none
Opening Document-Level Customization From a Network Drive with all Trusted Locations Disabled RRS feed

  • Question

  • Can anybody tell me definitively if there is any way to open a document-level customization (Word in my case) from a network drive without error if the "Disable all Trusted Locations" checkbox is checked in the Trust Center?

    I get this error:

    "Customization does not have the permissions required to createa an application domain.

    Customized functionality in this program will not work because the location of ... is not in the Office Trusted Locations list, or all trusted locations are disabled."

    My customization is signed by a publisher (with a valid cert) that has been added as a Trusted Publisher but it seems to me that this has no effect if all trusted locations are disabled.

    Tuesday, September 20, 2011 3:57 PM

All replies

  • Hi ConcentratedAwesome,

    Thank you for posting.

    What is the version of your word vsto application? Have you tried to add the network drive to Trusted Locations list, you can try to add it to see whether it can resolve your problem.

    Hope this can resolve your problem and just feel free to follow up after you have tried.

    Best Regards,

     


    Bruce Song [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, September 22, 2011 1:41 AM
  • It's a Word 2007 document level customization and we are using VSTO 3.5.  My trusted location is added into the Policy Locations, but of course, all the locations are greyed out because the "Disable all locations" box is checked.
    Thursday, September 22, 2011 10:09 AM
  • Hello ConcentratedAwsome,

    There are many sources of information about the problem you report and the solution(s) to those.

     

    Links to many Forum threads are in the following content:

    Visual Studio Tools for Office Forum

    http://social.msdn.microsoft.com/Forums/en-US/vsto/threads

     

    See the Forum post at:
    If Trusted Location is disabled by group policy, what can we do ...

    http://social.msdn.microsoft.com/Forums/en-US/vsto/thread/74915cc6-eb3b-499b-a00b-ecd969b7ac23

     

    Also please see Cindy Meister’s post in this Forum thread:
    Is it possible to hide the CannotCreateCustomizationDomainException?

    http://social.msdn.microsoft.com/Forums/en-US/vsto/thread/f3ad376a-bc45-4b55-9211-b0e8738d957b/

     

    Another solution is discussed in this Forum thread:
    Exception: Customization could not be loaded because the ...

    http://social.msdn.microsoft.com/Forums/en/vsto/thread/16c1a120-cd5b-40d4-9027-f02df4106538

     

    Most locations on the local machine are already considered trusted; the only directories that are not trusted are the temporary directories such as the IE cache or c:\temp. The security model for Office solutions relies on both the Visual Studio Tools for Office runtime (with a certificate) and Word (with the trusted locations). The certificate lets you install the Word document without showing any prompts because the installer is coming from you (a Trusted Publisher). However, it's Word that checks the trusted locations. In short, the certificate has nothing to do with trusted locations, and you must fulfill those security requirement separately from the cert.

    For an Word file and/or its add-in to be opened on a network share, each and every location needs to be added to the Trusted Locations. For more information, see:
     
    http://msdn.microsoft.com/en-us/library/bb772072(VS.90).aspx.

    More thorough discussions for Office security and VSTO add-ins in MSDN follows the links below.

    Under the tree that starts in the MSDN Visual Studio Tools for Office topic at:
    http://msdn.microsoft.com/en-us/library/d2tx7z6d(v=VS.80).aspx

    Expand the nodes below:

    Security in Office Solutions
    http://msdn.microsoft.com/en-US/library/k64zb6we(v=VS.80).aspx

    Security Requirements to Run Office Solutions
    http://msdn.microsoft.com/en-US/library/6exya3kf(v=VS.80).aspx

    Within the latter topic you’ll see these excerpts:

    Levels of trust in .NET Framework security include these three:

    ·         Full trust. This level grants the code permission to do any action that the current user can do. All code must have full trust to run in Office solutions.

    ·         Partial trust. This level is a restricted permission set that grants only specified permissions. Partially trusted code will not run in Office solutions.

    ·         Untrusted. This level grants no permissions, so the code does not run.

    See the list of Types of Evidence,

    Visual Studio uses URL evidence to grant full trust to your projects when you build them. When Visual Studio builds a Visual Studio Tools for Office project, it alters User-level security policy to grant full trust to the build locations of Office projects. When the customization or add-in runs, the loader presents the URL of the assembly location to the policy system, which grants full trust to the specific locations.

    Assembly Security Overview

    End-user computer

    Assemblies have no trust.

    The administrator grants trust to the assembly in the user's security policy. For more information, see Deploying Security Policy.

     

    Further reference information is linked at the following Office site:
    Office Development with Visual Studio | VSTO, Add-ins | MSDN
    http://msdn.microsoft.com/en-us/office/hh133430.aspx

     

    Please let us know which content from among the links above helps you get the answer to your question “Can anybody tell me definitively if there is any way to open a document-level customization (Word in my case) from a network drive without error if the "Disable all Trusted Locations" checkbox is checked in the Trust Center?”

    Regards,
    Chris Jensen
    Senior Technical Support Lead

    Friday, September 23, 2011 3:28 PM
    Moderator
  • Hi ConcentratedAwsome,

    Here is the link to another content resource that discusses Trusted Locations. This link was not in the post I added to the thread on September 23.

    Plan Trusted Locations settings for Office 2010
    http://technet.microsoft.com/en-us/library/cc179039.aspx

    Regards,
    Chris Jensen
    Senior Technical Support Lead

    Wednesday, September 28, 2011 1:40 PM
    Moderator
  • I'm kind of looking for a definitive yes/no on this one:

    Is there any way to open a document-level customization (Word in my case) from a network drive without error if the "Disable all Trusted Locations" checkbox is checked in the Trust Center?

    I think the answer is "no" and I'm really just checking to make sure.

    Wednesday, September 28, 2011 2:12 PM
  • Hello ConcentratedAwsome,

    You don’t want another link to the available content, just a non-complicated yes or no answer. But the answer is “it depends.” Group Policy can override the Trust Center. If in group policy the setting for “Disable all trusted locations” is checked (by default, in group policy trusted locations are enabled, so this overrides the default) Enabling this setting disables all trusted locations, including trusted locations that are:

    ·         Created by default during setup.

    ·         Created by users through the graphical user interface.

    ·         Displayed through Group Policy,


    Enabling this setting also prevents users from configuring trusted locations settings in the Trust Center.

     

    So, here is the link where you can learn all about it:

    Security policies and settings in the 2007 Office system
    http://technet.microsoft.com/en-us/library/cc178946(office.12).aspx

    It all depends…..

    Regards,
    Chris Jensen
    Senior Technical Support Lead

    Thursday, September 29, 2011 1:40 PM
    Moderator
  • Oy.  Either it's possible or it ain't.  I'm not asking how - I can figure that out on my own.  Sounds like you don't know.

    Cindy says this in http://social.msdn.microsoft.com/Forums/en-US/vsto/thread/74915cc6-eb3b-499b-a00b-ecd969b7ac23  : 

    "If we're talking Office 2007, there's no way to get around "Trusted location" for a word or Excel document-level customization. It's required."

    Which, to me, implies that if all you're trusted locations are disabled with the "Disable all Trusted Locations" checkbox, then there's no way you're going to open that document customization (properly) from a networked drive - no matter what you do.  I'm just looking for a "yes, that's so" or "no, not necessarily"

    Thursday, September 29, 2011 2:21 PM