Manage trusted add-ins for Outlook 2010

 

Applies to: Office 2010

Topic Last Modified: 2012-01-27

Banner stating end of support date for Office 2010 with link to more info

You can use Group Policy to specify the Component Object Model (COM) add-ins that are trusted in Microsoft Outlook 2010.

If you use default Outlook 2010 security settings, all Component Object Model (COM) add-ins that are installed in Outlook 2010 are trusted by default. If you customize security settings by using Group Policy, you can specify COM add-ins that are trusted and that can run without encountering the Outlook object model blocks.

In this article:

  • Overview

  • Before you begin

  • Get the hash value for a trusted add-in

  • Specify the trusted add-in by using Group Policy

  • Remove the Security Hash Generator Tool

Overview

To trust a COM add-in, you include the file name for the add-in in a Group Policy setting that uses a calculated hash value for the file. Before you can specify an add-in as trusted by Outlook, you must install the Microsoft Office Outlook 2007 Security Hash Generator Tool to calculate the hash value.

The Office Outlook 2007 Security Hash Generator Tool runs on 32-bit Windows systems and can be used to calculate the hash value for Outlook 2010 add-ins. You cannot run the Office Outlook 2007 Security Hash Generator Tool on 64-bit Windows systems.

Before you begin

For more information about how to download the Outlook 2010 administrative template, and about other Office 2010 administrative template files, see Office 2010 Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool. For more information about Group Policy, see Group Policy overview for Office 2010 and Use Group Policy to enforce Office 2010 settings.

For information about how to work with Outlook 2010 COM add-ins and how to customize other security settings, see Choose security and protection settings for Outlook 2010.

For more information about how to use the Office Outlook 2007 Security Hash Generator Tool, see Tips for using the Outlook 2007 Security Hash Generator Tool (https://go.microsoft.com/fwlink/p/?LinkId=185017).

Get the hash value for a trusted add-in

To add a trusted add-in by using Group Policy, you must install and run the hash calculation program to calculate the hash value for the Group Policy setting, Configure trusted add-ins.

To get the hash value for a trusted add-in

  1. From the Microsoft Download Center, download the Outlook 2007 Tool: Security Hash Generator (https://go.microsoft.com/fwlink/p/?LinkId=75742).

  2. Extract the contents to a local folder (such as C:\Hashtool).

  3. Run the command prompt for your computer: Click Start, All Programs, Accessories, Command Prompt.

    Windows Vista requires an additional step: Right-click Command Prompt, and then select Run as administrator.

  4. Change directories to the folder where you extracted the hash tool files.

  5. Type the following command, and then press ENTER:

    createhash.bat /register

    (This step needs to be completed only once.)

  6. Type the following command, and then press ENTER:

    createhash.bat <filename>

    Where <filename> is the full path and file name of the add-in file that you are creating the hash number for. There should be no spaces in the file path or file name. If there is, make a copy of the add-in DLL and put it in a folder that has no spaces in the file path or use the short file name and path (8.3 path). The hash is based on the registered DLL and not the location of the DLL.

  7. Press ENTER.

  8. Copy and save the value that is displayed on the screen to the clipboard. This is the value that you will add to the Group Policy setting (see the following procedure).

Specify the trusted add-in by using Group Policy

Once you have generated the hash value for the add-in, you must specify the add-in as trusted by entering in Group Policy the value generated by the program, paired with the add-in file name.

To specify the trusted add-in by using Group Policy

  1. In Group Policy, load the Outlook 2010 template (Outlk14.adm) and go to User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Trusted Add-ins.

  2. Double-click Configure trusted add-ins, and then click Enabled.

  3. Click Show.

  4. In the Show contents dialog box, click Add.

  5. In the Add item dialog box, in the Enter the name of the item to be added field, type the file name of the COM add-in.

  6. In the Enter the value to be added field, paste the hash value of the COM add-in that you saved when you ran the hash value calculation program.

  7. Click OK three times.

The COM add-in can now run without prompts for Outlook 2010 users who use this security setting.

To remove a file from the list of trusted add-ins, update the Group Policy setting by deleting the entry for the add-in.

Remove the Security Hash Generator Tool

You can remove the Office Outlook 2007 Security Hash Generator Tool by unregistering the CreateHash.bat file and deleting the extracted files.

To remove the Security Hash Generator Tool

  1. Run the command prompt for your computer: Click Start, All Programs, Accessories, Command Prompt.

    Windows Vista requires an additional step: Right-click Command Prompt, and then select Run as administrator.

  2. Change directories to the folder where you extracted the hash tool files.

  3. Type the following command, and then press ENTER:

    createhash.bat /unregister

  4. Delete the extracted files from the folder.