 other production machines and experienced the same results.  My virtual XP test workstation has only had version 10.0.32.18 on it so I am guessing that having had the older versions of 10 on the production workstations is causing the problem somehow.
  I have had issues in the past, but nothing like this.  Looks like I may have been owned by adobe on this one.
  Any insight would be appreciated.
  Thanks

  Sure , here is the url :
  http://www.forevermark.com/ja-jp/The-World-of-Forevermark-/Precious-Collection/
  On some machines , the Japanese text in the centre section appears very large. ..( see attached snapshot)
  We initially encountered this on the version prior to the 10.0.42.34 version.
  However even after the upgrading to 10.0.42.34 , the problem still persists .
  Thanks

• Problem connecting PowerPivot's (Office 2013) Data Model deployed on SharePoint 2013 to data source.

  Hello:
  Our configurations is as follow :  SharePoint 2013 is on Server A;  SQL Server Analysis server (SQL 2014) is on DB Server B;   
  SharePoint databases (sp_ ...) and our Data Mart (SQL 2014) are on server B. All servers runs Windows 2012 OS.
  On my desktop I built a simple Excel 2013 workbook with PowerPivot Data Model that imported several tables from our Data Mart (server B above). Then created a Power View report. Locally everything works fine. 
  But when I uploaded this workbook to our SharePoint PowerPivot gallery and was trying to refresh data, I got the connection error: It’s very long but the ErrorCode is “rsCannotRetriveModel”. The end of the error message is:
  'TemporaryDataSource'.</Message><MoreInformation><Source>Microsoft.AnalysisServices.SPClient</Source>
  <Message>Call to Excel Services returned an error.</Message>
  <MoreInformation><Source></Source><Message>We were unable to refresh one or more data connections in this workbook.
  The following connections failed to refresh:ThisWorkbookDataModel</Message>
  <MoreInformation><Source>Microsoft.Office.Excel.Server.WebServices</Source><Message>
  We were unable to refresh one or more data connections in this workbook. The following connections failed to refresh:ThisWorkbookDataModel</Message></MoreInformation>
  </MoreInformation></MoreInformation></MoreInformation></MoreInformation><Warnings xmlns="http://www.microsoft.com/sql/reportingservices" /></detail>
  Our Excel Services on the SharePoint work fine and refresh data on different excel workbooks (with no Data Model) just fine.  We are using an unattended account for Excel Services to connect from SharePoint server to our databases. Found a few references
  on the topic, tried them but with no luck.
  Please advise!
  Regards
  -Jeff
  Jeff Gorvits

  Hi Jeff,
  Firstly, I need to confirm whether you are refreshing Data connection in browser, since Data Refresh is not supported in Office Web Apps. Please refer more information in this article:
  http://blogs.technet.com/b/excel_services__powerpivot_for_sharepoint_support_blog/archive/2013/01/31/powerpivot-for-sharepoint-browser-refresh-fails-data-refresh-not-supported-in-office-web-apps.aspx
  From the error "Call to Excel Services returned an error", please verify the location of the
  data source, for example an Excel workbook, is registered as a trusted location with Excel Services:
  https://technet.microsoft.com/en-us/library/jj219699(v=office.15).aspx
  Since you are using unattended account for Excel Services to connect from SP to databases, I wonder if the issue occurs to unattended referesh, if so, please refer to:
  http://social.technet.microsoft.com/wiki/contents/articles/3870.troubleshoot-powerpivot-data-refresh.aspx#Problems_using_the_Unattended_data_refresh_account
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• Wmi query for group policy deployed software version

  I am trying to query the version of a deployed application within a GPO from active directory using wmi.
  Anyone know if this is possible?
  Thanks.

  I don't think you can query GPO information using WMI, but you can use WMI to read Resultant Set of Policy settings. See
  RSoP WMI Classes for more information.
  Is there any particular reason for using WMI in your case? You can easily retrieve this information using powerShell. The code below will list name and ver of all software install entries of a particular GPO:
  $gpo = get-gpo -Name "My GPO Name"
  $report = [xml] $gpo.GenerateReport([Microsoft.GroupPolicy.ReportType]::Xml)
  $report.gpo.Computer.ExtensionData.Extension | `
  Where-Object{ $_.type.contains( "SoftwareInstall" ) } | `
  foreach-object{
  foreach( $item in $_.ChildNodes )
  "`"{0}`" Ver. {1}.{2}" -F $item.name, $item.MajorVersion, $item.MinorVersion
  Gleb.

