When deploying VSTO ClickOnce applications targeting .NET Framework 4 to non-admin users, we hit a chicken-and-egg problem: The framework requires admin rights to install, yet ClickOnce deployments fail when prerequisite frameworks are missing. Manual installation isn't scalable for enterprise environments with hundreds of workstations.
For Windows Server Update Services (WSUS) deployment:
- Import the .NET Framework 4 update package (KB982670) into WSUS
- Create a target group for machines needing the update
- Approve the update for installation
# PowerShell snippet to verify WSUS update approval
Get-WsusUpdate -Approval Approved -Classification "Updates" |
Where-Object { $_.Title -like "*NET Framework 4*" } |
Select-Object Title, KnowledgebaseArticlesThe more flexible approach uses Group Policy:
- Download the standalone .NET 4 installer (dotNetFx40_Full_x86_x64.exe)
- Create a network share with read permissions for target computers
- Create a transform file (.mst) if customization is needed
<!-- Sample GPO deployment XML -->
<DeploymentConfiguration
xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/SoftwareInstallation">
<Application
DeploymentType="Assign"
PackagePath="\\fileserver\software\dotNetFx40_Full_x86_x64.exe"
DeploymentOptions="InstallOnDemand"/>
</DeploymentConfiguration>For either method, these command-line switches ensure silent installation:
dotNetFx40_Full_x86_x64.exe /q /norestart /ChainingPackage "ADMINDEPLOYMENT"After deployment, verify installation with this PowerShell check:
# Check .NET 4 installation status
$net4Reg = Get-ChildItem "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
if ($net4Reg.GetValue("Install") -eq 1) {
Write-Host ".NET 4.0 installed (Version $($net4Reg.GetValue('Version')))"
} else {
Write-Warning ".NET 4.0 not detected"
}Since .NET installations often require reboots, consider these approaches:
- Schedule deployments during maintenance windows
- Use shutdown.exe with time delay:
shutdown /r /t 300 /c "Rebooting for .NET 4 installation" - Integrate with your RMM tool for reboot coordination
When deploying VSTO ClickOnce applications to non-admin users, a common roadblock arises: the dependency on .NET Framework 4. Since ClickOnce can't automatically install frameworks without admin rights, we need a centralized deployment solution.
Active Directory Group Policy offers the most reliable enterprise deployment method. Here's how to set it up:
<!-- Sample Group Policy MSI deployment command --> msiexec /i "dotNetFx40_Full_x86_x64.exe" /q /norestart /log "%TEMP%\dotnet4_install.log"
Key steps:
- Download the offline installer from Microsoft's site
- Create a new GPO in Group Policy Management
- Navigate to Computer Configuration > Policies > Software Installation
- Assign the .NET 4 package with silent install parameters
For organizations using Windows Server Update Services:
# PowerShell snippet to approve .NET 4 in WSUS $update = Get-WsusUpdate -Approval Unapproved -SearchText "Microsoft .NET Framework 4" Approve-WsusUpdate -Update $update -Action Install -TargetGroupName "All Computers"
Important considerations:
- Ensure the WSUS server synchronizes the .NET Framework 4 update
- Test deployment on a pilot group first
- Combine with Group Policy for reboot control
Both methods may require reboots. Implement this registry tweak to suppress automatic reboots:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "NoAutoRebootWithLoggedOnUsers"=dword:00000001
After deployment, verify installation with this PowerShell check:
# Check .NET 4 installation status
$net4Reg = Get-ChildItem "HKLM:SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
if ($net4Reg.GetValue("Release") -ge 378389) {
Write-Host ".NET 4.5 or later installed"
} else {
Write-Warning ".NET 4 not properly installed"
}
For smaller deployments, modify your ClickOnce manifest to include a bootstrapper check:
<!-- Sample bootstrapper package configuration -->
<ItemGroup>
<BootstrapperPackage Include=".NETFramework,Version=v4.0">
<Visible>False</Visible>
<ProductName>Microsoft .NET Framework 4</ProductName>
<Install>true</Install>
</BootstrapperPackage>
</ItemGroup>