Fixed: running Office 365 ProPlus on a Windows Server 2008 R2 RDS Session Host

I am posting this information in case it helps someone else in the future.

In the last five months I had issues with running Microsoft Office 365 ProPlus on a Windows Server 2008 R2 RDS Session Host as a powerless Windows user. In order to activate or run the program the end user needed to either be a member of the local Windows administrators group or have a special shortcut to the program, such as Word, configured to run as administrator and have the administrator credentials entered once and saved per Windows profile. This restriction didn’t make sense at all. Why would Microsoft make an end user product that can be installed on a RDS Session Host but must be run as administrator? We opened two or three tickets with Office 365 tech support and their conclusion was that, while the Technet article doesn’t list this restriction, you must in fact run Office 365 ProPlus on a RDS Session Host as an administrator.

Recently I created a new Windows Server 2008 R2 RDS Session Host and began experimenting with what is causing this issue. I installed Office 365 ProPlus, using the Office 2016 version this time, logged in as a powerless Windows user, and was able to activate and run Office apps! I slowly made changes, added other apps, and eventually found what broke it. When Office is installed it puts shortcuts for the apps at the root of All Programs, which is found at C:\ProgramData\Microsoft\Windows\Start Menu\Programs on the RDS Session Host. I typically want to control what the end user sees for their Start Menu and Desktop. As such I will remove the local Users group’s NTFS permissions to C:\ProgramData\Microsoft\Windows\Start Menu and c:\users\public\desktop and use Group Policy’s Folder Redirection setting to redirect it to a network share. I found that moving the Office shortcuts to ANY OTHER FOLDER will break it. I ended up grating the local Users group read permission (this folder only) to Start Menu and Programs, and read only to the individual Office shortcuts. They will see other Start Menu folders such as Maintenance, however, they will not see any shortcuts within it.



Discussion Info

Last updated May 27, 2020 Views 1,951 Applies to:

Additional bit of info: if you moved the shortcut for an Office 365 ProPlus app and tried running it as a powerless Windows User the server would think for 5-10 seconds and then give you the following error: "something went wrong." No error number, no error info in the Windows Application Log.

Also, you can combine Group Policy folder redirection with granting users NTFS permissions to the Start Menu and Desktop folders. I put all the balance of the shortcuts I want users to see in the redirected folder and just granted NTFS permissions to the local Office app shortcuts.