Manage trusted add-ins for Outlook 2007
Updated: April 9, 2009
Applies To: Office Resource Kit
If you use default Microsoft Office Outlook 2007 security settings, all Component Object Model (COM) add-ins installed in Office Outlook 2007 are trusted by default. If you customize security settings by using Group Policy, you can specify COM add-ins that are trusted and that can run without encountering the Outlook object model blocks.
To trust a COM add-in, you include the file name for the add-in in a Group Policy setting with a calculated hash value for the file. Before you can specify an add-in as trusted by Outlook, you must install a program to calculate the hash value.
To compute the hash value for a trusted add-in
Download the hash calculation program - the Outlook 2007 Security Hash Generator Tool - from the Microsoft Office Download Center.
Extract the contents to a local folder (such as C:\hashtool).
Run the command prompt for your computer: Click Start, All Programs, Accessories, Command Prompt.
On Windows Vista requires an additional step. Right-click Command Prompt, then select Run as administrator.
Change directories to the folder where you extracted the hash tool files.
createhash.bat /registerand press Enter. (This step needs to be completed only once.)
createhash.batfilename where filename is the full path and file name of the add-in file you are creating the hash number for. Note that the CreateHash.bat tool will not work if the path to the DLL you are using contains spaces. Copy the DLL to a location (for example, C:\Temp\MyDLL.dll), and use this path to generate the hash number.
Copy and save the value that is displayed on the screen to the clipboard. This is the value that you will add to the Group Policy setting (see the following procedure).
Specify the add-in as trusted by entering in Group Policy the value generated by the program, paired with the add-in file name.
The Outlook template and other ADM files can be downloaded from 2007 Office System Administrative Templates (ADM) on the Microsoft Download Center.
To specify the trusted add-in in Group Policy
In Group Policy, load the Office Outlook 2007 template (Outlk12.adm) and go to User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Trusted Add-ins.
Double-click Configure trusted add-ins, and click Enabled.
In the Show contents dialog box, click Add.
In the Add item dialog box, in the Enter the name of the item to be added field, type the file name of the COM add-in.
In the Enter the value to be added field, paste the hash value of the COM add-in that you saved when you ran the hash value calculation program.
Click OK three times.
The COM add-in can now run without prompts for Office Outlook 2007 users who use this security setting.
To remove a file from the list of trusted add-ins, update the Group Policy setting by deleting the entry for the add-in.
Working with Outlook COM add-ins
A COM add-in should be coded so that it takes advantage of the Outlook trust model in order to run without warning messages in Outlook. Users might continue to see warnings when they access Outlook features that use the add-in, such as when they synchronize a hand-held device with Outlook on their desktop computer.
However, users are less likely to see warnings in Office Outlook 2007 than in previous versions of Outlook. The Object Model (OM) Guard that helps prevent viruses from using the Outlook Address Book to propagate themselves is updated in Office Outlook 2007. Outlook checks for up-to-date antivirus software to help determine when to display address book access warnings and other Outlook security warnings.
If the user continues to see security prompts after the add-in is included in the list of trusted add-ins, you must work with the COM add-in developer to resolve the problem. For more information about coding trusted add-ins, see Important Security Notes for Microsoft Outlook COM Add-in Developers.
If you enforce customized Outlook security settings with the Microsoft Exchange Server security form published in an Exchange Server public folder, you can learn how to trust COM add-ins. Scroll down to the Trusted Code tab section in the Microsoft Office 2003 Resource Kit topic, Outlook Security Template Settings.
To use Group Policy instead of the Exchange security form to configure trusted add-ins, you must first configure the method that Outlook uses for security settings correctly. For more information about setting the Outlook security settings method, see Specify the method Outlook uses to manage virus prevention features.