Administering Security

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

On This Page

Scanning for Viruses Before You Open a Project
Setting Macro Security Levels in Microsoft Project
Protecting Project Files and Information

Protecting project data against malicious attacks, such as tampering, espionage, or intentional destruction is important. If your work environment subjects your project files to such threats, you should review the options that can help protect your data. Proper security practices and settings help limit the vulnerability of applications and data to malicious attack. You can use the Custom Installation Wizard and Custom Maintenance Wizard to set some security options, but other options must be selected by each user in order to set a protection method.

Some security options available from within Microsoft® Project include:

• Scanning for viruses before opening files, including checking for a valid certificate for both the file and any macros included in the file.

• Setting macro security levels and defining trusted sources.

• Setting passwords and read/write privileges on Microsoft Project files not saved to a database.

Scanning for Viruses Before You Open a Project

Microsoft Project 2002 allows virus scanning programs to check documents before opening them. When you first open a project, it will be checked by your current virus scanning program before loading into Microsoft Project 2002. There are two types of anti-virus software you can use with Microsoft Project. One type looks at the file as it arrives either from a disk or from over the network; the other type looks at the file whenever it is opened by Microsoft Project. Anti-virus software compatible with the Microsoft Office anti-virus API examines a file when it is being opened by Microsoft Project. If the file is found to have a virus, the user is notified prior to the file being activated and displayed in the work area of the application.

A virus scanning program that can check Microsoft Project 2002 files is registered on the computer when it is installed. This registration enables Microsoft Project to determine how to pass files through the scanning program before they are opened. When you open a Microsoft Project file, a message is displayed in the status bar indicating that the file is being scanned.

Signing Macros Digitally to Verify the Source

Macro viruses are programs written in the macro languages of applications, for example, Visual Basic® for Applications for Microsoft Project. These viruses can do serious harm to programs and data. Without proper precautions, macro viruses can be transmitted to a computer and stored in the global template when an infected project file is opened in Microsoft Project.

Traditional virus protection includes a warning that a file being opened contains macros, with an option to enable or disable the macro when opening that file. Microsoft Project 2002 enhances macro virus protection by allowing macros in documents to be digitally signed. A digital signature consists of binary data that is calculated by applying an algorithm to the original data (in this case, the macro code), and a numeric private key. This private key has a corresponding public key.

When a second algorithm is applied to the digital signature and the public key, that algorithm determines whether the data was signed by a user with access to the private key. The digital signature establishes the authenticity of the data by indicating whether or not the data is from the source that the digital signature claims it to be.

Macro security depends on a certificate being associated with the application's data file or executable code attached to a project. The validation of this certificate requires legitimate authentication of the author who signed the certificate, and authentication of the digital signature created for the author. Attaching a certificate of authenticity to a file, executable, ActiveX® control, dynamic-link library (DLL) file, and so on, requires obtaining a certificate from a certificate authority, such as VeriSign.

Using certificates to sign macros

A certificate is a set of data that completely identifies an entity, and is issued by a certificate authority only after that authority has verified the entity's identity. The data set includes the public key tendered to the entity. The entity obtains a certificate that also includes the private key, so that the certificate can be used to sign data.

A certificate that contains only a public key is called a public certificate. A certificate that contains public and private keys is called a private certificate, or personal certificate. Certificates are automatically installed as needed, and stored in the registry by the operating system.

VeriSign is an example of a certificate authority. You can also produce your own certificates by using Microsoft Windows NT® 4.0, Windows 2000, Windows Millennium Edition (Windows Me), or Windows XP Certificate Services, or by using the Selfcert.exe program. The Selfcert.exe program is installed with the Office Tools/Digital Signatures feature of Office or Microsoft Project.

Types of certificates include the following:

• Identity   Proves user identity when the user is authenticated on a server computer.

• **E-mail **  Digitally signs e-mail content to prove that it was produced by a specific user, and encrypts the content so that it cannot be read or tampered with on a network.

• Code-signing   Digitally signs code to prove that it was produced by a specific publisher; prevents code tampering.

