Granting Trust to Documents
A document-level project has the same security requirements as application-level projects: signing the manifests with a certificate or clicking the trust prompt. In addition, the document or workbook must be located in a directory that is designated as a trusted location.
Applies to: The information in this topic applies to document-level projects for Excel and Word. For more information, see Features Available by Office Application and Project Type.
Applications in Office 2013 and Office 2010 have Trust Centers where users can configure security and privacy settings, such as trusted locations. For Office solutions, the local computer is considered a trusted location. However, because of higher risk, there are certain directories that cannot ever be trusted, such as the temporary folders for the system, for each user, and for Internet Explorer.
For more information about the Trust Center, see Security and policies and settings in Office 2010. For more information about how to create, manage, remove, and configure trusted folders, see Configure trusted locations and trusted publishers settings in the 2007 Office system and Create, remove, or change a trusted location for your files.
There are several security concerns when you consider which folders to add to the trusted locations:
Local folders are considered to be more secure and are implicitly trusted. Remote locations such as file shares must be designated as trusted locations.
When you add a directory to the trusted locations, this action grants full trust not only to Office solutions, but also to VBA and ActiveX code. For this reason, the root directory and the My Documents folders should not be designated as trusted.
Although the document itself is trusted by using the trusted locations, additional permissions are needed to trust the customization. You can grant full trust to the customization by using signing the manifests with a certificate, clicking the trust prompt, or installing the Office solution to the Program Files directory.
You can store the document or workbook of a document-level solution in the same directory as the assembly, or in a different directory. For example, the document could be located on a SharePoint server and the assembly could be located on a network file share. For more information, see How to: Publish a Document-Level Office Solution to a SharePoint Server by Using ClickOnce.