Sunday, February 4, 2018

Enable or disable macros in Office files

Enable or disable macros in Office files

A macro is a series of commands that you can use to automate a repeated task, and can be run when you have to perform the task. This article has information about the risks involved when you work with macros, and you can learn about how to enable or disable macros in the Trust Center.

If you're looking for information on creating macros please see Quick start: Create a macro.

In this article

Enable macros when the Message Bar appears

Enable macros in the Backstage view

Enable macros for one time when the Security Warning appears

Change macro settings in the Trust Center

Macro settings explained

What is a macro, who makes them, and what is the security risk?

Enable macros when the Message Bar appears

When you open a file that has macros, the yellow message bar appears with a shield icon and the Enable Content button. If you know the macro, or macros, are from a reliable source, use the following instructions:

  • On the Message Bar, click Enable Content.
    The file opens and is a trusted document.

The following image is an example of the Message Bar when macros are in the file.

Security Warning Message Bar for macros

Top of Page

Enable macros in the Backstage view

Another method to enable macros in a file is via the Microsoft Office Backstage view, the view that appears after you click the File tab, when the yellow Message Bar appears.

  1. Click the File tab.

  2. In the Security Warning area, click Enable Content.

  3. Under Enable All Content, click Always enable this document's active content.
    The file becomes a trusted document.

The following image is an example of the Enable Content options.

Security Warning drop-down

Top of Page

Enable macros for one time when the Security Warning appears

Use the following instructions to enable macros for the duration that the file is open. When you close the file, and then reopen it, the warning appears again.

  1. Click the File tab.

  2. In the Security Warning area, click Enable Content.

  3. Select Advanced Options.

  4. In the Microsoft Office Security Options dialog box, click Enable content for this session for each macro.

  5. Click OK.

Top of Page

Change macro settings in the Trust Center

Macro settings are located in the Trust Center. However, if you work in an organization, the system administrator might have changed the default settings to prevent anyone from changing settings.

Important: When you change your macro settings in the Trust Center, they are changed only for the Office program that you are currently using. The macro settings are not changed for all your Office programs.

  1. Click the File tab.

  2. Click Options.

  3. Click Trust Center, and then click Trust Center Settings.

  4. In the Trust Center, click Macro Settings.

  5. Make the selections that you want.

  6. Click OK.

The following image is the Macro Settings area of the Trust Center.

macro settings area of trust center

Use the information in the following section to learn more about macro settings.

Top of Page

Macro settings explained

  • Disable all macros without notification     Macros and security alerts about macros are disabled.

  • Disable all macros with notification     Macros are disabled, but security alerts appear if there are macros present. Enable macros on a case-by-case basis.

  • Disable all macros except digitally signed macros     Macros are disabled, but security alerts appear if there are macros present. However, if the macro is digitally signed by a trusted publisher, the macro runs if you have trusted the publisher. If you have not trusted the publisher, you are notified to enable the signed macro and trust the publisher.

  • Enable all macros (not recommended, potentially dangerous code can run)     All macros run. This setting makes your computer vulnerable to potentially malicious code.

  • Trust access to the VBA project object model     Disallow or allow programmatic access to the Visual Basic for Applications (VBA) object model from an automation client. This security option is for code written to automate an Office program and manipulate the VBA environment and object model. It is a per-user and per-application setting, and denies access by default, hindering unauthorized programs from building harmful self-replicating code. For automation clients to access the VBA object model, the user running the code must grant access. To turn on access, select the check box.

Note: Microsoft Publisher and Microsoft Access have no Trust access to the VBA project model object option.

Top of Page

What is a macro, who makes them, and what is the security risk?

Macros automate frequently used tasks to save time on keystrokes and mouse actions. Many were created by using Visual Basic for Applications (VBA) and are written by software developers. However, some macros can pose a potential security risk. A person with malicious intent, also known as a hacker, can introduce a destructive macro in a file that can spread a virus on your computer or into your organization's network.

In this article

What is a macro and what is the security risk?

Enable or disable macros with the Trust Center

Which program are you using?

How can the Trust Center help protect me from unsafe macros?

A security warning asks if I want to enable or disable a macro. What should I do?

What is a macro and what is the security risk?

Macros automate frequently-used tasks; many are created with VBA and are written by software developers. However, some macros pose a potential security risk. A person with malicious intent can introduce a destructive macro, in a document or file, which can spread a virus on your computer.