• Group Policy - deploy IE plugins (RSClientPrint)

  Hi Folks,
  I have a need to be able to deploy the RSClientPrint Internet Explorer plugin (to enable in-browser report printing) across a range of machines.  We use different versions of the reporting services/visual studio applications and have quite a few
  different versions of this plugin.
  I am just wondering how people have managed to resolve deploying this software without granting the user the ability to access the internet.  Preferably I would like to try and avoid having to package every single version that comes out.

  Hi Andy,
  How is the issue going? Is the link provided by Gopi helpful?
  If you need further help, please don't hesitate to let us know.
  TechNet Subscriber Support
  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
  Best regards,
  Frank Shen

• Office 2013 Upload Center do not display in notification area

  Hello,
  I am wanting to hide the Upload centre system task tray icon for Office 2013 on all of our pc's in my organisation, I have found many articles on disabling the service from starting, but this is not my intention.
  Instead I wish to use either a registry setting (that I'll set in either the OCT or GPP), an option in the 2013 OCT tool or a setting in the Office 2013 group policy templates to just untick the box that says "Display icon in notification area"
  which will still allow the Upload Center to work and be launched from the start menu but will free up Task Tray real estate.
  If anyone knows what registry setting will do this that would be great, ideally a machine based setting so I can include it with the OCT, however if it is a user setting I will use Group Policy Preferences to deploy it.

  Hi,
  I captured the registry key by ProcessMonitor, you can test if this works for you:
  HKCU\Software\Microsoft\Office\15.0\Common\FileIO
  Value:DisableNotificationIcon
  If the value is set to 1, the icon is not displayed; if the value is set to 0, the icon is displayed.
  Regards,
  Melon Chen
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs. Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Installing Office 2013 on several PCs in a small company

  Rather than create individual Live IDs for each of the 7 PCs in a small company, in order to install Office 2013, can we install 7 copies of Office 2013 using a single Live ID?  (each copy of Office 2013 is licenced individually, not bought through
  VLSC).
  Or, is there a better way to install several copies of Office 2013 in an organisation (that does not want to buy Volume Licencing, they just want to buy individual copies)?