When you sign Microsoft Project 2002 macros, you must use a code-signing certificate. A public version of the certificate is stored with the digital signature in signed files. Personal certificates, which can be used to sign and encrypt the macros because they contain private keys, are also stored on the client computer.

Certificate revocation

By default, the Check for publisher's certificate revocation setting of Microsoft Internet Explorer is disabled. Because Microsoft Project inherits this setting, Microsoft Project will not check for certificate revocation. Administrators can turn this feature on; however, it can take a considerable amount of time to analyze whether a certificate has been revoked, because Internet Explorer has to check a database on the Internet. To enable this setting, select the Check for publisher's certificate revocation check box in the Advanced tab in the Internet Options dialog under the Security section of the tree view control.

Managing certificates with Internet Explorer

You can manage the certificates installed on a computer by using Microsoft Internet Explorer.

To manage certificates by using Internet Explorer 5.01 or higher

1. On the Tools menu, click Internet Options, and then click the Content tab.

1. Click Certificates to display the Certificates dialog box.

1. Use the settings in the Certificates dialog box to manage the personal certificates, public certificates, and list of trusted certificate authorities on your computer.

Using certificate timestamps

Certificates are given expiration dates after which the certificates are no longer valid. Expiration dates are chosen so that the amount of time between the issue date and expiration date of a certificate is too small for anyone to make the required computations to produce a private key from a public key and thereby falsify digital signatures.

If a macro is signed with a certificate after the certificate has expired, the signature is not considered valid. Certificate authorities provide a certified timestamp that can be applied as part of a digital signature when a document is signed. The timestamp proves when the document was signed and can be compared to the expiration date of the certificate to verify that the document was signed before the certificate expired.

You can specify the URL of a timestamp authority for Microsoft Project 2002 to use in the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\VBA\Security

You can specify values for the following entries within this subkey:

• TimeStampURL   String value that provides the URL.

• TimeStampRetryCount   DWORD value that specifies how many times to attempt to connect to the timestamp URL.

• TimeStampRetryDelay   DWORD value that specifies how many seconds to wait between retries of the timestamp URL.

Signing macros by using the Visual Basic Editor

You can sign a Microsoft Project 2002 macro in the Visual Basic for Applications Editor before saving the macro.

To sign a macro in the Visual Basic for Applications Editor

1. With the macro open in the Visual Basic for Applications Editor, click Digital Signature on the Tools menu.

1. Click Choose.

1. In the Select Certificate dialog box, select the certificate you want to use. All personal certificates installed on your computer are listed.

Setting Macro Security Levels in Microsoft Project

Macro security for Microsoft Project can be set to High, Medium, or Low through the Macro Security dialog box of the user interface. It is highly recommended to select High or Medium. Setting the security level to Low allows a macro to run without the knowledge of the user.

The basic definitions of High, Medium, and Low security levels are:

• High security   Macros must be signed by an acknowledged trusted source. Otherwise, macros in documents are automatically disabled without warning to the user when the documents are opened.

• Medium security   Users are prompted to enable or disable macros in documents when the documents are opened.

• Low security   No macro checking is performed when documents are opened and no macro restrictions are imposed. This security level is not recommended because it will not protect against malicious programs.

Default installation settings for security can be controlled by using the Specify Office Security Settings page of either the Custom Installation Wizard or the Custom Maintenance Wizard.

To set the security level in Microsoft Project 2002

1. On the Tools menu, point to Macro, and then click Security.

1. Click the Security Level tab, and then select a security level.

If a system policy for macro security has been set by an administrator, this policy will override any security setting by a particular user. You can set a system policy for macro security levels that override user settings in the following registry key:

HKLM\Software\Policies\Microsoft\Office\10.0\MS Project\Security

Set this registry key with the following information:

• Value name: Level

• Data type: REG_WORD

• Value Data: Low, Medium, or High

Programming-related Security Issue

Macro security in prior versions of Microsoft Project was not enabled — that is, security was set to Low — when Microsoft Project was started by an executable program making a call into the application object. Therefore, any macro would run when Microsoft Project opened a project and instructed it to run a macro, whether that macro was trusted or not.

