Using WWB in writing labs where multiple users use the same computers
THE PROBLEM: As different users use the same system to analyze their compositions using Writer's Workbench, they are prompted with a security warning about macros or possibly malicious programs on the computer.
Two possible solutions; both moderately technical - One by Kansas State, the other inspired by NWTC.
Although EMO cannot support more complex networking and user issues in either of these solutions, the first solution has been tested and seems to work fine for Word 2002, Word 2003, Word 2007, and Word 2010.
This recommended solution was inspired by Northeast Wisconsin Technical College and we support this solution.
EMO Solutions, Inc. (the author of WWB) has a certificate from VeriSign / Network Solutions that allows customers to allow using WWB in Microsoft Word while protecting users from other potentially malicious code.
After installing WWB as an administrator, and then when using the same computer with a different user ID, the new user may be prompted with a security warning. This warning can annoying and confusing for students in a writing lab.
A registry addition that can be added to your computers' registries to eliminate this confusion. In this solution, the registry key -
[HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\3F99...2C1E]
is populated with our signed certificate. This certificate will allow different users to run all Writer's Workbench dot and .dotm programs without being prompted with the security warning.
That registry key is available at www.writersworkbench.com/WWBCertificate.reg .
If you click on that URL, you will be prompted once or twice, depending on your version of Windows.
When you select "Run" or "Yes" or "OK," that system certificate will allow all users to use Writer's Workbench in Microsoft Word without future security warnings.
Special thanks to Matthew Janzen - Kansas State at Salina for providing this article.
This information should provide enough information for a Microsoft-trained technician to eliminate the need for users to need to enable macros before using Writer's Workbench on a given system.
Basically, if someone is using mandatory profiles, the registry setting that saves the user's acceptance of EMO macros is stored in the user section of the registry. Because that is the case, a mandatory profile will never save this information permanently.
There are several ways to handle this, but here are the steps I take (these are written for XP, but 2k is about the same):
(1) Create a copy of the user profile you want to modify (eg. myprofile_new)
on the server and make it a roaming profile (rename ntuser.man to ntuser.dat)
(2) Create a dummy user that points at the new profile.
(3) Log in as the dummy user, run Writer's Workbench, accept the security
warning for macros from EMO
(4) Restart (XP doesn't save the profile information until you've restarted)
(5) Log in as a user that has administrative access both locally and on the
server where user profiles are stored. (domain admin usually does the trick)
(6) Save the profile out to the server (System Properties > Advanced > User
Profiles Settings > Select Profile - Copy To ) - this is done because the
roaming profile (for whatever reason) doesn't get updated with the new
setting for EMO macros. The profile that is stored on the local machine
does, so saving it out to the server will update the roaming profile.
* Note - make sure you allow the necessary permissions on the new profile
when saving it out to the server so that the original user will be able to
access it.
(7) Make the new profile mandatory (rename ntuser.dat to ntuser.man)
(8) Rename the old profile (eg. myprofile_old) - once you're sure the new
one works, the old profile can be deleted.
(9) Rename the new profile to whatever the old profile's name was originally
(eg. myprofile)
(10) Get rid of your dummy user account and test the new profile with the
original user.
Here's an older Microsoft article that explains how to manage user profiles.
Reading it should make my steps above a little clearer.
Managing User Profiles -
http://technet.microsoft.com/en-us/library/bb726990.aspx
(see specifically "Copying an Existing Profile to a New User Account")
These changes can also be made directly to the ntuser.man file once you've
run this on one machine. The values from the two following registry keys
appear to be all that's needed to set the user's profile up to trust macros
from EMO (the actual values will vary depending on the certificate, so
you'll have to install WWB, run it, and then check these keys to get the
correct ones for your current version's installation).
[HKEY_USERS\<usernamehere>\Software\Microsoft\VBA\Trusted]
[HKEY_USERS\<usernamehere>\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\05091C11AC440D3D0A78C646682D0764B1D42020]
(the number of this key depends on the certificate you're wanting to approve
- this number "05091C..." happens to be the one for the Writer's Workbench
wwb.dot file).