Code Signing Certificate - Automatic Acceptance.

[Aaron Elliott]

We have some custom footer macros which have been written by our provider
who have included a code signing certificate. The Certificate is installed
in the relevant group policy in: Computer Configuration\Windows
Settings\Secutiy Settings\Public Key Policies\Trusted Root Certification
Authorities.

With that in place, Word comes up with a message (Security Warning) asking
to either enable or disable the macros with a check box to 'Always trust
macros from this publisher'.

Is there a way to always trust the macro via group policy?

Thanks!

Aaron

 

[Marcel A. Bernards]

I'm also fighting this issue here at work.

I got partial succes publishing a Self Signed root CA from our internal
Certificate Server running on a Windows 2000 server.

The story I found was on Alun Jones his blog at
http://msmvps.com/blogs/alunj/archive/2006/03.aspx

It works on XP Pro and W2K3 boxes but we have a large amount of W2K Pro
boxes here where I want it on too.

There the problem arises.

There is a difference how W2K boxes and XP boxes store and represent their
"Trusted Publisher" store and how it apply Group Policy objects into the
system

On W2K boxes there is no such tab to view those certificates.
The policies are applied, I can see the registry keys appearing after
reading the policy.

I tried to create a User part into that policy in Security Settings-Software
Restrictions-Additional Rules and added the Excel extracted Certificate in
there

I guess that's a XP/W2K3 specific feature too.

I think getting a Trusted Publisher certificate trou Group Policy into a
client
is not possible.

The only route that probably works for W2K boxes is CERTUTIL or CERTMGR
to force the certificate into the 'Other People' store.

Maybe some PKI MVP could enlighten us here