VSTO add-in and Outlook 2003

[Damien]

Hi all,

I’ve created a VSTO project and have set the security rights for the
assemblies to full trust in the project. To make sure these settings are
working I have installed the add-in onto a users pc and then installed
Microsoft .NET Framework 2.0 Configuration. This shows that under Users, All
code groups and shows the project having full trust.

The add-in does not run in outlook. When you go to Tools, Options, click
Other, Advanced Options and then COM Add-ins there is no tick next to the
add-in and under Load Behaviour there is a message that says: “Not loaded.
Certificate of signed and loads at startup COM Addin is not in trusted source
listâ€.

I’ve discovered that this is talking about the addinloader.dll that is
installed from vstor.exe.

If you put a tick in “Trust all installed add-ins and templates†(under
tools, macro, security, trusted Publishers) then it works fine. Out network
manager does not want to do this though as this will open us up to security
risks.

Could someone please help me as I am currently banging my head against a
brick wall… Am I missing something simple?!?!

Thank you for all your time

Damien

 

[Ken Slovak - [MVP - Outlook]]

Look at the information about deploying VSTO addins on the VSTO page at
www.outlookcode.com, it's a complex process.

 

[Peter Huang [MSFT]]

Hi Damien,

This is a known issue.
Here is the detailed information for this issue.

Symptoms
=============================
When you attempt to load an Outlook 2003 add-in created with Visual Studio
2005
Tools for the Microsoft Office System and the Outlook security setting is
set to
"High" or "Very High" and "Trust all installed add-ins and templates" is
not
selected the add-in will silently fail to load.

Cause
=============================
Custom Outlook 2003 add-ins created with Visual Studio 2005 Tools for
Office depend
on a proxy shim DLL that accompanies the Visual Studio 2005 Tools for
Office
runtime. This proxy DLL, named AddinLoader.dll, is located in following
directory:
C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0.

When Outlook attempts to load the custom add-in its load sequence occurs
via
AddinLoader.dll. Thus, Outlook must first evaluate AddinLoader.dll in the
context
of the Outlook security settings. This DLL is not signed and when Outlook
security
settings are set to "High" and "Very High" and "Trust all installed add-ins
and
templates" is unchecked, Outlook will not allow the DLL to load because it
is not a
trusted source. Consequently, your custom add-in will also fail to load.

So far the workaround is to enable the "Trust all installed add-ins and
templates".
=============================
For Outlook 2003 to trust AddinLoader.dll you can select the "Trust all
installed
add-ins and templates" checkbox or lower the Outlook security settings to
"Medium".
When "Trust all installed add-ins and templates" is selected, all add-ins
installed on the local computer will be trusted without regard for the
Outlook
security settings.
To select the "Trust all installed add-ins and templates" checkbox, follow
these
steps:
1. On the Tools menu, point to Macro, and then click Security.
2. Click the Trusted Sources tab.
3. To trust all add-ins and templates currently installed on the computer,
select
the "Trust all installed add-ins and templates" check box.
4. Quit Outlook and quit Word if you are using Word as the e-mail editor.
5. Restart Outlook.
To alter the Outlook security settings, follow these steps:
1. On the Tools menu, point to Macro, and then click Security.
2. Select the Medium security setting, and then click OK.
3. Quit Outlook and quit Word if you are using Word as the e-mail editor.
4. Restart Outlook.
5. A warning dialog box appears when Outlook begins to load the add-in.
6. When the security warning appears, the first line displays the file name
and
location of the executable Outlook is attempting to load. Click Enable
Macros to
enable the Outlook add-in.

Note: Setting Outlook security to "Low" is not recommended, because Outlook
will
then allow all macros and executables to run, including potentially
malicious
code.


Also here are some articles about the Office 2003 security setting. You can
discuss with your network admin to evaluabe the security and risk.

Selecting the Trust all installed add-ins and templates check box will
allow all COM add-ins that have been installed in the registry (which
requires administrative privileges) or macros that are stored in your
personal or workgroup locations to run, regardless of whether they are code
signed or not. It should also be noted that end-users do not need
administrative privileges to install macros to certain template and startup
folders. Examples of these locations in Word are:
1) \Documents and Settings\<user name>\Application
Data\Microsoft\Word\STARTUP
2) \Documents and Settings\<user name>\Application Data\Microsoft\Templates

e.g. The Admin can use other security solution e.g. NTFS to control the
EndUser access to the special folder.

