Code Signed Macro for Outlook 2003

[Graham]

We are starting to upgrade from Outlook 2000 to Outlook 2003 and at the same
time, our digitally signed Outlook 2000 macro is due to expire.

The question is, what is the best way to deploy a new signed macro in
Outlook 2003 (I know add-ins are the preferred method, but hey, this is old
legacy stuff we need to keep for just 1 more year at the most and not worth
re-developing). I have seen the security options have changed in
Outlook2003 and I do not think that you can trust a new source and enable
macros from an untrusted source unless you change the settings to medium or
low.

May be the question should be, how can I first make the source trusted,
other than manually importing it onto all PC's?

Any advice gratefully appreciated.

Regards
Graham

 

[Ken Slovak - [MVP - Outlook]]

You would need to sign the code to get it trusted and running without
lowering the macro security levels. You can sign with a certificate
generated by your own organization if you have that set up, a code signing
certificate from Verisign or Thawte or some other trusted source, or by
using the Selfcert.exe application that comes with Office.

 

[Graham]

Thanks Ken,

I have now signed the macro, but when I put it on a PC with Outlook 2003,
the options to "enable macros" and "always trust this source" was disabled.
Lowering the secruity to medium allowed me click "enable macros", but the
"always trust this source" was still greyed out. I can check changing it to
low, but I need the the signed macro always to be trusted.

I need to check this again, because it seems to contadict the "Office 2003
macro and add-in security setting options" given at
http://msdn.microsoft.com/library/d...l/ofSecurityNotesForOfficeDevs_HV01051489.asp -
does Outlook 2003 have different behaviour?

Another thought, can anything thing be done via Group Policy (does not mean
much to me, but my Company has changed Outlook security before changing
Group Policy)

Thanks in advance
Graham

 

[Ken Slovak - [MVP - Outlook]]

Did you trust the signature? You have to go to the Trusted Publishers tab
and trust the publisher, in this case you if you used Selfcert. I sign my
VBA code project with my Thawte code signing certificate, so I trust Slovak
Technical Services in that tab even though the certificate is installed in
the registry of that development machine.

First go to the VBA project. Then use the Tools, Digital Signature menu to
add the certificate by using the Choose button. Then after selecting the
certificate and signing with it exit Outlook after saving the VBA project.
Then restart Outlook and in the Trusted Publishers tab you should see the
certificate. If you trust it macros will run without prompting in High
security mode after you then exit and restart Outlook again.

You can most likely sign the VBA project with the macro, trust it and
everything else with group policies, but I'm no expert on those.