E
Erik
Hi all,
I want to use a GPO to set the Trusted Publishers in IE for all users in the
domain, but can't seem to get it to work.
Background: We've started to use code signing to sign macros in office
documents to able to raise the security level to High in the office programs
(and get rid of some warnings). The actual code signing works fine, but I
want to be able to use a GPO to set the Trusted Publishers in IE for all
users in the domain to automatically trust certificates issued by me (to get
rid of a Security Warning where the users need to check "Always trust macros
from this publisher").
Environment: Windows 2000 Server (we have our own Root Certificate Authority
(stores data in the AD). XP clients.
Details: I'm running GPMC as domain admin on my local machine (running XP).
I have tried modifying a GPO to set the Trusted Publishers, but it doesn't
get applied on the client. I went into User Configuration, Windows Settings,
Internet Explorer Maintenance, Security / Authenticode Settings. Then I
imported the current Authenticode information from my machine. All looked
fine (the certificate being listed). I also tried changing some other IE
settings (the home page) just as a test.
When refreshing the policy on a test machine the IE home page gets applied,
but the list of Trusted Publishers in IE is not. This shows that there isn't
a problem with the actual policy just with the Trusted Publishers part.
Any ideas what's going wrong?
Or is there a better way of achieving what I want: distributing a list of
Trusted Publishers so that clients always trust these for code signing of
Office documents. (I know I can add the certificates in Office 2003 setup
program using the Custom Installation Wizard, but this seems a bit
unflexible so I'd like to use AD).
/ Erik
I want to use a GPO to set the Trusted Publishers in IE for all users in the
domain, but can't seem to get it to work.
Background: We've started to use code signing to sign macros in office
documents to able to raise the security level to High in the office programs
(and get rid of some warnings). The actual code signing works fine, but I
want to be able to use a GPO to set the Trusted Publishers in IE for all
users in the domain to automatically trust certificates issued by me (to get
rid of a Security Warning where the users need to check "Always trust macros
from this publisher").
Environment: Windows 2000 Server (we have our own Root Certificate Authority
(stores data in the AD). XP clients.
Details: I'm running GPMC as domain admin on my local machine (running XP).
I have tried modifying a GPO to set the Trusted Publishers, but it doesn't
get applied on the client. I went into User Configuration, Windows Settings,
Internet Explorer Maintenance, Security / Authenticode Settings. Then I
imported the current Authenticode information from my machine. All looked
fine (the certificate being listed). I also tried changing some other IE
settings (the home page) just as a test.
When refreshing the policy on a test machine the IE home page gets applied,
but the list of Trusted Publishers in IE is not. This shows that there isn't
a problem with the actual policy just with the Trusted Publishers part.
Any ideas what's going wrong?
Or is there a better way of achieving what I want: distributing a list of
Trusted Publishers so that clients always trust these for code signing of
Office documents. (I know I can add the certificates in Office 2003 setup
program using the Custom Installation Wizard, but this seems a bit
unflexible so I'd like to use AD).
/ Erik