To address this issue of low security, a new security method was added to all VBA applications called AutomationSecurity. This method can be used with the application object for Microsoft Project.

Example:

Application.AutomationSecurity-msoAutomationSecurityLow

The settings for use with this method are:

• MsoAutomationSecurityLow

• MsoAutomationSecurityByUI

• MsoAutomationSecurityForceDisable

For programmers who need to instruct Microsoft Project applications to open files and run macros, it is recommended that they set the AutomationSecurity method to msoAutomationSecurityByUI prior to opening a file, to conform to the security level set for the application by the user. For instances where high security is required, use the msoAutomationSecurityForceDisable setting to disable the running of any macros.

Using Trusted Sources

Using trusted sources is a means of cataloging and allowing signed executables to run on users' computers. With this feature enabled, users can choose whether to allow executable code or programs to run from sources that can be identified or trusted.

Administrators have the option of turning the trusted sources feature off, or enabling a list of trusted sources as a default. If this feature is selected, any future installable code (add-ins, applets, executables, and so on) is automatically copied to, or run from, the user's computer.

The trusted sources feature requires that a special embedded certificate be applied to an executable. This certificate includes a digital signature that identifies the source, providing assurance to the user because of the rigorous method required to apply a certificate and digital signature to an executable.

A digital signature is like a seal of approval. The signature ensures that code is from the source listed in the certificate used to sign it, and ensures that the code has not been tampered with since it was signed by the creators of the certificate. A digital signature requires developers or creators of code to identify themselves and attach their name to the digital signature. In this way, a digital signature can be used to prove that the data or code is really from the user or source that the digital signature claims it to be.

Specifying trusted sources in Microsoft Project

When users open a document that contains digitally signed macros and their security level is set to High or Medium, they are prompted to trust the source if the digital signature has not been previously trusted. If they choose to trust the source, any document with a macro with that same digital certificate automatically runs its macros. If they accept the digital signature from that source, any time a new macro, program, or applet with that digital signature is asked to run on the computer, the source is trusted and the code will run automatically (without prompting), regardless of the security level set for the application.

You have the option to trust all currently installed add-ins and templates on a computer, so that all files installed along with Microsoft Project or added to the Office templates folder are trusted, even though the files are not signed.

To specify trusted sources in Microsoft Project

1. On the Tools menu, point to Macro, then click Security.

1. Click the Trusted Sources tab.

1. To trust all add-ins and templates currently installed on the computer, select the Trust all installed add-ins and templates check box.

Presetting trusted sources for all users in your organization

To preset trusted sources on users' computers, you can use the Profile Wizard to save your security settings. On a computer that has Microsoft Project 2002 installed, open projects with macros signed by the sources you want to trust. Choose to trust the sources as you open each project.

Use the Profile Wizard to create an OPS file based on your configuration. Then, use the Custom Installation Wizard to include your OPS file on the administrative installation point. When users run Microsoft Project 2002 Setup from the administrative installation point, the sources that you specified as trusted sources are also specified as trusted sources on their computers.

Protecting Project Files and Information

Microsoft Project 2002 supports three levels of file protection. The user who creates a file has read/write permission to a Microsoft Project file and controls the protection level.

The three levels of file protection are:

• File open protection   Microsoft Project 2002 requires the user to enter a password to open a file.

• File modify protection   Microsoft Project 2002 requires the user to enter a password to open the file with read/write permission.

• Read-only recommended protection   Microsoft Project 2002 prompts the user to open the file as read-only. If the user clicks No at the prompt, the file is opened with read/write permission, unless the file has other password protection.

Microsoft Project does not use the symmetric encryption routine known as 40-bit RC4. It uses an XOR-based encryption scheme when saving a file with password protection. Additionally, users cannot protect elements within a Microsoft Project 2002 file, but must use password protection to protect the entire file. For highest-level security for Microsoft Project files, users can use their operating system's security features.

Password-protection Options for Microsoft Project

You can password-protect a Microsoft Project file, as long as you are not saving it to Microsoft Project Server. When you are saving the file, in the Save As dialog box, click Tools, and then click General Options. In the Save Options dialog box, you can enter a protection password and a write reservation password.