Microsoft Office 2000/Visual Basic Programmer's Guide

Using Signed Office VBA Projects

In Microsoft Office, digital signatures are used in conjunction with a user's security settings and a list of known and verified certificates called trusted sources. The user's security level and the trusted sources list are maintained on the user's computer, but can be subject to an administrator's control. To provide the most administrative control over the use of digital signatures, an administrator can lock the user's security setting so that it can't be changed. Typically this would be used to force the setting to High so that only macros in signed VBA projects can be run. Additionally, an administrator can populate the trusted sources list with approved certificates and lock the list to prevent users from adding any new trusted sources.

For more information about how administrators can control the use of Office digital-signing features and security settings, see the Microsoft Office 2000 Resource Kit (Microsoft Press, 1999).

The security settings in Word, Excel, PowerPoint, and Outlook work similarly to those available in Internet Explorer. Office 2000 provides three security settings that affect documents containing macros:

High Only macros that are signed by using a trusted certificate are allowed to run automatically; all unsigned macros are disabled without notification. If macros have been signed with a signature that isn't in the trusted sources list, a dialog box is displayed. What a user can do at this point depends on what choices the system administrator has made:
- If the system administrator has not locked the trusted sources list, a user can choose to add the current signature to the trusted sources list when opening a signed, but not previously trusted document.
- If the system administrator has locked the trusted sources list after adding trusted signatures, a user can't add new signatures to the trusted sources list, and only macros signed by using existing trusted certificates can be run.
- If the system administrator has locked the trusted sources list without adding any trusted signatures, no macros can be run.
Medium Only macros that are signed by using a trusted certificate are allowed to run automatically, and the same administrative restrictions described for the High setting apply when new signatures are added to the trusted sources list. However, under the Medium setting, a user can choose to enable macros whether or not they have been signed.
Low The user receives no warnings; all documents are opened and all macros are enabled. This setting is recommended only if users have anti-virus software installed and don't want to use digital signatures.

Setting the Security Level

To set security settings, point to Macro on the Tools menu, and then click Security to display the dialog box shown in Figure 17.2.

Figure 17.2 The Security Dialog Box

The following table summarizes how macro-virus protection works under each setting on the Security Level tab with various types of documents and signature-verification results. Under all settings, if anti-virus software is installed and the document contains macros, the document is scanned for known viruses before it is opened and verified.

Type of document and verification result	High	Medium	Low
No macros	Document is opened.	Document is opened.	Document is opened.
Unsigned macros	Macros are automatically disabled without notification and the document or Outlook application is opened.	User is prompted to enable or disable macros.	No prompt. Macros are enabled.
Signed macros from a trusted source. Verification succeeds.	Macros are automatically enabled and the document or Outlook application is opened.	Macros are automatically enabled and the document or Outlook application is opened.	No prompt or verification. Macros are enabled.
Signed macros from an unknown author. Verification succeeds.	A dialog box is displayed with information about the certificate. Macros can be enabled only if the user chooses to trust the author and certifying authority by selecting the Always trust macros from this author check box in the Security Warning dialog box. A network administrator can lock the trusted sources list and prevent the user from adding the author to the list and enabling the document's or Outlook VBA project's macros.	A dialog box is displayed with information about the certificate. The user is prompted to enable or disable macros. Optionally, the user can choose to trust the author and certifying authority by selecting the Always trust macros from this author check box in the Security Warning dialog box.	No prompt or verification. Macros are enabled.
Signed macros from any author. Verification fails, possibly due to a virus.	User is warned of a possible virus. Macros are automatically disabled.	User is warned of a possible virus and macros are automatically disabled.	No prompt or verification. Macros are enabled.
Signed macros from any author. Verification not possible because public key is missing or incompatible encryption methods were used.	User is warned that verification is not possible. Macros are automatically disabled.	User is warned that verification is not possible. User is prompted to enable or disable macros.	No prompt or verification. Macros are enabled.
Signed macros from any author. The signature was made after the certificate had expired or been revoked.	User is warned that the signature has expired or been revoked. Macros are automatically disabled.	User is warned that the signature has expired or been revoked. User is prompted to enable or disable macros.	No prompt or verification. Macros are enabled.

