Granting Trust to Office Solutions (2007 System)
Updated: July 2008
The information in this topic applies only to the specified Visual Studio Tools for Office projects and versions of Microsoft Office.
Microsoft Office version
For more information, see Features Available by Application and Project Type.
Granting trust to Office solutions means modifying the security policy of each end user to trust the solution assembly, application manifest, deployment manifest, and document. You can grant full trust to the appropriate files by using one or more of the following options:
ClickOnce Authenticode certificates, which are used to identify the publisher. Trust can be granted to solutions based on the publisher's certificate.
ClickOnce trust prompts, which are used when the certificate identifies the publisher but the publisher's certificate has not been trusted.
Visual Studio Tools for Office inclusion list, which stores the trust decision that is made by end users after they respond to a trust prompt.
All Visual Studio Tools for Office application and deployment manifests must be signed with a certificate that identifies the publisher. Certificates provide a basis for making trust decisions.
Visual Studio 2008 Service Pack 1 (SP1) adds a way to deploy without signing the manifests, but this feature is not supported in Visual Studio Tools for Office. All manifests must be signed with a certificate.
A temporary certificate is created for you and granted trust at build time so the solution will run while you debug it.
If you sign the solution with a known and trusted certificate, the solution will automatically be installed without prompting the end user to make a trust decision. For more information about how to obtain a certificate for signing, see ClickOnce Deployment and Authenticode. After a certificate is obtained, the certificate must be explicitly trusted by adding it to the Trusted Publishers list. For more information, see How to: Add a Trusted Publisher to a Client Computer for ClickOnce Applications.
If a developer signs the solution with a temporary certificate, an administrator can re-sign the customization with a known and trusted certificate by using the Manifest Generation and Editing Tool (mage.exe), which is one of the Microsoft .NET Framework tools. For more information about signing solutions, see How to: Sign an Office Solution (2007 System) and How to: Sign Application and Deployment Manifests.
Visual Studio Tools for Office ClickOnce prompts the end user to make the trust decision if there is no organization-wide policy that trusts the solution's certificate. If the end user grants trust to the solution, an inclusion list entry is created that contains a URL and a public key to store this trust decision. When a trusted customization is run later, the end user is not prompted again.
Administrators can disable the ClickOnce trust prompt or require that the prompt occur only for solutions that are signed with an Authenticode certificate. To change these settings for the MyComputer, LocalIntranet, Internet, TrustedSites, and UntrustedSites zones, see Table 2, titled Prompting Level Registry Key Value Launch Effects, in Configuring ClickOnce Trusted Publishers.
Visual Studio Tools for Office uses the registry to store a list of explicitly trusted solutions; this list is named the inclusion list. You can add entries to the inclusion list in two ways:
If a solution is not explicitly trusted or untrusted, the user will see a prompt to make a trust decision. If trust is granted, the solution is added to the inclusion list.
Administrators can disable the inclusion list so that the end user cannot make trust decisions. To change these settings for the MyComputer, LocalIntranet, Internet, TrustedSites, and UntrustedSites zones, see How to: Configure Inclusion List Security (2007 System).
For more information, see Trusting Office Solutions by Using Inclusion Lists (2007 System) and How to: Add or Remove Inclusion List Entries (2007 System).