question

Byomeer-2723 avatar image
0 Votes"
Byomeer-2723 asked CeasarChenMSFT-3458 commented

How to register custom protocols in the Office security policy for all current and future users?

We are developing a desktop application that has to use a custom URI protocol. This software will be mostly used from within Office apps, specifically Outlook, on multi user office PCs (no admin rights). Our installer (WiX toolset) adds the custom protocol to the registry like this:

 [HKCR\<procotolURI>] {default DWORD 'URL: <protocolName>', 'URL Protocol' DWORD ''}
 [HKCR\<procotolURI>\shell\open\command] {default DWORD '"<protocolHandlerEXE>" "%1"'}

Parsing the arguments in our app <protocolHandlerEXE> works perfectly. Unfortunately, Outlook displays a security warning when the custom URI link is clicked, immensly disrupting the workflow of our service. We were able to suppress the warning by setting this registry key:

 [HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\<protocolUri>:]

However, there are a few issues arising from this approach:

<1> the warning is only supressed for the given office version
<2> the warning is only supressed for the installing user:
other users and users that don't exist on the local machine yet will still see the warning

We are currently creating above mentioned key for every version of Office (down to 14.0) to solve problem <1>.

Many different solutions come to mind to solve issue <2>, although none seem to really solve the problem, some just straight up don't work:

<2a> check the security policy key on app startup and create an entry if necessary
--> not working if user has no admin rights

<2b> using a shady Office registry copy mechanism
according to this reddit post https://www.reddit.com/r/sysadmin/comments/7883fs/til_there_is_a_hklm_office_registry_key_that_can/ creating registry keys

 [HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\User Settings\<someName>] {'Count' DWORD '00000001'}
 [HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\User Settings\<someName>\Create\<subDir>] {}

should trigger Office to create given <subDir> registry key under [HKCU] when any Office app is started.
--> doesn't seem to work for security policy

<2c> using ActiveSetup
--> untested; this method seems extremely outdated and could stop working anytime

<2d> edit ntuser.DAT of default user
--> untested; feels hacky and overengineered

<2e> edit group policy
--> untested; just a thought, is this even an option?

There are not that many resources available on this topic, therefore I decided to write all my findings and thoughts down in this post. Any other direction or general idea is highly appreciated!





windows-group-policyoffice-itpro
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, @Byomeer-2723
Your question is related to group policy creation, I am in charge of Office General. It is suggested that you go to Office developer community.Thanks for your understanding.

0 Votes 0 ·
Byomeer-2723 avatar image Byomeer-2723 CeasarChenMSFT-3458 ·

Hi, thanks for commenting. Could you point me in a more specific direction to look, or a more appropriate forum to ask my question? I was under the impression that this would be the right place to get in touch with the Office Developer community.

0 Votes 0 ·

Hi,
This forum may help you. Suggestions and questions about Microsoft 365 development can be raised here:https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/idb-p/Microsoft365DeveloperPlatform

0 Votes 0 ·

0 Answers