Educause Security Discussion mailing list archives
Office 2007 security using signed add-ins
From: "Fowler, Steve" <steve.fowler () OREGONSTATE EDU>
Date: Thu, 9 Oct 2008 16:44:12 -0700
Hello, We've begun wide scale deployment of Office 2007 in our computing environment. Since beginning the process we've run into an issue surrounding setting macro level security for add-ins. In Microsoft's trust security model only add-ins signed by a trusted publisher are allowed to function. We have at least three products that are used that come with unsigned add-ins. To attempt to get this corrected we've addressed the security concern with the vendor and asked whether they intend on providing a signed add-in. I don't think we've gained much traction so far. I am curious how others are addressing this issue. As a backup plan we have discovered that we can sign the add-ins with a locally trusted cert and when the signed add-in and cert are deployed we are able to have the product work. This, of course, raises EULA issues and requires processes that would have to be followed when updating the application to a new version. Thanks in advance Steve Fowler Systems Manager Technology Support Services Oregon State University
Current thread:
- Office 2007 security using signed add-ins Fowler, Steve (Oct 09)