A valid inclusion list entry has two parts: a path to the deployment manifest, and the public key used to sign the solution. After a solution is added to the inclusion list, it is considered trusted. When the Office solution runs, the Office application compares the public key in the inclusion list with the signing key in the deployment manifest to verify that the solution that is currently running is the same as the original trusted version.

If you want to add your solution to the inclusion list without prompting the user, you can add the solution programmatically. For more information about how to change the inclusion list, see How to: Add or Remove Inclusion List Entries (2007 System).

Modifying the inclusion list does not require administrator privileges.

By using the ClickOnce implementation in Visual Studio Tools for Office, administrators can configure the trust prompt level to allow prompting, disable prompting, or require a trusted certificate. This configuration is done by using a registry key that controls access to the inclusion list.

If prompting is disabled, only solutions that have a trusted and known certificate can be installed. If the prompting level is set to Authenticode required, the solution must be signed with a certificate from a known authority, but it does not require a certificate that chains to a trusted root authority (a trusted certificate). If prompting is allowed, the solution could be signed with a certificate with an unknown identity. In this scenario, the trust decision is deferred to the end user, and a temporary certificate would be sufficient to install a solution.

For more information, see How to: Configure Inclusion List Security (2007 System) and Table 2, titled Prompting Level Registry Key Value Launch Effects, in Configuring ClickOnce Trusted Publishers.

Tasks

Concepts