  Are you talking about the local install version Office 2013, or Office 365 (2013)?
  Office 365 is "easier" if you are dealing with volume licenses.  Office 365 "installs" very quickly, in a matter of minutes. So if you are talking about buying individual 365 business licensees, just document a short procedure telling users how to install
  Office 365 (sorry, that may not work if they don't have admin rights on the PC).
  If you bought Office 365 volume license, here is a procedure I pieced together:
  How does a company install and control licenses - Business
  Using Click to Run virtualization, the process of getting new users running has substantially changed. Because CTR installations are so fast, you no longer have to pre-install the software for users.
  A business IT Admin controls use of corporate Office 365 licenses through the Office 365 Administration Center online.
  Overview:
  - In the Office 365 Administration Center the designated Office Administrator sets up the new USER ID
  - Setup the associated email account(s)
  - Setup Office licenses allowed to the userid
  - the new User logs in to their new computer
  - in Internet Explorer the user goes to the “Office 365 Portal” site to get their allowed Office 365 installation
  - using the Click to Run installation process, Office 365 is installed and running on a new computer is a matter of minutes.
  The following links will provide you with more detailed information of where to look and what to do. You may require some additional support from an “expert” .
  Free MS training for Office 365 Administration Center / Portal
  http://office365support.ca/does-microsoft-have-free-training-for-the-new-office-365/
  Excellent resource to get you started administering your business Office 365 licenses.
  The first video,
  Exploring the Office 365 Administration Center  (9:32), describes
  how to create new userids, and to assign Office licenses to them. It also very quickly breezes by how to install Office.
  The second vidow,
  Office 365 Overview for IT Administrators  (14:00), quickly walks you
  through setting up new company and users.
  On basic setup page, step 3 “Set up User Access” provides links to instructions on how to set up new users.
  In Service Settings, Downloads, you can control what Office apps the user can download.
  Creating Users for the NEW Office 365
  http://office365support.ca/creating-cloud-users-for-the-new-office-365/
  This page provides more detailed instructions for setting up the new userids and granting them Office 365 licenses
  Configuring Desktops for the NEW Office 365
  http://office365support.ca/configuring-desktops-for-the-new-office-365/
  The following post will document how to setup a Windows 8 desktop for a cloud user for Office 365. I have already installed Windows 8 and created
  the local account for my test user. I have logged into the Office 365 portal and had the user change his password. The password for Office 365 and the password for the desktop are the same.
  Office 365 for enterprises: A tour for administrators
  http://office.microsoft.com/en-us/videos/office-365-for-enterprises-a-tour-for-administrators-HA102654955.aspx
  Office 365 for enterprises brings together the online services your business needs. To see how to set up and manage these services, watch these four short videos.
  Where did My MSI go - Deployment Video
  http://www.microsoft.com/resources/technet/en-us/office/media/video/video.html?cid=otc&from=mscomoffice&VideoID=670e3969-0509-4d3a-a8a6-ffbe526d3e6f&src=v5:endslate:related^play:related_0&from=shareembed-syndication
  10 minute comparison of MSI and CTR
  Touches on corporate provisioning in”User Based License Model Activation”. Users activate/deactivate, but IT still has control to deprovision the license (starting at about minute 8:15).
  Then in this video / article :
  http://blogs.technet.com/b/office_resource_kit/archive/2013/03/20/the-new-office-garage-series-identity-activation-data-access.aspx
  They again say the companies can still allow userid activation while maintaining control of the licenses through Active Directory
  <snip>
  Jeremy: So we showed the installation experience for a domain-joined computer where single sign on is enabled and one that is not domain-joined, but installs via the Office 365 portal. In the direct from portal case when you kick off the
  installation, you will see a file that looks something like this:
  Setup.X86.en-us_O365ProPlusRetail_24*****-45a2-4eeb-b06f-b14****189c8_TX_PR_.exe
  In a future episode we'll talk about all of the configurations needed to suppress completely sign-in, first run experiences and user prompts. IT admins have had to deal with these in past releases of Office, but now there are ways to
  automatically sign users in to Office 365 installs picking up their domain credentials. I also showed the effects of deleting the user account from the Azure AD store and how it put Yoni's Office into Reduced Functionality Mode (RFM) -
  even if Yoni installs Office on his personal devices using his organization's Office software assets, once Yoni leaves the org the IT department can deprovision his personal installs. That keeps software asset management cleaner and IT is in control.
  Yoni: Don't forget we also had Mark Russinovich on the show and he explained the security model for online services with Azure AD - in your car. It sounds like they are taking the defense in depth approach to harden the service. And you
  made him slum it in your car, Jeremy.
  </snip>
  Overview of ID, Authentication and Authorization in Office 2013
  <snip  http://blogs.technet.com/b/office_resource_kit/archive/2013/04/16/new-poster-and-content-roadmaps-about-office-identity-authentication-authorization-and-security.aspx
  >
  This page has links to 3 posters. The first poster “Identity and Authentication in the Cloud: Office 2013 and Office 365” describes at a high level how to control new user setup in a corporate / small business environment.
  </snip>
  <snip  http://technet.microsoft.com/en-us/library/jj683102.aspx
   >
