Microsoft Office Macros

[Gary Flynn <flynngn () JMU EDU>]

How are schools handling Microsoft Office macros?

Do you lower the Office security settings so unsigned
macros will run?

Do users put up with constant warning messages?

Do you sign your macros?

Do you have an existing PKI infrastructure or did
you put something together just for code signing?

Do you issue self-signed signing certificates or
certificates from a CA already incorporated into
MS software?

Do you create code signing certificates for individual
developers, department, or organization?

Who handles the actual code signing?

How do you handle distributing the certificates on
users' desktops?

How do you handle certificate expiration?

How do you handle externally written macros?

How do you handle user and developer education on
handling code signing certificates and signed or
unsigned macros?

Thanks for any advice and information.

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security