This involves a long tale of trying and failing to get Microsoft office to install. Even the SARA tool failed. However, the technique to resolve the issue was a favorite of mine, which is to begin to resolve every problem that you find on the machine until the solution is uncovered. In this case, office failed to install because the Software Protection Service was not running and would not stay running when started.
We know that,
The Software Protection (sppsvc) service enables downloading, installing, and enforcing digital licenses for the Windows operating system and applications. If the service is disabled, the operating system and licensed applications will run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
This service is installed by default and its startup type is Automatic.
When the Software Protection service is started in its default configuration, it logs on by using the Network Service account.
The Software Protection service is dependent upon the following system components:
- Remote Procedure Call (RPC)
- DCOM Server Process Launcher
- RPC Endpoint Mapper
However, the service was failing to start. The option was to change the permission level of the service to local system from network service. This does change the security level of the service in a rather large way and should only be used when the computer is not part of a local domain.
Local system is a completely trusted account, more so than the administrator account. There is nothing on a single box that this account cannot do, and it has the right to access the network as the machine.
- Name:
.\LocalSystem
(can also useLocalSystem
orComputerName\LocalSystem
) - the account has no password (any password information you provide is ignored)
- SID: S-1-5-18
- does not have any profile of its own (
HKCU
represents the default user) - has extensive privileges on the local computer
- presents the computer’s credentials (e.g.
MANGO$
) to remote servers
Network Service has very limitted privileges the (SeAditNamePrivilege,
SeChangeNotifyPrivilege and SeUndockPrivilege + those assigned to “EveryOne
” and and “Authenticated” users ) on the system, presents the machine
credentials on the network, the remote token contains the “EveryOne” and
“Authenticated User” group SIDs.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sppsvc and change the ObjectName from NT AUTHORITY\NetworkService to LocalSystem
All we do is support IT professionals. Microsoft 365 technical assistance, Super Secret News, Security community, MSP Legislation community, Intune, Defender and Lighthouse community, Peer groups, Kits, papers, Business consulting and more. https://www.thirdtier.net