Top of Page

Enable or disable macros with the Trust Center

Macro security settings are located in the Trust Center. However, if you work in an organization, your system administrator might have changed the default settings to prevent anyone from changing any settings.

Note: When you change your macro settings in the Trust Center, they are changed only for the Office program that you are currently using. The macro settings are not changed for all your Office programs.

Which 2007 Microsoft Office system program are you using?

Access

Access

  1. Click the Microsoft Office Button Office button image , and then click Access Options.

  2. Click Trust Center, click Trust Center Settings, and then click Macro Settings.

  3. Click the options that you want:

    • Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.

    • Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.

    • Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.

    • Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.

Top of Page

Excel

  1. Click the Microsoft Office Button Office button image , and then click Excel Options.

  2. Click Trust Center, click Trust Center Settings, and then click Macro Settings.

  3. Click the options that you want:

    • Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.

    • Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.

    • Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.

    • Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.

    • Trust access to the VBA project object model    This setting is for developers and is used to deliberately lock out or allow programmatic access to the VBA object model from any Automation client. In other words, it provides a security option for code that is written to automate an Office program and programmatically manipulate the Microsoft Visual Basic for Applications (VBA) environment and object model. This is a per user and per application setting, and denies access by default. This security option makes it more difficult for unauthorized programs to build "self-replicating" code that can harm end-user systems. For any Automation client to be able to access the VBA object model programmatically, the user running the code must explicitly grant access. To turn on access, select the check box.

Tip: You can open the macro security settings dialog box from the Developer tab in the Ribbon, which is part of the Microsoft Office Fluent user interface. If the Developer tab is not available, click the Microsoft Office Button Office button image , and then click Excel Options. Click Popular, and then select the Show Developer tab in the Ribbon check box.

Top of Page

Outlook

  1. On the Tools menu, click Trust Center.

  2. Click Macro Settings.

  3. Click the options that you want:

    • No warnings and disable all macros Click this option if you don't trust macros. All macros and security alerts about macros are disabled.

    • Warnings for signed macros; all unsigned macros are disabled This is the default setting and is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.

    • Warnings for all macros Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.

    • No security check for macros (Not recommended) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.

Top of Page

PowerPoint

  1. Click the Microsoft Office Button Office button image , and then click PowerPoint Options.

  2. Click Trust Center, click Trust Center Settings, and then click Macro Settings.

  3. Click the options that you want:

    • Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.

    • Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.

    • Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.

    • Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.

    • Trust access to the VBA project object model    This setting is for developers and is used to deliberately lock out or allow programmatic access to the VBA object model from any Automation client. In other words, it provides a security option for code that is written to automate an Office program and programmatically manipulate the Microsoft Visual Basic for Applications (VBA) environment and object model. This is a per user and per application setting, and denies access by default. This security option makes it more difficult for unauthorized programs to build "self-replicating" code that can harm end-user systems. For any Automation client to be able to access the VBA object model programmatically, the user running the code must explicitly grant access. To turn on access, select the check box.

Tip: You can open the macro security settings dialog box from the Developer tab in the Ribbon, which is part of the Microsoft Office Fluent user interface. If the Developer tab is not available, click the Microsoft Office Button Office button image , and then click PowerPoint Options. Click Popular, and then select the Show Developer tab in the Ribbon check box.

Top of Page

Publisher

  1. On the Tools menu, click Trust Center.

  2. Click Macro Settings.

  3. Click the options that you want:

    • Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.

    • Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.

    • Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.

    • Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.

    • Trust access to the VBA project object model    This setting is for developers and is used to deliberately lock out or allow programmatic access to the VBA object model from any Automation client. In other words, it provides a security option for code that is written to automate an Office program and programmatically manipulate the Microsoft Visual Basic for Applications (VBA) environment and object model. This is a per user and per application setting, and denies access by default. This security option makes it more difficult for unauthorized programs to build "self-replicating" code that can harm end-user systems. For any Automation client to be able to access the VBA object model programmatically, the user running the code must explicitly grant access. To turn on access, select the check box.

Top of Page

Visio

  1. On the Tools menu, click Trust Center.

  2. Click Macro Settings.

  3. Click the options that you want:

    • Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.

    • Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.

    • Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.

    • Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.

    • Trust access to the VBA project object model    This setting is for developers and is used to deliberately lock out or allow programmatic access to the VBA object model from any Automation client. In other words, it provides a security option for code that is written to automate an Office program and programmatically manipulate the Microsoft Visual Basic for Applications (VBA) environment and object model. This is a per user and per application setting, and denies access by default. This security option makes it more difficult for unauthorized programs to build "self-replicating" code that can harm end-user systems. For any Automation client to be able to access the VBA object model programmatically, the user running the code must explicitly grant access. To turn on access, select the check box.

Top of Page

Word

  1. Click the Microsoft Office Button Office button image , and then click Word Options.

  2. Click Trust Center, click Trust Center Settings, and then click Macro Settings.

  3. Click the options that you want:

    • Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.

    • Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.

    • Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.

    • Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.

    • Trust access to the VBA project object model    This setting is for developers and is used to deliberately lock out or allow programmatic access to the VBA object model from any Automation client. In other words, it provides a security option for code that is written to automate an Office program and programmatically manipulate the Microsoft Visual Basic for Applications (VBA) environment and object model. This is a per user and per application setting, and denies access by default. This security option makes it more difficult for unauthorized programs to build "self-replicating" code that can harm end-user systems. For any Automation client to be able to access the VBA object model programmatically, the user running the code must explicitly grant access. To turn on access, select the check box.

Tip: You can open the macro security settings dialog box from the Developer tab in the Ribbon, which is part of the Microsoft Office Fluent user interface. If the Developer tab is not available, click the Microsoft Office Button Office button image , and then click Word Options. Click Popular, and then select the Show Developer tab in the Ribbon check box.

Top of Page

How can the Trust Center help protect me from unsafe macros?

Before enabling a macro in a document, the Trust Center checks for the following information:

  • The macro is signed by the developer with a digital signature.

  • The digital signature is valid.

  • This digital signature is current (not expired).

  • The certificate associated with the digital signature was issued by a reputable certificate authority (CA).

  • The developer who signed the macro is a trusted publisher.

If the Trust Center detects a problem with any of these, the macro is disabled by default, and the Message Bar appears to notify you of a potentially unsafe macro.

Message Bar

To enable the macro click Options on the Message Bar, a security dialog box opens. See the next section for information about making decisions about macros and security.

Note: In Microsoft Office Outlook 2007 and Microsoft Office Publisher 2007, security alerts appear in dialog boxes, not in the Message Bar.

Top of Page

A security warning asks if I want to enable or disable a macro. What should I do?

When the Securty Options dialog appears, you can enable the macro or leave it disabled. You should enable the macro if you are sure it is from a trustworthy source.

Microsoft Office Security Options

Important: If you are sure the document and macro are from a trustworthy source and have a valid signature, and you do not want to be notified about them again, instead of changing the default Trust Center settings to a less safe macro security setting, you can click Trust all documents from this publisher in the security dialog box. This adds the publisher to your Trusted Publishers list in the Trust Center. All software from that publisher is trusted. In the case where the macro doesn't have a valid signature, but you trust it and don't want to be notified again, instead of changing the default Trust Center settings to a less safe macro security setting, it is better to move the document to a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.

Depending on the situation, the security dialog box describes the specific problem. The following table lists the possible problems and offers advice on what you should or should not do in each case.

Problem

Advice

Macro is not signed     Because the macro is not digitally signed, the identity of the macro publisher cannot be verified. Therefore, it is not possible to determine if the macro is safe or not.

Before you enable unsigned macros, make sure the macro is from a trustworthy source. You can still work in your document even though you don't enable the macro.

Macro signature is not trusted     The macro is potentially unsafe, because the macro has been digitally signed, the signature is valid, and you have not chosen to trust the publisher who signed the macro.

You can explicitly trust the macro publisher by clicking Trust all documents from this publisher in the security dialog box. This option appears only if the signature is valid. Clicking this option adds the publisher to your Trusted Publishers list in the Trust Center.

Macro signature is invalid     The macro is potentially unsafe, because the macro has been digitally signed and the signature is invalid.

We recommend that you don't enable macros with invalid signatures. One possible reason the signature is invalid is that it has been tampered with. For more information, see How to tell if a digital signature is trustworthy.

Macro signature has expired     The macro is potentially unsafe, because the macro has been digitally signed and the signature has expired.

Before enabling macros with expired signatures, make sure the macro is from a trustworthy source. If you have used this document in the past without any security issues, there is potentially less risk to enabling the macro.

No comments:

Post a Comment