+ Post New Thread
Results 1 to 5 of 5
Windows Thread, Trusted Publishers in Technical; We are trialling Texthelp's Read & Write 8 Gold software. I have installed it on the network through a custom ...
  1. #1
    woody's Avatar
    Join Date
    Jun 2005
    Location
    Carlisle, Cumbria
    Posts
    624
    Thank Post
    3
    Thanked 21 Times in 17 Posts
    Rep Power
    24

    Trusted Publishers

    We are trialling Texthelp's Read & Write 8 Gold software. I have installed it on the network through a custom MSI. But what I didn't know and what they didn't tell me is that the install puts a word template with a macro in it into C:\Program Files\Microsoft Office\OFFICE11\STARTUP. This means that every time word loads, it runs the .dot and asks about the Macro - you have to tick 'Always trust macros from this publisher' and then enable the macros.

    Is there away I can import a certificate with the trusted publisher information automatically through group policy?

  2. #2

    Join Date
    Jul 2005
    Location
    North Wales
    Posts
    54
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Trusted Publishers

    just turn security to "really stupidly low". that's what we did...

    ok, so that isn't an answer.

    Yes, you can set trusted publishers through Group policy.

    computer settings, windows settings, security settings, software restriction policies ->set "trusted publishers" to "enterprise admins".

    on a computer with the certificate added, logged on as an enterprise admin, go to
    computer settings, windows settings, security settings, public key policies, enterprise trust.

    add a new certificate trust list, find your certificate and add it to the list as a new "code signing" certificate.



    If you're using adobe acrobat, you might find that it's broken by Read/write 8 - the ini file it creates defaults to "always read aloud", which can be confusing if you aren't expecting it or don't want it. you need some way of rolling out a fixed ini file, see the attached rar which did the job for us. You might not need to do this if you've already made your own MSI that fixes this.
    Attached Files Attached Files

  3. #3
    woody's Avatar
    Join Date
    Jun 2005
    Location
    Carlisle, Cumbria
    Posts
    624
    Thank Post
    3
    Thanked 21 Times in 17 Posts
    Rep Power
    24

    Re: Trusted Publishers

    Thanks Lord Edam, I will try this tommorow. Thanks for the 'fixed' ini too - we have already had complaints of Acrobat reading everything out!

  4. #4
    woody's Avatar
    Join Date
    Jun 2005
    Location
    Carlisle, Cumbria
    Posts
    624
    Thank Post
    3
    Thanked 21 Times in 17 Posts
    Rep Power
    24

    Re: Trusted Publishers

    Quote Originally Posted by Lord_Edam
    computer settings, windows settings, security settings, software restriction policies ->set "trusted publishers" to "enterprise admins".
    Ok, done this no problems.

    Quote Originally Posted by Lord_Edam
    on a computer with the certificate added, logged on as an enterprise admin, go to
    computer settings, windows settings, security settings, public key policies, enterprise trust. Add a new certificate trust list, find your certificate and add it to the list as a new "code signing" certificate.
    I'm getting a bit stuck on this. Presumably you are talking about local group policy settings on the PC with the certificate added. First of all, 'Enterprise Trust' can be found under the User configuration route, not the computer configuration route. I presume that it what you meant.

    Second, when I add a 'code signing' and then I can add a certificate to the list, I cannot find the 'Text Help Systems' certifiacte in the list. I try to add one by file since I have exported the certificate, but it tells me only 'self-signing' certificates can be added. At this point I am stuck.

    One last question, if I were able to set this up as you have described, does it feed back to the rest of the network, or is this just for that PC?

  5. #5

    Join Date
    Jul 2005
    Location
    North Wales
    Posts
    54
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Trusted Publishers

    sorry I didn't reply sooner - day off for a job interview at the LEA wednesday, and when I got back windows updates had broken half the staff PCs!!

    Quote Originally Posted by Lord_Edam
    on a computer with the certificate added, logged on as an enterprise admin, go to
    computer settings, windows settings, security settings, public key policies, enterprise trust. Add a new certificate trust list, find your certificate and add it to the list as a new "code signing" certificate.
    I'm getting a bit stuck on this. Presumably you are talking about local group policy settings on the PC with the certificate added. First of all, 'Enterprise Trust' can be found under the User configuration route, not the computer configuration route. I presume that it what you meant.

    This should be a domain policy, not a local one. I mentioned the PC with the certificate already added because it's easier than exporting the .cer/.crt file - you just search in the security container for the certificate you want.

    you can use user configuration if you want, provided the group policy is linked to an OU with users in it. The same settings are available under computer configuration as well.


    Second, when I add a 'code signing' and then I can add a certificate to the list, I cannot find the 'Text Help Systems' certifiacte in the list. I try to add one by file since I have exported the certificate, but it tells me only 'self-signing' certificates can be added. At this point I am stuck.
    Ah, right. We didn't go this route for text help, the only time we did this was for some dodgy web submission software for the finance team. It might be that you can't actually do this with the certificate texthelp supply.

    One last question, if I were able to set this up as you have described, does it feed back to the rest of the network, or is this just for that PC?
    If you do it as a domain policy, it will be picked up by any computers(for computer configuration) or users(for user configuration) in the OU you apply it to.



SHARE:
+ Post New Thread

Similar Threads

  1. Realtime Publishers
    By GrumbleDook in forum Books and Manuals
    Replies: 0
    Last Post: 7th May 2007, 11:41 PM
  2. Trusted Publishers
    By woody in forum Windows
    Replies: 0
    Last Post: 28th November 2006, 01:03 PM
  3. Trusted Sites via Group Policies?
    By mullet_man in forum Wireless Networks
    Replies: 5
    Last Post: 12th January 2006, 03:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •