macros in Office 2007 (and in office 2003) with self-signed certificates

[sm1]

We are planning to deploy office 2007. I am concerned about the macros that
are in office 2003. How the macros will behave in office 2007? Will I have
some problems with macros created in office 2003 while using office 2007?
Only enterprise version is used.

Also, would self-signed macros created in Office 2007 work in Office 2003
products? i.e.: certain departments would convert to office 2007 at a later
time then others.
Would some one be able to point me to the self-signed certificate issues
between Office 2007 and Office 2003 if there is?

In addition, if I reimaged my system, would I loose self-signed macros in
Office 2007? How could I ensure that my certificates are backed up and and
after a reimaging I would not need to import some one else's certificate
again to let the macros run automatically without changing macro security in
Office 2007 for the trusted published like myself or my peers?

Overall, how much concern should be taken during the deployment of Office
2007 for the macros?

Any help would great.

 

[Beth Melton]

Macros in Office 2003 should run fine in Office 2007. I say "should" because
it really depends on the extent of the macros and if they are coded
properly. So far I haven't encountered any difficulty with those I've
created but there's always the possibility.

Regarding your question on using a "self-signed" digital signature. If you
are using SelfCert to create a digital signature it's intended to be used
for your macros on your computer. It wasn't designed to be used like a
digital certificate issued by a certifying authority. With that in mind, if
you sign a Word document using a SelfCert digital signature (in any version
of Word) and if the digital signature isn't installed on the computer then
in Word 2007 macros will be disabled and you will not be able to enable
them.

Now, if you install the digital signature this will not occur, however the
digital signature will be considered a Trusted Root Certificate, not merely
a Trusted Publisher for Office documents containing macros. So if security
is a concern, and it sounds like it is, I wouldn't recommend taking this
route. However, if you choose to take it anyway, you backup/import the
digital signature using the same method as previous versions.

As an alternative, place the templates (without a SelfCert digital
signature) in either the User Templates folder or Workgroup Templates folder
(if the template location is on a network). The User Templates location is
automatically trusted and you can add the Workgroup Templates location as a
trusted location in the Trust Center. This was you can keep your Macro
Security set to High but your macros will be allowed to run.

~~~~~~~~~~~~~~~
Beth Melton
Microsoft Office MVP
https://mvp.support.microsoft.com/profile/Melton
What is a Microsoft MVP? http://mvp.support.microsoft.com/gp/mvpfaqs

Guides for the Office 2007 Interface:
http://office.microsoft.com/en-us/training/HA102295841033.aspx

 

[sm1]

Thanks. It is a great info.
How about if a department wants to use a cetificate issued by Verisign or
other vendor? As an administrator how could I distribute that certificate to
the users to use the macros with the least user interaction?
Any possible options would interest me.

Also, is there is way to avoid the import action of the digital certificate
while we are doing a rollout without using a trusted location? Is there a
good scenario for desktop rollout regarding macros that are signed in Office
2003 and will move to a new OS and Office 2007?