Word 2010 security prompts on installed templates RRS feed

  • Question

  • I have a large collection of Word 2010 templates that contain VBA programming that I sell to people.  In prior versions of Word, all I had to do to ensure there were no macro security prompts was make sure the tempaltes were installed in the proper trusted directories (global templates in the Word startup folder, document templates in the workgroup folder).  I did not bother with code signing certificates.

    In Word 2010 however, there is a new security model.  I can put the templates in the right location and make sure the folders are trusted and that does alleviate any macro security issues, but there is a new prompt that my cients get the first time they use every single template in the collection.  It basically says the document is from the internet or an unknowns source and are do they want to allow editing?

    I have researched this and found there is a registry setting that can be changed to turn this off, but naturally I can't do that because they may want this setting on for documents that they don't trust.

    Does anyone know how I can deploy a set of Word 2010 templates that contain VBA to people and get around this prompt?  It's very confusing to many of the end users, and creates a bad impression of the templates.

    According to a Security Overview for Word 2010 on Microsoft Technet (http://technet.microsoft.com/en-us/library/cc179050.aspx) The first step is that the application determines whether or not the file is trusted.  THey are in trusted locations but clearly that's not good enough for the first time each file is used. 

    I know that VeriSign and Thawte and now GoDaddy sell "code signing certificates" that work with Word tempaltes -- but I don't know if those mean the code is TRUSTED or if they just protect the files from tampering.  Would one of those solve THIS problem.  I called one place and they said no but I wasn't confident the person helping me knew what I was talking about.

    I really appreciate any help anyone can provide.  I don't want my clients having to individually "trust" every file but I don't want to change their security settings on them either.

    Tuesday, February 8, 2011 12:50 AM