How to register custom protocols in the Office security policy for all current and future users?

Byomeer 1 Reputation point

We are developing a desktop application that has to use a custom URI protocol. This software will be mostly used from within Office apps, specifically Outlook, on multi user office PCs (no admin rights). Our installer (WiX toolset) adds the custom protocol to the registry like this:

[HKCR\<procotolURI>] {default DWORD 'URL: <protocolName>', 'URL Protocol' DWORD ''}
[HKCR\<procotolURI>\shell\open\command] {default DWORD '"<protocolHandlerEXE>" "%1"'}

Parsing the arguments in our app <protocolHandlerEXE> works perfectly. Unfortunately, Outlook displays a security warning when the custom URI link is clicked, immensly disrupting the workflow of our service. We were able to suppress the warning by setting this registry key:

[HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\<protocolUri>:]

However, there are a few issues arising from this approach:

<1> the warning is only supressed for the given office version
<2> the warning is only supressed for the installing user:
other users and users that don't exist on the local machine yet will still see the warning

We are currently creating above mentioned key for every version of Office (down to 14.0) to solve problem <1>.

Many different solutions come to mind to solve issue <2>, although none seem to really solve the problem, some just straight up don't work:

<2a> check the security policy key on app startup and create an entry if necessary
--> not working if user has no admin rights

<2b> using a shady Office registry copy mechanism
according to this reddit post creating registry keys

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\User Settings\<someName>] {'Count' DWORD '00000001'}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\User Settings\<someName>\Create\<subDir>] {}

should trigger Office to create given <subDir> registry key under [HKCU] when any Office app is started.
--> doesn't seem to work for security policy

<2c> using ActiveSetup
--> untested; this method seems extremely outdated and could stop working anytime

<2d> edit ntuser.DAT of default user
--> untested; feels hacky and overengineered

<2e> edit group policy
--> untested; just a thought, is this even an option?

There are not that many resources available on this topic, therefore I decided to write all my findings and thoughts down in this post. Any other direction or general idea is highly appreciated!

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,079 questions
Office Management
Office Management
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Management: The act or process of organizing, handling, directing or controlling something.
2,067 questions
{count} votes