I have made a VBA script in an Excel file. I don't want to allow all scripts to run because of security reasons so I set my Excel to work with Disable all macros except digitally signed macros Then I made a signature and signed my script. still when I try to run it, I get the following message:
Because of your security settings, macros have been disabled.
To run macros, you need to re-open this workbook, and then choose to enable macros
I would really not like to allow unrestricted use of maros, is there really no other way of using my own macro?
EDIT: I forgot to mention that I'm using Microsoft Office Excel 2007 12.06.6771.5000
You need to be sure that the VBA of the workbook is digitally signed correctly. If you open the VB-Editor and choose from menu Extras › Digital Signature it must show a certificate name in both positions.
The certificate needs to be trusted. Therefore see in Excel Options › Trust Center › Button "Preferences for Trust Center" and see if your certificate is within the list of Trusted Publishers. If it is not you need Windows to trust this certificate.
See here how to trust SSL certificate to local system account.
Related
After moving into a new desktop with Outlook 2019 installed, my VBA Macros wouldn't run. It was failing silently. Finally I triggered this error message:
An error occured while attempting to verify the VBA project's signature. Macros will be disabled.
And the VBA editor states:
The macros in this project are disabled…
I tried answers Microsoft Outlook 2013: Error verify VBA project signature, but the information is outdated.
The advice given by Signing your own macros with SelfCert.exe worked fine. I’m not going to duplicate the write-up, which has excellent visual aids. Here’s what I learned in my own words. Maybe this will help you avoid wading through the whole article. (That’s not to say it’s hard to read.)
Here are the steps:
Create a self-signed certificate
Sign the macro with the certificate
Verify your Outlook security settings
Run for the first time
Here are more details.
One needs to have a certificate to digitally sign one’s macros. For most of us, that means creating a self-signed certificate, which is probably why you searched for an answer to this problem. Office has a utility to do this. I have the 64-bit version of Office, so I ran C:\Program Files\Microsoft Office\root\Office16\SelfCert.exe (see the article I linked to for other versions).
In the VBA Editor (ALT+F11) where you created the macro, choose:
Tools-> Digital Signature…
You should see that the current VBA project isn’t signed yet. That’s the problem. Unlike 2013, when you press the Choose… button you’ll get a screen to select the certificate you just created. (Installation was automatic.)
Next navigate:
File-> Options-> Trust Center-> Trust Center Settings…-> Macro Settings
Ensure this option is selected: Notifications for digitally signed macros, all other macros disabled
Restart Outlook. When you exit, you’ll be prompted to save changes to your VBA project. Choose “Yes”.
When you run your newly-signed macro the first time, you’ll be notified. Select that you’ll always trust the macros or documents from this publisher and you won’t be prompted again.
We use VBA macros in our company on every computer where Outlook is installed. Macros are digitally signed with a certificate to ensure security. This certificate is generate through the selfcert.exe application. When we add the digital signature on the VBA project (which contains the macros) in Outlook we choose the certificate generated previously and we check that Outlook options in the 'Trust Center Settings' are defined on 'Disable all macros except digitally signed macros'. Next, the first time we launch Outlook and run a macro, we got a message to confirm with 3 buttons: 'Trust all documents from this publisher', 'Enable Macros', 'Disable Macros'. We always choose to trust all to avoid getting this message again next time. This is working pretty well since several years on every machine.
Some weeks ago, someone complains about random freeze of Windows 10. The IT support solved this issue but unfortunately a new problem appeared: Outlook macros are always disabled on this machine. I am pretty sure this new problem is due to the previous freeze of Windows. I also read someone somewhere which crashed the disk and then Outlook macros got disabled.
What I already tried:
Remove/Add the certificate again
Create a new certificate to sign my macros
Renaming the VBA module containing the macros
Deleting the VBA module and creating it again
None of these actions worked. Macros are still disabled.
The temporary solution for now is to change the Trust Center Settings options by enabling all macros. But I cannot accept this workaround which is potentially dangerous.
I already search hours on Google and tried suggestions without luck.
Looks like your machine is corrupted. Try to repair Outlook or Office.
Be aware, you need to install a self-signed certificate as a trusted root CA in Windows. See Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista for more information.
Also you may find the Odd behaviour with macros being disabled forum thread helpful. It states the following:
I could reproduce the issue in Outlook 2013 (C2R 15.0.4927.1002). The macro would be disabled if I set 'Notifications for digitally signed macros, all other macros disabled' and i have added the CA into Trusted Publisher and Trusted Root CA list. The issue doesn't exist in Outlook 2016, I would suggest you use Outlook 2016 if you don't want to enable all macros. Besides, I suggest you submit your feedback on Outlook User Voice: https://outlook.uservoice.com/
Please read all points below before attempting to answer the question
I'm at the end of my wits and the macros should run based on my settings.
My Trust Center Setting is "Notifications for all signed macros, all other macros disabled." I am unable to change these settings because centralized IT sets them.
I stuck it to centralized IT, signed my own macros and added myself to Trusted Publishers. The macros worked well for several weeks.
Yesterday afternoon, my macros suddenly stopped working. My trust center remains the same and the Trusted Publishers list remains the same - the publisher of my certificate still appears there.
I double checked the macros were signed - removed all my code and just tried a MsgBox that said "Test" - even that wouldn't work.
I resolved this issue by signing the project with a new certificate.
Strangely, the first time I tried this it did not work. I either missed the message indicating that it was a new certificate and to trust the publisher or it was a weird glitch.
Either way I am back to writing and running macros with glee!
We are developing a macro to be used by customer organizations. Is it possible to get rid of the macro security warning messages by signing the macro file with a Digital signature?
We already have a code signing certificate from Comodo but when I opened the signed macro file in another computer (an old mac) it still gave the warnings. Was it because we didn't do something right or because it is not possible to get rid of the warning at all.
It still hinges on the security settings on the computer which is opening the code. There is an option in there Disable all macros except digitally signed macros which must be selected for the signature to matter.
My current settings would still prompt for your add-in.
I have built template-based add ins for Word and Excel version 2003 and previous. Those versions always required the the code to be digitally signed so that it would run on machines that had macro security turned on.
I am now working on some template based add ins for Office 2010 (to be delivered as a protected .dotm file. The add ins will create custom ribbons that provide business functionality. It looks like while I can do code signing, I no longer need to do code signing if I install my .dotm file into [user profile]\Roaming\Microsoft\Word\Startup. Can anyone verify this? In my limited testing this seems to work and I am interested in distributing this to some computers out of our domain where my code signing certificate is not trusted.
Any help would greatly appreciated. Thanks.
Yes, that has been the case since Word 97 to Word 2010 - dot/dotm files in the STARTUP folder are not checked for signing (apparently because getting them into that folder is supposed to be a manual effort). It will work without signing as long as someone has not disabled STARTUP folder add-ins (the KB on how someone would disable it is here http://support.microsoft.com/kb/921541 under section "Disable the Startup folder add-ins").