.comment-link {margin-left:.6em;}

Pranav Wagh's Blog

Thursday, September 22, 2005

how to allow Administrator chosen certificates to work, but not allow users to trust new certificates ?

Then comes the digitally signed form digitally signed forms have to be from a Trusted Publisher, or they get blocked.  But you can block trusting publishers as well. InfoPath uses the same trusted publishers list the rest of Office does.  By default this is stored at "HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Trusted".

 

If you copy that key and its values to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Trusted", then the HKLM list will override the HKCU list. You can then set ACL permissions on the "Trusted" key so that "Users" can read, but not write, to that key. That would allow Administrator chosen certificates to work, but not allow users to trust new certificates. The documentation for this can be found on http://www.microsoft.com/technet/security/bestprac/mblcode.mspx.

 

 

1 Comments:

  • Can Sony really take on the iPod?
    Time and again, news accounts have noted Sony's loss of the portable music to Apple Computer.
    Great blog! I'm definitely going to bookmark you!

    I have a Software Programs site. It pretty much covers Software Programs related stuff. (And I've got lots of great new programs!)
    Have a look sometime!

    By Anonymous Anonymous, at 5:15 PM  

Post a Comment

Links to this post:

Create a Link

<< Home