Granting Trust to Office Solutions


Granting trust to Office solutions means modifying the security policy of each target computer to trust the solution assembly, application manifest, deployment manifest, and document. Trust can be granted to the Office solution by either you or the end user.

You can grant full trust to the Office solution by signing the application and deployment manifests.

End users can grant trust to the Office solution by making a trust decision in the ClickOnce trust prompt.

Applies to: The information in this topic applies to document-level projects and VSTO add-in projects. See Features Available by Office Application and Project Type.

All application and deployment manifests for Office solutions must be signed with a certificate that identifies the publisher. Certificates provide a basis for making trust decisions.

A temporary certificate is created for you and granted trust at build time so the solution will run while you debug it. If you publish a solution that is signed with a temporary certificate, the end user will be prompted to make a trust decision.

If you sign the solution with a known and trusted certificate, the solution will automatically be installed without prompting the end user to make a trust decision. For more information about how to obtain a certificate for signing, see ClickOnce and Authenticode. After a certificate is obtained, the certificate must be explicitly trusted by adding it to the Trusted Publishers list. For more information, see How to: Add a Trusted Publisher to a Client Computer for ClickOnce Applications.

If a developer signs the solution with a temporary certificate, an administrator can re-sign the customization with a known and trusted certificate by using the Manifest Generation and Editing Tool (mage.exe), which is one of the Microsoft .NET Framework tools. For more information about signing solutions, see How to: Sign Office Solutions and How to: Sign Application and Deployment Manifests.

ClickOnce prompts the end user to make the trust decision if there is no organization-wide policy that trusts the solution's certificate. If the end user grants trust to the solution, an inclusion list entry is created that contains a URL and a public key to store this trust decision. When a trusted customization is run later, the end user is not prompted again.

Administrators can disable the ClickOnce trust prompt or require that the prompt occur only for solutions that are signed with an Authenticode certificate. For more information about how to change these settings for the MyComputer, LocalIntranet, Internet, TrustedSites, and UntrustedSites zones, see How to: Configure the ClickOnce Trust Prompt Behavior.

Securing Office Solutions
Granting Trust to Documents
Troubleshooting Office Solution Security
Specific Security Considerations for Office Solutions