digitally signing macros for Word 2003

[Doug P]

I am using a template in the office startup directory with some macros. This
works fine in Word 2002 but not in Word 2003 with high security. I have seen
several posts here asking about this and some instructions on how to
digitally sign the macros with a self-generated certificate. This also works
in Word 2002 but not in 2003. Word cannot verify the publisher and will still
not enable self signed macros under high security, even after the certificate
is installed on the computer. Is there a way to get self signed macros to
work in Word 2003 with high security? I don't want to have to spend several
hundred dollars for a certificate for macros used within my own network.

 

[Doug Robbins - Word MVP]

Even with the Macro security level set to Very High, macros in Trusted
Locations will be run. Such locations are the User and Workgroup Template
folders (and their subfolders) and the Word Startup folder (note it is the
Word Sartup folder, not the Office Startup folder). The Word Startup folder
is located at C:\Documents and Settings\[UserName]\Application
Data\Microsoft\Word\Startup

--
Hope this helps.

Please reply to the newsgroup unless you wish to avail yourself of my
services on a paid consulting basis.

Doug Robbins - Word MVP

 

[Cindy M.]

Hi =?Utf-8?B?RG91ZyBQ?=,

I am using a template in the office startup directory with some macros. This
works fine in Word 2002 but not in Word 2003 with high security. I have seen
several posts here asking about this and some instructions on how to
digitally sign the macros with a self-generated certificate. This also works
in Word 2002 but not in 2003. Word cannot verify the publisher and will still
not enable self signed macros under high security, even after the certificate
is installed on the computer. Is there a way to get self signed macros to
work in Word 2003 with high security? I don't want to have to spend several
hundred dollars for a certificate for macros used within my own network.

Selfcert was really designed to only allow signed projects *on the PC and for
the user where the certificate was generated*. It was never meant to allow you
to trust and distribute macros on multiple machines or for multiple users. The
loopholes have been closed in each new version of Office.

Depending on what kind of network software you've licensed, you might have a CA
generator (Certification Authority) that will let you create a code-signing
certificate for your own company. (Windows 2003 Server has this, I believe)

Cindy Meister
INTER-Solutions, Switzerland
http://homepage.swissonline.ch/cindymeister (last update Jun 17 2005)
http://www.word.mvps.org

This reply is posted in the Newsgroup; please post any follow question or reply
in the newsgroup and not by e-mail

 

[Doug P]

Ah ha. I was using Office11\Startup directory. Is there any way to trust the
office11\startup directory so I only have to do it once per machine?

Even with the Macro security level set to Very High, macros in Trusted
Locations will be run. Such locations are the User and Workgroup Template
folders (and their subfolders) and the Word Startup folder (note it is the
Word Sartup folder, not the Office Startup folder). The Word Startup folder
is located at C:\Documents and Settings\[UserName]\Application
Data\Microsoft\Word\Startup

--
Hope this helps.

Please reply to the newsgroup unless you wish to avail yourself of my
services on a paid consulting basis.

Doug Robbins - Word MVP

I am using a template in the office startup directory with some macros.
This
works fine in Word 2002 but not in Word 2003 with high security. I have
seen
several posts here asking about this and some instructions on how to
digitally sign the macros with a self-generated certificate. This also
works
in Word 2002 but not in 2003. Word cannot verify the publisher and will
still
not enable self signed macros under high security, even after the
certificate
is installed on the computer. Is there a way to get self signed macros to
work in Word 2003 with high security? I don't want to have to spend
several
hundred dollars for a certificate for macros used within my own network.

 

[Jay Freedman]

Office 11 doesn't have a way to add trusted locations. That feature was
added in Office 12 (aka Office 2007).

One thing that may help in moving the templates: the environment variable
%appdata% points to C:\Documents and Settings\[UserName]\Application Data,
removing the need to discover the [UserName].

--
Regards,
Jay Freedman
Microsoft Word MVP
Email cannot be acknowledged; please post all follow-ups to the newsgroup so
all may benefit.

Ah ha. I was using Office11\Startup directory. Is there any way to
trust the office11\startup directory so I only have to do it once per
machine?

