How to prevent the Outlook Object Model security dialog boxes from opening when you use the Duet for Microsoft Office and SAP add-in

This article describes how to prevent the Outlook Object Model security dialog boxes from opening in Microsoft Office Outlook 2003 or in Microsoft Office Outlook 2007 when you use the Duet for Microsoft Office and SAP add-in. Outlook security dialog boxes may open if you configured custom security settings in Outlook. To prevent these dialog boxes from opening, you must register the Microsoft Visual Studio Tools for Office (VSTO) Add-in Loader (AddinLoader.dll) on the Trusted Code page of the Outlook Security Settings form. This article also describes the risk level and other security considerations of registering AddinLoader.dll.

Duet for Microsoft Office and SAP installs a COM add-in on client computers that are created by using the VSTO development environment. By default, this Duet COM add-in runs without triggering Outlook security dialog boxes. However, if you configured custom Outlook security settings in the Microsoft Exchange Server public folder, the Outlook security dialog boxes open every time that the Duet COM add-in processes a control message. For Duet to function correctly, the Duet COM add-in must be able to process the control messages. To prevent the Outlook security dialog boxes from opening, you must explicitly register the VSTO Add-in Loader (AddinLoader.dll) on the Trusted Code page of the Outlook Security Settings form.

Note The name of the Outlook Security Settings public folder is either "Outlook Security Settings" or "Outlook 10 Security Settings."

Description of AddinLoader.dll

AddinLoader.dll is used to load managed COM add-ins that were created by using VSTO development tools and by using the Microsoft Visual Studio 2005 Tools for Office Second Edition (VSTO 2005 SE) runtime. AddinLoader.dll can load the following add-ins:

• Add-ins that are built by using Microsoft Visual Studio 2005 Tools for Office (VSTO 2005) for Outlook 2003
• Add-ins that are built by using VSTO 2005 SE for Office 2003 or for the 2007 Office system.
• Add-ins that are built by using Microsoft Visual Studio 2008 Tools for Office (VSTO 2008) for Office 2003

Note AddinLoader.dll is not used for the 2007 Office system add-ins that are built by using VSTO 2008. Because the Duet client add-in for Outlook was developed by using VSTO 2005, AddinLoader.dll is used to load the Duet client add-in.

Will all COM Add-ins be able to run without triggering the Outlook security dialog boxes when you register AddinLoader.dll?

When AddinLoader.dll is registered on the Trusted Code page of the Outlook Security Settings form, any Outlook COM add-in that is already installed or configured on the client computer and that requires the VSTO 2005 SE runtime will run without triggering Outlook security dialog boxes. Other COM add-ins may still trigger the Outlook security dialog boxes.

Important notes

• The COM add-ins that VSTO 2005 SE runtime loads are compiled DLL files that must either be installed locally or deployed to a network location.
• AddinLoader.dll uses .NET-based Code Access Security (CAS). It will not load any COM add-ins that have not already been granted "FullTrust” in the .NET Runtime security policy on the computer.

Note The Duet for Microsoft Office and SAP client components are granted "FullTrust" in the .NET Runtime security policies during the installation process. This is one reason why you must run the installation by using Administrator rights. These Duet CAS policies are created based on the strong name signatures used by Microsoft and by SAP when the components are built.

For more information about how to configure .NET Runtime security policies, visit the following MSDN Web site:

Risk Level

Registering AddinLoader.dll on the Trusted Code page of the Outlook Security Settings form is considered low risk. By default, AddinLoader.dll is registered in this folder when you are using standard installations of Outlook 2003 and of Outlook 2007.

More information about the Outlook security settings

The Outlook Object Model Guard features were created for Microsoft Outlook 2000 to help prevent script-based viruses and malware from programmatically enumerating the user’s Address Book and then sending e-mail. The Outlook Object Model Guard feature applies to the following scriptable messaging APIs:

• The Outlook Object Model
• Collaboration Data Objects (CDO 1.21)
• Simple MAPI

By default, starting with Outlook 2003, COM add-ins are registered in the Outlook Security Settings folder. This means that all Outlook COM add-ins that have been installed and configured to run on a computer that is running Outlook 2003 or Outlook 2007 can access the Outlook Object Model without triggering Outlook security dialog boxes. But, if custom Outlook security settings have been configured in the Outlook Security Settings public folder or in the Outlook 10 Security Settings public folder, COM add-ins must be registered on the Trusted Code page of the Outlook Security Settings form to prevent the security dialog boxes from opening.

To configure custom security settings in Outlook, download the Outlook Administrator Pack from the Office 2003 Resource Kit. For more information about the Office 2003 Resource Kit, click the following article number to view the article in the Microsoft Knowledge Base: For more information about Outlook 2003 security settings, visit the following MSDN Web site: For more information about Outlook 2007 Security settings, visit the following MSDN Web site: