Office Customization Tool

Office security settings

Customize security settings for Office applications.

Note  Security settings specified in a Setup customization file become the default settings on users' computers; however, users can change them after installation. To help lock down security settings, use Group Policy. For more information, see Locking down computers for the 2007 Office system in the 2007 Microsoft Office Resource Kit.

Trusted Publishers - Manage the list that identifies trusted sources for digitally signed macros, add-ins, Microsoft ActiveX controls, and other executable code used by Office applications. Office applications share a certificate-based trusted sources list with Internet Explorer. Click Add to add a digital certificate (CER file). Adding the default Microsoft CER files ensures that all add-ins and templates are installed on users' computers with Office applications.

Trusted Locations - Manage the list that identifies locations from which any file can be opened without being checked by the Trust Center security feature. Click Add to add a new location, enter the following information, and then click OK:

Application - Select the Office application that uses this location.

Path - Enter the path of the trusted location. Enter a fully qualified path with drive letter or UNC path. The path can include environment variables.

Subfolders of this location are also trusted - Select this check box to include subfolders as trusted locations.

Description - Enter text to describe the purpose of the location.

To remove a trusted location from this list, select it, and then click Remove.

Note  When you specify one or more trusted locations here, the Trusted Locations list previously defined on the user’s computer is cleared and replaced by this list.

Remove all Trusted Locations written by OCT during installation - Clears the Trusted Locations list on the user's computer. Use this check box if you want to clear the Trusted Locations list on the user's computer without adding any new locations.

Default Security Settings - Set default security levels for add-ins, templates, and Office applications. For each Office application, you can set the following options:

• Allow trusted locations options
  1. Allow trusted locations that are not on the user's computer
  2. Disable all trusted locations; only files signed by trusted publishers are trusted
• Application extensions warnings options
  1. Disable all application extensions
  2. Require that application extensions be signed by a trusted publisher
  3. Require that extensions be signed, and silently disable unsigned extensions
• VBA macro warnings options
  1. Disable all VBA macros
  2. Disable the Trust Bar warning for unsigned VBA macros (unsigned code is disabled)
  3. No security checks for VBA macros (not recommended, code in all documents can run)
• Add-ins and templates (Microsoft Office Project 2007 only)
  1. Trust all installed add-ins and templates
  2. Do not trust installed add-ins and templates
• Security level (Office Project 2007 only)
  1. High - Only signed macros from trusted sources are allowed to run; unsigned macros are disabled
  2. Medium - Users can choose whether to run potentially unsafe macros
  3. Low (not recommended) - Users are not protected from potentially unsafe macros

Unsafe ActiveX Initialization - Determine whether unsigned, and therefore potentially unsafe, ActiveX controls can initialize using persisted data, that is, data that is saved from one instance of the control to the next. The possible values are:

<do not configure> - Setup does not modify the setting specified on the user's computer. New applications are installed with the default setting, which is Prompt user to use persisted data.

Prompt user to use control defaults - The user is warned before an application initiates ActiveX controls that might be unsafe. If the user trusts the source of the document, the control is initialized using its default settings.

Prompt user to use persisted data - The user is warned before an application initiates ActiveX controls that might be unsafe. If the user trusts the source of the document, the control is initialized using persisted data.

Do not prompt - All unsigned ActiveX controls run without prompting the user. This setting provides the least protection and is not recommended.