Identifying Trusted Sources

The Trusted Sources tab in the Security dialog box lists all digital certificates that have been previously accepted by a user or that have been previously installed by a network administrator. A user doesn't add trusted sources directly to this dialog box, but can add a new certificate to the list by selecting the Always trust macros from this author check box the first time he or she opens a signed document from a new source. An administrator can lock the trusted sources list so that no new sources can be added to the list by users. Therefore, only macros signed by using approved certificates currently in the list will run.

The Trusted Sources tab also contains a Trust all installed add-ins and templates check box, which is selected by default. When this check box is selected, macros in all add-ins and templates in all of the locations in following table are ignored by security-level checks because it is assumed that these add-ins and templates are already trusted. This includes all templates and add-ins that are installed by Microsoft Office.

Installation location	Notes
C:\Program Files\Microsoft Office\ Templates\LanguageIDSubfolder	For U.S. English language installations, the language ID subfolder is named 1033.
C:\Windows\Application Data\ Microsoft\Templates	This folder is used only when Windows 95 or 98 is being used and user profiles aren't enabled.
C:\WindowsFolder\Profiles\UserName \Application Data\Microsoft\ Templates	This folder is used with Windows NT Workstation or Windows NT Server, or when Windows 95 or 98 is being used and user profiles are enabled.
C:\Program Files\Microsoft Office\ Office\Library	This folder is used for add-ins installed by Microsoft Office
C:\Program Files\Microsoft Office\ Office\AddIns	This folder is used for add-ins installed by Microsoft Office.
C:\Program Files\Microsoft Office\ Office\Startup	This folder is used for Word templates only.
C:\Program Files\Microsoft Office\ Office\Startup	This folder is used for Word templates only.
C:\Program Files\Microsoft Office\ Office\XLStart	This folder is used for Excel workbooks and add-ins only.
The Excel alternate startup file location	You can specify this location in the Alternate startup file location box on the General tab in the Options dialog box (Tools menu).

If you want to require that all add-ins and templates be signed, clear the Trust all installed add-ins and templates check box.

Important In Excel, if you clear the Trust all installed add-ins and templates check box and the security level is set to Medium or High, users will be prompted to enable any add-in that contains XLM macros (Excel version 4.0 macros) that is being loaded from the locations listed in the preceding table. Users are prompted to enable these add-ins because workbooks and add-ins that contain XLM macros can't be signed. This behavior also applies to some add-ins that are installed for Excel 2000, such as the Analysis ToolPak and Solver add-ins.

Note Selecting the Trust all installed add-ins and templates check box has no effect on templates in Excel. Installed Excel templates containing code can't be trusted by default.

If users or administrators want to require that installed add-ins and templates also be evaluated based on the security-level setting, they can clear the Trust all installed add-ins and templates check box. In this case, assuming the security level is set to High, only macros in installed templates and add-ins that have been signed will be run. Application-specific add-ins (.dot, .xla, and .ppa) created in Office 2000 applications can be signed by using the Digital Signatures command on the Tools menu in the Visual Basic Editor, but COM add-ins (add-ins created as a COM DLL) must be signed by using the Signcode.exe utility provided with the Microsoft Internet Client Software Development Kit (SDK). For information about downloading or ordering the Microsoft Internet Client SDK, see http://msdn.microsoft.com/developer/sdk/inetsdk/asetup/default.htm. Installed templates or add-ins created in previous versions of Microsoft Office must be opened and signed in their corresponding Office 2000 applications before they can be run. Additionally, an administrator can lock the Trust all installed add-ins and templates check box setting to prevent users from changing it.