Article ID: 327657 - View products that this article applies to.
This article describes how to create a trusted Outlook 2002 Component Object Model (COM) add-in.
Note This article uses the term trusted to mean that an Outlook COM add-in is registered in the Outlook 10 Security Settings folder. This article does not use trusted to mean digitally signing a COM add-in. This is how the term is typically used for other Microsoft Office programs.
Outlook 2002 includes a new feature that permits Outlook COM add-ins to be trusted in the Outlook 10 Security Settings folder.
Note This option is not available for Microsoft Outlook 2000. Even if you configure an Outlook 2000 computer to use the custom settings on the Outlook 2002 security form in the Outlook 10 Security Settings folder, the option is not available. Note that Outlook 2000 is not designed to retrieve or to implement the custom security settings for COM add-ins.
To create a custom setting that operates on a per-solution basis in Outlook 2002, you must register a COM add-in in the Outlook 10 Security Settings folder. All the other settings (mostly available on the Programmatic Settings tab of the form) apply to all solutions. Therefore, if you lower the security setting on the Programmatic Settings tab, this inherently increases the risk of exposure to malicious code. Microsoft recommends that (if at all possible) you create a trusted Outlook solution by creating an Outlook COM add-in and then registering it in the Outlook 10 Security Settings folder.
For additional information about how to create an Outlook COM add-in, click the article number below to view the article in the Microsoft Knowledge Base:
291163For additional information about how to implement the custom security settings for Outlook, including the Outlook 10 Security Settings folder, click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/291163/EN-US/ )OL2002: How to Create a COM Add-in for Outlook
(http://support.microsoft.com/kb/290499/EN-US/ )OL2002: Administrator Information About E-Mail Security Features
Limitations of Trusted Outlook COM Add-InsWhen you develop a COM add-in that will ultimately be trusted, there are some key limitations that you must consider when you design either your solution or the COM add-in.
Only Outlook COM Add-Ins Can Be TrustedYou cannot trust COM add-ins that will be used in other Office programs. COM add-ins run in the host program's process. For the trust to work, a COM add-in must be running in the Outlook process.
Only the Main Application Object Is TrustedWhen you use the Outlook object model in the COM add-in, only the main Application object that is passed to the OnConnection event is trusted. If you create a new Application object, by using the CreateObject method that object and any of its subordinate objects, properties, and methods are not trusted.
This objTrustedItem object is trusted because it is referenced by using the trusted Application object.
Additionally, if you implement an event in the Outlook object model, and an object is passed to that event (typically an Item object), that object is not trusted. This is a limitation of the implementation by Outlook of events in trusted COM add-ins. However, to work around this limitation you can reference the item from the trusted Application object. For example, from the NewInspector event, the following code references the new inspector by using the trusted Application object.
This code must follow the new text:
Note The common workaround of saving the new item so you can retrieve its EntryID property can cause unintended side effects, including, but not limited to, crashes. Therefore, Microsoft strongly discourages you from using this workaround.
Collaboration Data Objects (CDO) Cannot Be TrustedOutlook does not provide a means to the CDO object library if you use the CDO object library in an Outlook COM add-in. If you want to trust the CDO object library, you must enable the user-level custom security settings on the Programmatic Settings tab of the security form in the Outlook Security Settings folder. However, this permits CDO to be trusted for any code that may use that object library.
Microsoft ActiveSync and Other Applications May Affect COM Add-InsIf you re-enable the add-ins in the scenarios that are described in this article, these add-ins are not trusted. The add-ins are not trusted because the add-in was not started through the standard process.
For additional information about this issue, click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/329098/EN-US/ )OL2002: Add-ins Are Disabled If a Process First Starts Outlook
Troubleshooting Trusted COM Add-InsIf you register your COM add-in in the Outlook 10 Security Settings folder, but the add-in does not appear to be trusted, make sure that you consider the following issues:
For additional information about available resources and answers to frequently asked questions about Microsoft Outlook solutions, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/287530/EN-US/ )OL2002: Questions About Custom Forms and Outlook Solutions