Excel configuration does not allow addins

danweil · 2018-05-31 19:26:39 UTC

After compiliation and then starting the XLSpadlock generated exe, I receive the message

“Your excel configuration does not allow addins. Addins are required for this application to work. Do you allow this application to configure excel temporarily to accept addins…”

I couldn’t find the word “configuration” in the help file and also I couln’t find it in the forum. I haven’t used the software sinve v2.5 so maybe this is a new message.

I assume this message is generated by the XLSpadlock generated exe file, and “this application” is the exe file. It looks like it.
I don’t think there is any addin required by the xlsx file I have compiled so I am wondering if XLSpadlock has its’ own addin packaged with the exe.

Question 1: Is this message generated by the XLSpadlock generated exe?
Question 2:does “this application” mean this a particular instance of the xlspadlock generated exe or do all xlslock generated exe required addins, (even when there is no addin functions called by the xlsx)?

Question 3: In the trust centre I have allowed all addins to be started. How do I conifigure excel so that it allows the necessary addins?

Dan

gdgsupport · 2018-06-02 12:09:48 UTC

Use RegEdit, navigate to HKEY_CURRENT_USER and 'Software\Microsoft\Office\X.0\Excel\Security
Where X is the number of your current Excel version.
Then what are the values of these entries?
DisableAllAddins
NoTBPromptUnsignedAddin
RequireAddinSig

danweil · 2018-06-02 15:26:24 UTC

the attached word document might be easier to read

Dan

gdgsupport · 2018-06-04 16:54:04 UTC

Change NoTBPromptUnsignedAddin from 1 to 0, and it should then disable the notification message you get when you run an EXE made with XLS Padlock.

danweil · 2018-06-05 05:59:20 UTC

When XLSpadlock users create a XLSpadlocked exe of a simple XLSX file (without any macro code or need of addins) and then subsequently dual signs the exe it should be good for any target machine that trusts the exe. There are no Addins so security should be less of an issue.

On the source machine with noTBpromptUnsignedAddin set to 0 then it all runs perfectly. This is also the case for the target machine. Thanks for that information.

This is not the case if the target machine has noTBPromptUnsignedAddin set to 1 by the administrator with no access to this setting by the user (or by an exe run by the user).
The XLSpadlocked exe cannot be run by the end user even though it is signed.

I believe this implies that there is (1) some sort of unsigned addin injected in the exe by XLSpadlock or else (2) the message “Excel configuration…” should be able to be ignored in this case and the exe would still run. The first of these (1) is perhaps difficult to fix since addins cannot be signed programmatically, or at least to date there is no known method, unless the injected addin is signable by GDG and the signed injected addin is used by XLSadlock. The second of these (2) would require a code change in a future release.

As security tightens up further by microsoft or else companies then this is likely to impact XLSpadlock users. This might, however, remain a special case.

gdgsupport · 2018-06-06 12:15:33 UTC

Of course, the solution we gave you is a temporary one. We’ll disable the check for NoTBPromptUnsignedAddin because it is no more necessary in our recent XLS Padlock versions. Moreover, all add-ins used by XLS Padlock are of course digitally signed with a valid certificate.
The NoTBPromptUnsignedAddin case remains indeed very rare.

danweil · 2018-06-06 12:44:07 UTC

perfect answer

thanks