Pending MOTW changes - digitally signing VBA projects

Kyle123

Well-known Member
Joined
Jan 24, 2012
Messages
2,774
From June workbooks downloaded and emailed will have their macros disabled by default with no option to enable them in the Excel GUI, I have a few people that I help with workbooks they distribute that this is likely to be problematic. Advising users to either:
  • Remove the MOTW flag from the file attributes
  • Create a trusted location, save the workbook there and then open
  • Install a trusted certificate
Are all likely to be rather painful (but that's the intention), I think perhaps signing the code and distributing the certificate whilst may not be the easiest to talk users through initially, is likely to reduce the headache of ongoing support.

I've found the documentation a bit light on the signing and distribution process, I understand the process to be to purchase a cert, sign the VBA project and then distribute a certificate for users to install. Does anyone know whether smartscreen with an EV cert would prevent the need for users to install a cert? I suspect not, but this is how the process works for .net applications.

Has anyone gone through these options and decided a course of action for distributing macro enabled workbooks and what to tell end users? - Would be good to hear what you've decided to do
 
To be clear, are you referring to nothing changing around the blocking procedure or macros running?

Clearly, if a file is blocked, code will not run, but my understanding of the the MS documentation states explicitly that the code will run if the project is signed (once unblocked) and macros enabled. If the code isn't signed, the code won't run even if the file is unblocked.

Is my understanding incorrect?
 
Upvote 0

Excel Facts

Enter current date or time
Ctrl+: enters current time. Ctrl+; enters current date. Use Ctrl+: Ctrl+; Enter for current date & time.
Incorrect. Code does not have to be signed to run.
I think step 3 of this flowchart (Macros from the internet are blocked by default in Office - Deploy Office) is a little misleading:
1649682701126.png

what is very important of step 3 is that it says "Is macro digitally signed & Trusted Publisher on PC?". It means:
Only when the macro is signed AND THAT CERTIFICATE HAS PREVIOUSLY BEEN SET AS A TRUSTED PUBLISHER, will macro's be allowed to run.

My conclusion: Most documents containing VBA code will eventually end up in step 7, where you have to either enable macro's. Or you can click "Trust all from publisher", which will promote FUTURE documents from that publisher to step 3.

Even then, the important missing step (between step 1 and 2) is the unblocking step. Without that, no code will run. Not in my testing at least.
 
Upvote 0
Ah gotcha. That’s the bit I’d taken to mean that the certificate needs installing, at least it’s only the first time, subsequent times should work properly after that.

At least there’s no need to talk users through trusting the publisher/installing the certificate manually.

The problem of course is that there’ll be no option to enable macros in step 7. So I guess it will depend on what happens there, it may have the option to trust the publisher if signed and then allow macros
 
Upvote 0
Not sure if this will help your particular situation, but has worked for me..

If the location that the end users are downloading the files from is secure and consistent, you can have them set up a trusted site in their control panel, which means that the file doesn't have the "Mark of The Web" added. I'm still looking into how to apply a digital signature either programmatically or in bulk, but I am not having much luck with that right now.

To add a trusted site, you need to open the Control Panel >> Network & Internet >> Internet Properties >> Security >> Trusted Sites

Then click on the "Sites" button and add the trusted website location.
 
Upvote 0

Forum statistics

Threads
1,224,823
Messages
6,181,181
Members
453,022
Latest member
Mohamed Magdi Tawfiq Emam

We've detected that you are using an adblocker.

We have a great community of people providing Excel help here, but the hosting costs are enormous. You can help keep this site running by allowing ads on MrExcel.com.
Allow Ads at MrExcel

Which adblocker are you using?

Disable AdBlock

Follow these easy steps to disable AdBlock

1)Click on the icon in the browser’s toolbar.
2)Click on the icon in the browser’s toolbar.
2)Click on the "Pause on this site" option.
Go back

Disable AdBlock Plus

Follow these easy steps to disable AdBlock Plus

1)Click on the icon in the browser’s toolbar.
2)Click on the toggle to disable it for "mrexcel.com".
Go back

Disable uBlock Origin

Follow these easy steps to disable uBlock Origin

1)Click on the icon in the browser’s toolbar.
2)Click on the "Power" button.
3)Click on the "Refresh" button.
Go back

Disable uBlock

Follow these easy steps to disable uBlock

1)Click on the icon in the browser’s toolbar.
2)Click on the "Power" button.
3)Click on the "Refresh" button.
Go back
Back
Top