Outlook 2013 Does a Shared Folder Policy override a Digital Signature Setting for macros?

Outlook version
Outlook 2013 32 bit
Email Account
Exchange Server 2013
#1
Hello to everyone,

I hope that someone can help me with my question. But let me describe the situation a bit better first.

I created an Outlook macro that does the following:

- I click on a button, an Outlook UserForm pops up, which has 2 text fields and 2 command buttons.
- I insert two dates (especially for vacation times) into the text boxes, and click on the command button "enter vacation".
- the macro now has Outlook looking for the dates into my calendar, and it writes a whole-day event "vacation" for any day of a workweek within the given range.
- additionally, it fills an Excel calendar sheet with a letter for "vacation" which via conditional formatting transforms into a colour scheme.
- the Excel sheet has the calendars of any of team members (roughly 10-15 people), hence you can see who is in vacation at a certain date (well, at least for the days).
- the macro the loops through any day of the given vacation range and checks the Excel sheet to see who got vacation.
- then, a string is generated with the names or aliases of the team members who are on vacation, and afterwards, this information is put into the Outlook Calendar of each member of the team (so the ones who are working on that day, too).
- the macro of course avoid duplicates, and it looks out for dynamic changes (if a second person got vacation, the string is updated, the old entry in the calendar is removed and the new string is inserted).

Of course, I also opt for the reverse (removing the holiday, and then updating the calendar entries of each member).

NOW: of course, I need some shared folder settings, so person A needs the permission of person B to be able to write an entry into B's Outlook Calendar. I found some setting regarding the calendar authorisations for other (Exchange) users which allows person A to insert a calendar appointment into B's calendar only via macro (it is similar to the "Author" setting, but with the visibility restricted to "Booked/Free").

Now the problem is as follows:
Users may not be able to delete the appointments in someone else's calendar which they did not create themselves.

But they can insert basically any appointment into another user's calendar via a calendar opening macro like "display other user's shared calendar":

Dim _namespace As Outlook.NameSpace
Dim _recipient As Outlook.Recipient
Dim calendarFolder As Outlook.Folder

Set _namespace = Application.GetNamespace("MAPI")
Set _recipient = _namespace.CreateRecipient(name)
_recipient.Resolve

If _recipient.Resolved Then
Set calendarFolder = _namespace.GetSharedDefaultFolder(_recipient, olFolderCalendar)
'This would display the calendar on the screen:
'calendarFolder.Display

Of course, as a team, we trust each other, but for me personally, I would love to avoid people abusing the shared folders and inserting fake appointments like "meet your lover in the canteen at 12 o'clock" :-D

So I thought of using digital signatures and increased security settings for macros.

What I want to have is a situation in which all appointments in my (or just someone's) calendar that were set up by other users are deleted (or at least a warning is shown) if they do not have a well-known digital signature.

The problem is that this does not seem to work as I wish: if I have high security settings, I cannot use macros that have no digital signature (yeah, that's known probably to anyone). But if I lower the settings and say "allow any macro whether signed or not", I can use the uncertified macro, open another one's shared calendar and insert a fake appointment, regardless of the security settings for the test user.

Is there any way to solve this? E.g. like using the Rule Wizard to run a macro that checks whether an appointment was generated by a uncertified macro? Or that it checks for trusted publishers?

Or am I totally mistaken and there is already a possibility which I just have not seen?

Thank you guys in advance already :)
 
Outlook version
Outlook 2013 32 bit
Email Account
Exchange Server 2013
#2
Is there any way to solve this? E.g. like using the Rule Wizard to run a macro that checks whether an appointment was generated by a uncertified macro? Or that it checks for trusted publishers?
I hope it is not a "using code to protect code" scenario :D
 
Outlook version
Outlook 2013 32 bit
Email Account
Exchange Server 2013
#3
No one willing to answer?

Is the question understandable? Or is there another thread already which contains the answer? I tried to search within the forum, but with no success so far. Maybe you could redirect me to the certain thread.
 
Outlook version
Outlook 2013 32 bit
Email Account
Exchange Server 2013
#4
Okay, let's try to type it in a shorter version:

Question as in the header.

I wrote a macro that uses the shared folder option for the Outlook calendar.

Appointments into other users' calendars still can only be placed via a macro (the authorisation (calendar permission) options are quite good in Outlook). But I could use basically any macro to open the calendar of another user and then add a new appointment. We may trust each other in our team, but I want to avoid fake appointments everywhere.

Now I thought of using a digital signature and allow only for macros by trusted publishers. But the problem is that this only holds for my settings:

If I set the permissions to "macros only by trusted publishers" and use an uncertified macro, I will not be able to place an appointment into someone else's calendar. But if I change the settings to "allow all macros", I can do this with any macro.

But I would prefer the other way round: if another user (team mate) has the settings at "only by trusted publishers", I can never enter their calendar with an uncertified macro. And only if they change their settings, I can do so.

Is there any way to solve this? Or did someone else already post a similar question and I am just too blind to find it?

Post scriptum: I am sorry for my poor English, it is not my first language.
 

oliv-

Senior Member
Outlook version
Outlook 2010 32 bit
Email Account
Exchange Server
#5
Hi,
I think it's a bad way.

Digital Signature does not concern the rights to the mailboxes.
 
Outlook version
Outlook 2013 32 bit
Email Account
Exchange Server 2013
#6
Hey,

thank you for your response! Obvious question: is there any way to solve the problem with the possibility of "fake appointments", though? And probably without having to start at beginning again?
 
Outlook version
Outlook 2013 32 bit
Email Account
Exchange Server 2013
#7
So I wonder whether I should proceed like the following:

Run the macro in Outlook, insert the vacation into the Excel sheet calendar, filter the sheet for the people who got vacation on a certain date, write a string like "Vacation Team Today: Member A Alias, Member B Alias, Member C Alias, ..."

=> insert the string as an all-day-event into the shared folders of all the team mates, but:

apply the Rule Wizard such that every team member gets some kind of warning (Yes/No-MsgBox) which says which content should be inserted into the calendar (maybe like a header), and probably who wants to insert the appointment (alias of the team member). Then anyone can decide for himself whose content should be inserted, and it would probably be harder to insert fake appointments.

Most likely, I will need to have a lot of exceptions for regular auto-dates, though.

Any other/better suggestions?
 
Top