  This page also has a link to the same poster online (http://www.microsoft.com/en-us/download/details.aspx?id=38193 has PDF and Visio versions of the chart). As well, it goes into
  more detail with information like the following:
  … Because Office is a tool that is used by the same individual in two different roles, the new Office offers two identities with which users can log on to Office 2013:
  A Microsoft account, which most people use for personal business
  An organization ID that is assigned by Microsoft, which most people use when doing work for an organization, such as a business, charity, or school.
  The credentials that are used to sign in are recognized as either personal or organizational. That sign-in identity becomes the user's “home realm” and determines which documents the user has access to on SharePoint, SkyDrive, or Office 365 Services for
  a specific session. Each unique sign in identity is saved in a most-recently used list so that it is easy to switch between identities without leaving the Office experience.
  a personal SkyDrive can be mounted to an organization identity so that personal documents can be accessed at work or school without ever switching identities. Also, when a user authenticates by using an identity, this authentication is valid for all Office
  applications, not just the application he or she signed in to.
  Two logon types are supported when users sign in to Office 2013, a Microsoft account or an organization ID that is assigned by Microsoft.
  Microsoft account (the user’s individual account). This account, formerly known as Windows Live ID, is the credential that users use to authenticate with the Microsoft network and is frequently used for personal or non-business work, such
  as volunteer work. To create a Microsoft account, a user provides a user name and password, certain demographic information, and “account proofs,” such as an alternative email address or phone number. For more information about the new Microsoft account, see
  What is a Microsoft account?.
  An organization ID that is assigned by Microsoft / Office 365 account ID that is assigned by Microsoft. This account is created for business use. An Office 365 account can be one of three types: a pure Office 365 ID, an Active Directory
  ID, or an Active Directory Federation Services ID. These are described below:
  Office 365 ID. This ID is created when an admin sets up an Office 365 domain and takes the form <user>@<org>.onmicrosoft.com, for example:
  [email protected]
  Organization ID that is assigned by Microsoft that is validated against a user's Active Directory ID. An organization ID that is assigned by Microsoft and validated against Active Directory as follows:
  First, a person who has an [on-premise domain]\<user> account attempts to access organization resources.
  Next, the resource requests authentication from the user.
  Then, the user types in their organization user name and password.
  Finally, that user name and password are validated against the organization AD database, the user is authenticated, and is given access to the requested resource.
  An organization ID that is assigned by Microsoft that is validated against a user’s Active Directory Federation Services ID. An organization ID that is assigned by Microsoft and validated against Active Directory Federation Services (ADFS)
  as follows:
  First, one person who has an org.onmicrosoft.com attempts to access
  partner organization resources.
  Then, the resource requests authentication from the user.
  Next, the user types in their organization user name and password.
  Then, that user name and password are validated against the organization AD database.
  Finally, that same user name and password are passed to the partner’s federated AD database, the user is authenticated, and is given access to the requested resource.
  For on-premises resources, Office 2013 uses the domain\alias user name for authentication. For federated resources, Office 2013 uses the [email protected] user name for authentication.
  </snip>
  Office 365 Administration / Office 365 Administration Center / Office 365 Portal
  http://technet.microsoft.com/en-us/library/jj819272.aspx
  This page summarized methods of administering Office 365
  User Account Management
  http://technet.microsoft.com/en-us/library/jj819300.aspx
  Sign-in for Small Business subscriptions
  Users receive Windows Azure Active Directory cloud credentials—separate from other desktop or corporate credentials—for signing into Office 365 and other Microsoft cloud services.
  Sign-in options for Enterprise, Midsize Business, Kiosk, Academic, and Government subscriptions
  Office 365 for Enterprise, Midsize Business, Kiosk, Academic, and Government subscriptions has two systems that can be used for user identities:
  Organizational account (cloud identity)   Users receive Windows Azure Active Directory cloud credentials—separate from other desktop or corporate credentials—for signing into Office 365 and other Microsoft cloud
  services. This is the default identity, and is recommended for small and midsize businesses in order to minimize deployment complexity. Passwords for organizational accounts use the Windows Azure Active Directory
  password policy.
  Federated account (federated identity)   For all subscriptions other than Office 365 Small Business and Office 365 Small Business Premium, in organizations with on-premises Active Directory that use single sign-on
  (SSO), users can sign into Office 365 services by using their Active Directory credentials. The corporate Active Directory stores and controls the password policy. For information about SSO, see
  Single sign-on roadmap.
  The type of identity affects the user experience and user account management options, as well as hardware and software requirements and other deployment considerations.
  Custom domains and identity options
  When you create a new user, the user’s sign-in name and email address are assigned to the default domain as set in the Office 365 admin center. By default, the Office 365 subscription uses the <company name>.onmicrosoft.com
