Friday, June 19, 2015

security - Enable macros for specific Excel file


(How) Can I enable macros in one Excel (2007) file?


Disabling macro security through the Trust Center allows macros on all spreadsheets. I can set it to 'Disable all macros with notifications' but then Excel will automatically block the macros in my file and I have to go through the Security Warning / Options / Enable this content every time:


enter image description here


I don't want to use the Trusted locations feature, because the file moves between physical locations.
For the same reason, digital certificates as mentioned in this question are not an option.


Saving the file as an Excel macro-enabled workbook (.xlsm extension) does not make a difference.


Answer



Even though the file moves around, you can use a digital certificate to sign your macro project using a certificate from a trusted CA.


Actually the purpose of the function in MS Office to digitally sign macros projects is so that it runs from any location which has trusted macros enabled and run it without a warning.


Without digitally signing, there is no way, you can have it run on any workstation without any warning since that defeats the whole purpose of security built around macros.


Here is how you can digitally sign your macro project:



  1. Open the file that contains the macro project that you want to sign.


  2. On the Developer tab, in the Code group, click Visual Basic.


  3. In Visual Basic, on the Tools menu, click Digital Signature. The Digital Signature dialog appears.


  4. Select a certificate and click OK.



Notes:


a) If the Developer tab is not available: Click the File tab. Click Options. Click Customize Ribbon. In the Customize the Ribbon list, click Developer, and then click OK.


b) If you haven't selected a digital certificate or want to use another, click Choose. Select a certificate and click OK.


c) It is recommended that you sign macros only after your solution has been tested and ready for distribution: when code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.


d) If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature implies that you guarantee the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates and add-ins so that they can control what users run on their computers.


e) If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
When you digitally sign macros, it is important to obtain a time stamp so that other users can verify your signature if the certificate used for the signature has expired, or has been revoked after signing. If you sign macros without a time stamp, the signature remains valid during the validity period of your certificate.


f) Note that Digitally signing your macro project is different from trusted locations.


References:


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...