Enable or Disable Trust All Installed Add-ins and Templates [Office 2003
SDK Documentation]
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/stagsdk/htm
l/stconEnableDisableTrustInstalledAddIns_HV01082172.asp

Office 2003 Security Options Matrix [Office 2003 SDK Documentation]
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/stagsdk/htm
l/stconSecurityMatrix_HV01082171.asp


Best regards,

Peter Huang

Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Damien]

Thank you for all your time.

Damien

Hi Damien,

This is a known issue.
Here is the detailed information for this issue.

Symptoms
=============================
When you attempt to load an Outlook 2003 add-in created with Visual Studio
2005
Tools for the Microsoft Office System and the Outlook security setting is
set to
"High" or "Very High" and "Trust all installed add-ins and templates" is
not
selected the add-in will silently fail to load.

Cause
=============================
Custom Outlook 2003 add-ins created with Visual Studio 2005 Tools for
Office depend
on a proxy shim DLL that accompanies the Visual Studio 2005 Tools for
Office
runtime. This proxy DLL, named AddinLoader.dll, is located in following
directory:
C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0.

When Outlook attempts to load the custom add-in its load sequence occurs
via
AddinLoader.dll. Thus, Outlook must first evaluate AddinLoader.dll in the
context
of the Outlook security settings. This DLL is not signed and when Outlook
security
settings are set to "High" and "Very High" and "Trust all installed add-ins
and
templates" is unchecked, Outlook will not allow the DLL to load because it
is not a
trusted source. Consequently, your custom add-in will also fail to load.

So far the workaround is to enable the "Trust all installed add-ins and
templates".
=============================
For Outlook 2003 to trust AddinLoader.dll you can select the "Trust all
installed
add-ins and templates" checkbox or lower the Outlook security settings to
"Medium".
When "Trust all installed add-ins and templates" is selected, all add-ins
installed on the local computer will be trusted without regard for the
Outlook
security settings.
To select the "Trust all installed add-ins and templates" checkbox, follow
these
steps:
1. On the Tools menu, point to Macro, and then click Security.
2. Click the Trusted Sources tab.
3. To trust all add-ins and templates currently installed on the computer,
select
the "Trust all installed add-ins and templates" check box.
4. Quit Outlook and quit Word if you are using Word as the e-mail editor.
5. Restart Outlook.
To alter the Outlook security settings, follow these steps:
1. On the Tools menu, point to Macro, and then click Security.
2. Select the Medium security setting, and then click OK.
3. Quit Outlook and quit Word if you are using Word as the e-mail editor.
4. Restart Outlook.
5. A warning dialog box appears when Outlook begins to load the add-in.
6. When the security warning appears, the first line displays the file name
and
location of the executable Outlook is attempting to load. Click Enable
Macros to
enable the Outlook add-in.

Note: Setting Outlook security to "Low" is not recommended, because Outlook
will
then allow all macros and executables to run, including potentially
malicious
code.


Also here are some articles about the Office 2003 security setting. You can
discuss with your network admin to evaluabe the security and risk.

Selecting the Trust all installed add-ins and templates check box will
allow all COM add-ins that have been installed in the registry (which
requires administrative privileges) or macros that are stored in your
personal or workgroup locations to run, regardless of whether they are code
signed or not. It should also be noted that end-users do not need
administrative privileges to install macros to certain template and startup
folders. Examples of these locations in Word are:
1) \Documents and Settings\<user name>\Application
Data\Microsoft\Word\STARTUP
2) \Documents and Settings\<user name>\Application Data\Microsoft\Templates

e.g. The Admin can use other security solution e.g. NTFS to control the
EndUser access to the special folder.

Enable or Disable Trust All Installed Add-ins and Templates [Office 2003
SDK Documentation]
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/stagsdk/htm
l/stconEnableDisableTrustInstalledAddIns_HV01082172.asp

Office 2003 Security Options Matrix [Office 2003 SDK Documentation]
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/stagsdk/htm
l/stconSecurityMatrix_HV01082171.asp


Best regards,

Peter Huang

Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.