InfoPath -how to disable Microsoft Office InfoPath Security Notice - "Microsoft has identified a potential security concern"

security warnings infopath
Doreen picture Doreen · Sep 3, 2010 · Viewed 13.6k times · Source

I have an InfoPath form template as a content type in a form library on SharePoint. The form has several data connections which on submit, save it back to a specific form library on SharePoint depending on how one field is filled out.

After I added an additional data connection to receive information from SQL to a drop down control, when the form is opened (new or existing), the following Microsoft security message appears "Microsoft Office InfoPath Security Notice - Microsoft has identified a potential security concern...". This warning appears EVERY time.

I have added these connections as IE Internet Options trusted sites. In the InfoPath form itself, in Tools>Trust Center, I have unchecked (privacy options) "check Microsoft Office documents that are from or link to suspicious Web site in InfoPaths Trust Center".

None of these actions are solving the problem. Is there a way to turn this security warning off?

Answer

Nathan Fisher picture Nathan Fisher · Sep 8, 2010

You may need to change the Security and Trust settings on the form itself. goto Tools -> Form Options -> Security and Trust. If you go full trust then you will probably have to sign it with a code signing digital certificate.

Infopath can generate a digital certificate that will work on your local machine. but when anybody else tries to open the form they will be prompted if they trust the certificate when they open the form. To get around that problem either purchase a Codesigning certificate from a trusted provider or create one yourself with makecert.exe

Unfortunatly makecert is part of the Windows SDK which is a 570mb download.

The following is a script that I have used to create a Code Signing Certified Authority and a the infopath code signing certificate.

makecert -n "E=Support@{yourcompany},CN=Your Code Signing CA" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
makecert -pe -n "E=Support@{yourcompany},CN=Your Infopath Code Signing Certificate" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer

You will need to get the root certificate added to to the Trusted Root Certification Authority of the certificate store.

Related questions

Security warning when opening file from network share

I've created a setup executable which I have signed. It's located on a network share (which I access using unc - \server\share\setup.exe). When I double click the executable file, I get a Windows warning saying: Title: Open …

Read More
Angular 2: sanitizing HTML stripped some content with div id - this is bug or feature?

I use <div [innerHTML]="body"></div> to pass unescaped HTML to my template, and when I pass to body div with attribute id, Angular throw: WARNING: sanitizing HTML stripped some content (see http://g.co/ng/…

Read More
Java popup saying applications contains both unsigned and signed code

I am using Mac 10.7 running Java 1.7.0_21. I am trying to run a Java applet application that is signed and towards the end of the application I get a mixed mode security popup saying "Block potentially unsafe components from being run?". …

Read More