We have a Terminal Server and need to install Office without a Volume License.

According to THIS, that is allowed with E3 licensing.





So, a couple of things to note here:

1. RDS is not permitted for Small Business premium
2. RDS IS permitted for M, E3 and E4
3. There are no caveats or foot notes as there used to be

Now the actual question, HOW do you do it?

Here the answer:

1. Start by downloading the “Office Deployment Tool for Click-To-Run” and extract it in a shared directory.

2. Navigate to your extracted folder (in our example \\server\o365) and edit the ‘configuration.xml’ file following the Microsoft guidelines:

3. Open CMD, navigate to the extraction folder (e.g. C:\O365) and run:

Let it run it will download the installer, it will create a new folder called ‘Office’ and should be about 1GB once it finished.

4. Run the installer from CMD

Once that is done you should have O365 installed and it can be activated with individual O365 (E3) licenses. :o)




Since managing it remotely in anon domain environment is a pain in the neck and I’ll have to setup quite a few servers in the next couple of weeks, here a quick ‘how to’ mange Hyper-V Server 2016 remotely.


1. Run

2. Configure Remote Management + ping (Opt. 4 -> Opt. 4 -> Opt. 1)
3. Enabled Remote Desktop (Opt. 7 -> e -> Opt. 2)
4. Run this command to allow RDP through the server’s firewall:

5. Launch Powershell and execute this command:


1. Add an entry to the hostfile as you can not add a Hyper-V server via IP

2. Run -> dcomcnfg, right-click on ‘My Computer’ -> Properties -> COM Security Tab -> Access Permissions -> Edit Limits -> Anonymous Logon -> Allow ‘Local & Remote’ Access


4. Install the RSAT Tools for your Operating system. Open the Server Manager and add the Hyper-V host as a server.

5. You should get a permission error, run the following command:

Now you should be able to remote manage / create / edit your Hyper-V Server.


Alright so one of our customer’s shared drive broke, we were able to restore it and such, however the needed rights were gone. I found a cool nifty tool called “SubInACL” to help me out. The default install is in

The syntax for SubInCAL is like so:

So in my case I used:

The <access>parameter follows this list:

F : Full Control
R : Generic Read
W : Generic Write
X : Generic eXecute
L : Read controL
Q : Query Service Configuration
S : Query Service Status
E : Enumerate Dependent Services
C : Service Change Configuration
T : Start Service
O : Stop Service
P : Pause/Continue Service
I : Interrogate Service
U : Service User-Defined Control Commands

To get all the sub-directories you can use the switch ‘/subdirectories

Such an easy command saved the day!

We have  custom APP that is used internally only, and even though the UAC is disabled it was throwing this annoying error:

security warning.zoom60

The fix is relatively easy, you just have to be cautious as it might cause potential harm.

1. Navigate to: (REGJUMP is your best friend for that!)

2. Add a new ‘String Value’, call it ‘LowRiskFileTypes’ and give it the value ‘.exe’.
3. Make sure to remove the ‘.exe’ from the ‘HighRiskFileTypes’ list.
4. Reboot.

Again, the warning, it poses extra risk as it will not warn when the user opens another ‘.exe’ file. We have great backups, users only use the same apps and have no rights to install things, so I am comfortable applying it this way.