[Beth Melton]

I'm aware of the "workaround" included in the article but it's not one I
would ever recommend. If you elect to install a SelfCert you are installing
it as a Trusted Root Certificate, not merely a Trusted Publisher for
documents/templates containing macros. Which, btw, I'm not sure if this
still works for Word 2007 in light of the security concerns - there's a
reason they elected to prevent the enabling of macros on documents signed
with a SelfCert.

FWIW, I've had several discussions with Microsoft regarding this very topic
and was told the inability to enable macros is by design. My position is
they shouldn't make SelfCert available if that's how it's going to work (it
doesn't make sense that documents/templates containing macros and no attempt
to authenticate can be enabled) -- and I think it provides a false sense of
security because recipients may not understand how a Digital Signature
should actually work. Not to mention folks simply disregard the warnings
they include, such as "Windows will automatically trust any certification
issued by this CA. Installing a certificate with an unconfirmed thumbprint
is a security risk." This message appears when you install someone's
SelfCert. (I'm sure those doing the installing are told, "Just click through
it", right? ;-) )

If you are uploading templates to a web site then what you really need is a
real Digital Signature -- one authenticated by a Certificate Authority.
Someone could easily create a SelfCert using your information obtained from
the SelfCert and use it maliciously, such as modify your templates and
re-sign them using a forged SelfCert. Note that all someone needs is a copy
of your SelfCert for the forgery and if it's available on a web site it
makes it easy to access. I personally wouldn't install someone's SelfCert on
my computer or use it as a means of authentication for that matter. The
whole purpose of a Digital Signature is a guarantee of authentication and a
SelfCert doesn't offer that. (I suspect if the school board were aware of
the fact that a SelfCert doesn't offer any real security they wouldn't
approve the process.)

If you are providing instructions on how to install the SelfCert then why
not offer instructions for how to place the template in their Trusted
Templates (User Templates) folder instead?

I know this isn't the answer you want to hear but if true security is a
concern it's the only answer. :-)

Please post all follow-up questions to the newsgroup. Requests for
assistance by email cannot be acknowledged.

~~~~~~~~~~~~~~~
Beth Melton
Microsoft Office MVP

Coauthor of Word 2007 Inside Out:
http://www.microsoft.com/MSPress/boo...x#AboutTheBook

Word FAQ: http://mvps.org/word
TechTrax eZine: http://mousetrax.com/techtrax/
MVP FAQ site: http://mvps.org/

"Kim K" wrote in message
...
Beth,

Thanks for replying, however your suggestions will not work for my
situation. The forms will need to be uploaded to a state run web site and
utilized by nearly 10 other school districts. This is not a problem for
my
office 03 users and I am still testing on my machines before releassing to
the school boards for final approval.

I need a way to be able to use my templates (.dot format) with macros to
run
in 07 without taking off macro security.

BTW - I used this as a reference -
http://pubs.logicalexpressions.com/P...cle.asp?ID=194
--
Thanks,,
Kim


"Beth Melton" wrote:

Unfortunately, what you are doing wrong is using SelfCert as an attempt
to
authenticate your work for others. SelfCert is intended to be used on an
individual computer, so you can certify your own files, not for others to
use for certification. As you found, as of Word 2007, if SelfCert was
used
for the digital certificate then macros cannot be enabled at all.

The rationale behind this is a SelfCert digital signature cannot be
authenticated since it wasn't issued by a Certification Authority (CA).

If you are creating templates for others then place the templates
(without a
SelfCert digital signature) in either the User Templates folder or
Workgroup
Templates folder (if the template location is on a network). The User
Templates location is automatically trusted and you can add the Workgroup
Templates location as a trusted location in the Trust Center.

"Kim K" wrote in message
...
I have created templates with macros and a digital certificate for my
projects. I need to open these on multiple systems for multiple users
which
is why I created the dig cert, to be able to have the user install teh
cert
and trust macros from "this publisher". However in my office 2007
machine, I
keep getting the macrs have been disabled - and even when I install teh
cert
I still ge the macros are disabled. In teh trust center there are no
trusted
publishers, what am I doing wrong?
--
Thanks,,
Kim