1. Open Registry Editor.
2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3. New DWORD value called EnableLinkedConnections, set to 1.
4. Restart.

This was a royal pain to solve!

1. Is your BIOS up to date? Like really really up to date? I had to use the latest BETA version, not the latest STABLE version.
   • Remember to DECRYPT BEFORE bios updates or have your recovery key handy.
2. tpm.msc
   • Does the system see the TPM? Yes/No, solve this.
3. Can you encrypt with bitlocker? Yes/No, solve this next. Mine worked.
4. sfc /scannow (does this finish or pass? Mine hung at 56%)
5. chkdsk /r /f c: (does this finish? Mine did.)
6. sfc /scannow (after chkdsk, does this now finish? Now it passed.)
7. Is Windows completely up to date? Check over and over until ALL windows updates are installed. All optional updates too!
8. Have you removed ALL office accounts from Windows?
   • Settings > Add, edit, delete users > Email & Accounts
   • Launch WORD > (Upper right corner, your username and all others) Sign Out
   • Settings > Add, edit, delete users > Access Work or School
     • “Unlink” the account.
9. Have you turned off Windows Firewall (or other providers’ firewalls)?
10. Have you added this registry entry? Mine did not exist.
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb
    • DWord: ProtectionPolicy=1 (create it if it doesn’t exist)
11. Have you removed Office completely? Look for Office folders all over your PC:
    • C:\Program Files\Microsoft\Office
    • C:\Program Files (x86)\Microsoft\Office
    • C:\ProgramData\Microsoft\Office
    • C:\ProgramData\Office
    • C:\Users\[username]\AppData\Local, LocalLow, and Roaming\Microsoft\Office
    • I went a step further and also deleted any “Word”, “Outlook”, “Excel”, “Powerpoint”, etc. that I found.
      HINT: Don’t empty your recycle bin in case you need this data later, like to recover/import outlook OST or PST data files.
12. Did you delete the registry entries for old/stale MS Office versions too? Google this list if needed.
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppVISV
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
    • HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Office
    • HKEY_CURRENT_USER\Software\Microsoft\Office
13. After all this, install office365 (don’t sign in/activate yet).
14. Next update office365 (prior to activation)
    • Word > File > Account > Office Updates, Update Options > Update Now
15. Reboot after the updates complete.
16. Launch Word.
17. Sign in / Activate. I got the following error:
    • Your organization has deleted your device (no, actually we didn’t).
    • Error 700003
    • Only clickable button was “continue”
    • …and it activated!!! No account errors anymore!
18. Remember to turn your firewall back on! Cheers.

Hope this helps someone, it’s most likely not your TPM after all.
What a nightmare!

UPDATE: Had another computer with the same error. This one was getting hung up on the fact that a 32bit version of Microsoft Office Single Image 2010 was installed. Dug deep into the bowels of the computer to find these files and delete them.

C:\Windows\Installers\{907… [big long number here]

This folder had a bunch of office 2010 exe files in it. Deleted that and the one after it. Then searched through the registry for every instance of “Single Image” and “Office 2010” and deleted those keys.

Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy

Idle lock screen timeout settings:

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options

• Interactive logon: Machine inactivity limit
  • Enable
  • Set timeout in seconds.

Force a specific Background:

User Configuration > Policies > Administrative Templates > Desktop > Desktop

• Desktop Wallpaper
  • Enable
  • Set a UNC path to the wallpaper ( i.e. \\path\to\file.jpg )

Create a GPO and enable these settings. Related descriptions and values explained in citations.

Both Computer Configuration and User Configuration may have these policies modified:

Policies > Administrative Templates > System > Group Policy

• Configure Group Policy slow link detection
  Enable the policy and set value to 0 to disable slow link detection.

Create a GPO and enable three settings. Related descriptions and values explained in citations.

Both Computer Configuration and User Configuration need these policies modified:

Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

• Intranet Zone Template > Enabled > Low
• This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
• Site to Zone Assignment List > Enabled > Show…
  • ValueName = yourserver.domain.com
    A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10).
  • Value = 1 (Intranet zone)
• Intranet Zone (folder)
  • Show security warning for potentially unsafe files > Enabled > Enable
    If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.

You may also want to add trusted sites to the approved zone. Do that here:

Computer Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Site to Zone Assignment List

Trust Administrators

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> User Account Control: Run all administrators in Admin Approval Mode = Disabled

Windows 10, Windows 8, Windows 7 and Windows Vista come with a special Group Policy option which unlocks network drives for programs running elevated:

1. Open Registry Editor.
2. Go to the following Registry key:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3. Create a new DWORD value called EnableLinkedConnections, and set it to 1.
4. Reboot.

1. Launch a CMD as an Administrator
2. Type: slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
3. Press Enter

This process might take several days (!!!) to complete. Wait for it.

slmgr.vbs command help

Referenced Instructions

Alternate Activation Gui Method

1. click START (gets you to the tiles)
2. type RUN
3. type slui 3 and press ENTER
   1. SLUI 1 brings up the activation status window
   2. SLUI 2 brings up the activation window
   3. SLUI 3 brings up the CHANGE PRODUCT KEY window
   4. SLUI 4 brings up the CALL MICROSOFT & MANUALLY ACTIVATE window
4. Type in your product key
5. Have a nice day.

1. To resolve this issue run gpedit.msc, go to:
   Computer -> Administrative Templates -> Network -> Network Provider -> Hardened UNC Paths
2. Enable the policy and click “Show” button.
3. Enter your server name (\myservername) into “Value name” field.
4. Enter the folowing text “RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0” wihtout quotes into the “Value” field.

pdbedit -x -m WorkstationName