Even with the Macro security level set to Very High, macros in
Trusted Locations will be run. Such locations are the User and
Workgroup Template folders (and their subfolders) and the Word
Startup folder (note it is the Word Sartup folder, not the Office
Startup folder). The Word Startup folder is located at C:\Documents
and Settings\[UserName]\Application Data\Microsoft\Word\Startup

--
Hope this helps.

Please reply to the newsgroup unless you wish to avail yourself of my
services on a paid consulting basis.

Doug Robbins - Word MVP

I am using a template in the office startup directory with some
macros. This
works fine in Word 2002 but not in Word 2003 with high security. I
have seen
several posts here asking about this and some instructions on how to
digitally sign the macros with a self-generated certificate. This
also works
in Word 2002 but not in 2003. Word cannot verify the publisher and
will still
not enable self signed macros under high security, even after the
certificate
is installed on the computer. Is there a way to get self signed
macros to work in Word 2003 with high security? I don't want to
have to spend several
hundred dollars for a certificate for macros used within my own
network.

 

[Doug P]

I have installed the CA and generated some certificates for testing but they
are all "unsuitable for code signing". Is the CA capable of generating a
certificate for code signing?

 

[Cindy M.]

Hi =?Utf-8?B?RG91ZyBQ?=,

I have installed the CA and generated some certificates for testing but they
are all "unsuitable for code signing". Is the CA capable of generating a
certificate for code signing?

I thought it was, but I'm not an expert in this area. (I actually bit the
bullet and bought a code-signing certificate. But not from Verisign; from a
company with reasonable prices: GlobalSign.) Try asking in a newsgroup for the
Server you're using.

Cindy Meister
INTER-Solutions, Switzerland
http://homepage.swissonline.ch/cindymeister (last update Jun 17 2005)
http://www.word.mvps.org

This reply is posted in the Newsgroup; please post any follow question or reply
in the newsgroup and not by e-mail

 

[Doug P]

I found out how to enable the code signing template in the 2003 Certificate
Authority so I could generate a code signing certificate. When I try to use
it to sign the macro project, Word tells me "there is a problem with the
certificate" and it won't be used.
One step forward, two steps back...

 

[Doug P]

Never mind that last comment. I have now successfully signed a macro project
with an internally generated cert which allows me to put the .dot file in the
office startup directory. When Word starts up, it prompts once about the
macros and allows the user to check the box to always trust it. Yippie...

Thanks for you help.

 

[Doug P]

Thanks for you help, Doug and Jay.
Your information was helpful but I wanted to keep the .dot file in the
office startup because it adds a menu to the menu bar and from the office
startup directory applies to all users.
With help from Cindy below, I figured out how to get a proper internal code
signing certificate generated and installed into the .dot file.

Even with the Macro security level set to Very High, macros in Trusted
Locations will be run. Such locations are the User and Workgroup Template
folders (and their subfolders) and the Word Startup folder (note it is the
Word Sartup folder, not the Office Startup folder). The Word Startup folder
is located at C:\Documents and Settings\[UserName]\Application
Data\Microsoft\Word\Startup

--
Hope this helps.

Please reply to the newsgroup unless you wish to avail yourself of my
services on a paid consulting basis.

Doug Robbins - Word MVP

I am using a template in the office startup directory with some macros.
This
works fine in Word 2002 but not in Word 2003 with high security. I have
seen
several posts here asking about this and some instructions on how to
digitally sign the macros with a self-generated certificate. This also
works
in Word 2002 but not in 2003. Word cannot verify the publisher and will
still
not enable self signed macros under high security, even after the
certificate
is installed on the computer. Is there a way to get self signed macros to
work in Word 2003 with high security? I don't want to have to spend
several
hundred dollars for a certificate for macros used within my own network.

 

[Cindy M.]

Hi Doug,

Never mind that last comment. I have now successfully signed a macro project
with an internally generated cert which allows me to put the .dot file in the
office startup directory. When Word starts up, it prompts once about the
macros and allows the user to check the box to always trust it. Yippie...

Super <g>! It's always encouraging to learn a theory applies to the real world.

Cindy Meister
INTER-Solutions, Switzerland
http://homepage.swissonline.ch/cindymeister (last update Jun 17 2005)
http://www.word.mvps.org

This reply is posted in the Newsgroup; please post any follow question or reply
in the newsgroup and not by e-mail