Granting Trust to Documents
A document-level project has the same security requirements as application-level projects: signing the manifests with a certificate or clicking the trust prompt. In addition, the document or workbook must be located in a directory that is designated as a trusted location.
Applies to: The information in this topic applies to document-level projects for the following applications: Excel 2007 and Excel 2010; Word 2007 and Word 2010. For more information, see Features Available by Office Application and Project Type.
Applications in the 2007 Microsoft Office system and Office 2010 have Trust Centers where users can configure security and privacy settings, such as trusted locations. For Office solutions, the local computer is considered a trusted location. However, because of higher risk, there are certain directories that cannot ever be trusted, such as the temporary folders for the system, for each user, and for Internet Explorer.
For more information about the Trust Center, see Security policies and settings in the 2007 Office system. For more information about how to create, manage, remove, and configure trusted folders, see Configure trusted locations and trusted publishers settings in the 2007 Office system and Create, remove, or change a trusted location for your files.
Security Considerations for Office Solutions
There are several security concerns when you consider which folders to add to the trusted locations:
Local folders are considered to be more secure and are implicitly trusted. Remote locations such as file shares must be designated as trusted locations.
When you add a directory to the trusted locations, this action grants full trust not only to Office solutions, but also to VBA and ActiveX code. For this reason, the root directory and the My Documents folders should not be designated as trusted.
Although the document itself is trusted by using the trusted locations, additional permissions are needed to trust the customization. You can grant full trust to the customization by using signing the manifests with a certificate, clicking the trust prompt, or installing the Office solution to the Program Files directory.
You can store the document or workbook of a document-level solution in the same directory as the assembly, or in a different directory. For example, the document could be located on a SharePoint server and the assembly could be located on a network file share. For more information, see How to: Publish a Document-Level Office Solution to a SharePoint Server.