As part of a task to move desktop applications to the Citrix servers I had an issue where a particular Excel Comm add-in wouldn’t work unless I used the applications configuration tool to enable the add-in. As I wanted to automate the process for all users I had to find a way to get this working automatically.
Initially the error shown in Excel was:
“Not loaded. A runtime error occurred during loading of COM add-in”
To get a more detailed error I turned on VSTO logging via adding the environment variable VSTO_SUPPRESSDISPLAYALERTS with the value of 0. This then gave me a better error Execution permission cannot be acquired which is obviously permission related.
To find out what the configuration tool was doing I used Microsoft’s process monitor and found that caspol was being used to set permissions.
So after a lot of trial and error with different command lines I found a great tool called “Code Access Security Policy (CASPOL) command Generator” from http://brandonpotter.wordpress.com/2010/01/23/code-access-security-policy-caspol-exe-gui-utility/.
I set the permissions of the folder that contained the Excel add in to apply to the machine with FULLTrust trust level. Now the addin will load for all users on that machine and not just the application configured users. I would suggest using process monitor though to find out which version of Microsoft.NET is being used so that the correct caspol is run.
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe -machine -addgroup All_Code -url “c:\program files\myapplication\*” FullTrust