Outlook macro deployment.

Forums › IT Pro and developers › Outlook macro deployment.

stevenz

2802 posts

Uber Geek
+1 received by user: 125

#108439 29-Aug-2012 14:13

I've put together a custom macro using a small amount of VBScript that just puts a custom toolbar into the Outlook 2010 ribbon with a bunch of links to forms templates in it which is designed to make things easier for people. There's also a calendar cleanup script in there that removes attachments from old emails to save space in their Exchange mailbox.

Now, while this all works perfectly on my machine, as soon as I install the files needed and try using it for someone else, it complains about signing issues.

From what I can see, the only way to deploy this in a universally signed form involves creating a "proper" add-in using the commercial Visual Basic application. There's 2 key problems with this;

a) I'd really like to deploy this without needing to also deploy extra runtime libraries
b) I don't have Visual Basic. (The Express version doesn't seem to support the modules I need)

I've deployed essentially the same thing to Word and Excel with no problems whatsoever, but Microsoft seem to have implemented some arbitrary requirement that prevents me from doing it in Outlook. Has anyone got any bright ideas or am I out of luck?

@KnightNZ

gzt

18676 posts

Uber Geek
+1 received by user: 7809

Lifetime subscriber

#678885 29-Aug-2012 18:06

Are you sure you need VB to sign? Does the self sign tool not come with office?

http://www.howto-outlook.com/howto/selfcert.htm

How many machines do you need to deploy to? Other option is an enterprise CA I guess.

[Edit: other option is lowering security to avoid warnings but not desirable]

stevenz

2802 posts

Uber Geek
+1 received by user: 125

#679652 31-Aug-2012 11:44

Well, ideally I'd want to deploy it firmwide to approx 900 systems.

There is a self-sign tool but it doesn't seem to do it in such a way that it gets around the existing macro security which is fixed by GPO. We've had a 3rd party write a similar tool but despite the fact that it does work (given that it's a "proper" add-in) their implementation is a massive kludge and I don't like deploying it in the way it's been provided. Unfortunately, I've got enough authority to deploy a good alternative, but not enough to get them to do it "properly" due to relative costings.

I might look at seeing if there's a way we can slap a global cert onto it from further up the line.

@KnightNZ

gzt

18676 posts

Uber Geek
+1 received by user: 7809

Lifetime subscriber

#679722 31-Aug-2012 13:19

Yeah, self sign is local system only. No use for 900 machines.

Another option could be buying cert from a recognised authority (one included in the standard windows root certs) if that is a clearer path than using an enterprise CA. Some may have trial certificates so you can see what the effect is.

Do you still get the warning on the system you self signed on? IIUC you should only get the warning the first time it is used on that system (certificate accept).

The only correct way to avoid the warning completely for all users is adding to the trusted publishers list with GPO. Pretty sure your admin could add a self signed certificate to that list if you really wanted to. This can be seen as breaking trust relationships so your admin may not be too keen. Back to an enterprise CA again.

I've done a few things with activex signing and ssl but not heavily involved in office. Hope this helps.

Is there a cert for the developer you mentioned earlier in the trusted publishers list?