  domain that was created with the Office 365 account. You can add one or more custom domains to Office 365 rather than retaining the
  onmicrosoft.com domain, and can assign users to sign in with any of the validated domains. Each user’s assigned domain is the email address that will appear on sent and received email messages.
  You can host up to 600 registered Internet domains in Office 365, each represented by a different namespace.
  For organizations using single sign-on, all users on a domain must use the same identity system: either cloud identity or federated identity. For example, you could have one group of users that only needs a cloud identity because they don’t access on-premises
  systems, and another group of users who use Office 365 and on-premises systems. You would use add two domains to Office 365, such as
  contractors.contoso.com and
  staff.contoso.com, and only set up SSO for one of them. An entire domain can be converted from cloud identity to federated identity, or from federated identity to cloud identity.
  For more information about domains in Office 365, see the
  Domains service description.
  Creating user accounts
  Office 365 provides five ways to create user accounts, some of which are not available for Office 365 Small Business and Office 365 Small Business Premium: Add single User, Bulk upload using *.CSV files, Active Directory Synchronization, Azure Active Directory
  Module for powershell, Exchange Simple Migration
  Password management
  The policies and procedures for password management depend on the identity system.
  Cloud identity password management:
  When using cloud identities, passwords are automatically generated when the account is created.
  For cloud identity password strength requirements, see
  Change your password.
  To increase security, users must change their passwords when they first access Office 365 services. As a result, before users can access Office 365 services, they must sign into the Office 365 portal, where they are prompted to change their passwords.
  Admins can set the password expiration policy. For more information for Enterprise and Midsize subscriptions, see
  Set a user’s password expiration policy. For Small Business, see
  Change how often passwords expire.
  License management
  A subscription to Office 365 is made up of a number of licenses to a set of services. An administrator assigns a license to each user for each service that user needs access to. For more information about managing licenses, see
  Assign or remove a license in Office 365 Enterprise, or
  Assign or remove a license in Office 365 Small Business.
  Office 365 for Business FAQ
  http://office.microsoft.com/en-us/business/microsoft-office-365-for-business-faq-FX103030232.aspx
  Some general questions are answered
  Deployment guide for Microsoft Office 2013
  http://blogs.msdn.com/b/mssmallbiz/archive/2012/10/22/free-microsoft-ebook-deployment-guide-for-microsoft-office-2013.aspx
  Free Download, 147 pg
  Table of Contents
  Getting help
  Volume activation of Office 2013
  Plan volume activation of Office 2013
  Volume activation methods in Office 2013
  Deploy volume activation of Office 2013
  Use tools to configure client computers in Office 2013
  Customize installations of Office 2013
  Customize Setup before installing Office 2013
  Configure a silent installation of Office 2013
  Create custom configurations of Office 2013
  Office Customization Tool (OCT) in Office 2013
  Config.xml file in Office 2013
  Setup command-line options for Office 2013
  Setup properties in Office 2013
  Setup architecture overview for Office 2013
  Customize the Accessibility Checker for Office 2013
  Outlook 2013
  Planning overview for Outlook 2013
  Choose between Cached Exchange Mode and Online Mode for Outlook 2013
  Plan a Cached Exchange Mode deployment in Outlook 2013
  Plan feature customizations in Outlook 2013
  Choose security and protection settings for Outlook 2013
  Configure multiple Exchange accounts for Outlook 2013
  Configure Cached Exchange Mode in Outlook 2013
  Configure Outlook Anywhere in Outlook 2013
  Configure junk e-mail settings in Outlook 2013
  Roll out Office 2013
  Install Office 2013 from the local installation source
  Deploy Office 2013 from a network installation point
  Deploy Office 2013 by using Group Policy computer startup scripts
  Language in Office 2013
  Plan for multi-language deployment of Office 2013
  Customize language setup and settings for Office 2013
  Add or remove language packs after deployment of Office 2013
  Mixed language versions of Office 2013
  Companion proofing languages for Office 2013
  Language identifiers and OptionState Id values in Office 2013
  Security in Office 2013
  Security overview for Office 2013
  Authentication in Office 2013
  Plan for Information Rights Management in Office 2013
  Group Policy for Office 2013
  Planning for Group Policy in Office 2013

• Deploying Creative Cloud for Teams via Group Policy

  Good afternoon, we are trying to deploy our Creative Cloud for Teams products.  Our ideal situation would be where we are able to deploy the Creative Cloud Software (e.g. including Photoshop, InDesign, Illustrator, etc) using Group Policy, then assign the respective user licenses using the Management Console.  This would send out the email to the applicable user for them to create and Adobe ID, and use the software that has been installed.  However, we are able to install the software using Group Policy Deployment using the msi created using the Creative Cloud Packager, but any user is able to use the software on the PC, not just the person who has been assigned the licence via the console email.  Is anyone else successfully deploying in this way?
  Kind regards
  Mel

  Team license links that may help
  -team plans https://creative.adobe.com/plans?plan=team
  -http://www.adobe.com/creativecloud/buy/business.html
  -https://helpx.adobe.com/contact/creative-cloud-teams.html for Team help
  -manage your team account http://forums.adobe.com/thread/1460939?tstart=0
  -Team Installer http://forums.adobe.com/thread/1363686?tstart=0