Suppressing Outlook's security warning about object model access

[Vadim]

Hi all.

The security warning I get is: "A program is trying to access e-mail
addresses you have stored in Outlook. Do you want to allow this?" each time
we loop through the Item.Recipients collection inside Item_Open() event
handler of our custom form (based on IPM.Appointment) even if I do NOT
retrieve email addresses of the recipients.

Modifying the "Outlook object model" setting on the "Programmatic Settings
tab" is unfortunately out of the question.

Our solution consists of an Outlook COM Add-in and a custom form.
As far as I understand, there is no way to create "trusted" custom forms,
right?
Is there any other way to suppress the above warning except this one:
- register my COM Add-in. DLL as "trusted" on the Exchange server
- forward Item's EntryID to my Add-in's .DLL from my custom form
- find the same inside the Add-in's .DLL using the trusted "Application"
root object
- pass it back to my custom form and iterate over the Recipients
collection of the Item object that was accessed from the "trusted" root.
Is this even accurate?
Also, what are the steps to "trust" a Com add-in?
Do I need some sort of digital certificates for this?

Thank you in advance,

Vadim Mesonzhnik.

 

[Ken Slovak - [MVP - Outlook]]

Published Outlook forms are trusted in Outlook 2003, you don't mention which
versions of Outlook you're targeting. You must derive all of your Outlook
objects in form code from the intrinsic Application and Item objects,
otherwise your objects will not be trusted.

COM addin code in Outlook 2003 and later is also trusted, except for .NET
addins. Again with the caveat that all Outlook objects are derived from the
Application object passed to you in the OnConnection event from
IDTExtensibility2. You don't mention what language platform you're using for
addin development, so I can't provide any other details.

For general information about the security and using the Exchange security
form see http://www.outlookcode.com/d/sec.htm

 

[Vadim]

Hi Ken.

Thank you for the prompt response.

I use VB 6.0 for the COM Add-in.
In COM Add-in all object are derived from the Application object I get in
the OnConnection event.
The only problems I encounter are with the form's script where I use only
the intrinsic Item object.
Versions: Exchange 2003 and Outlook 2000-SP3.

Also, are you saying that on Outlook 2003 all published forms are always
trusted regardless of "Outlook object model" setting on the "Programmatic
Settings tab"?

Thanks again,

Vadim Mesonzhnik.

 

[Ken Slovak - [MVP - Outlook]]

What Programmatic Settings tab?

Any Exchange security form would take precedence over anything else. So if
something is disabled there it takes precedence.

Select Tools, Macro, Security and go to the Trusted Publishers tab. See if
the checkbox for trusting installed forms and COM addins is checked.

In Tools, Options, Other tab, Advanced Options button see if the allow
script in shared folders and allow script in public folders settings are
checked, if your code should be running in delegate mailboxes and/or public
folders.

Did you look at that link I provided?