Tuesday, December 4, 2018

Enable or disable ActiveX settings in Office files

Enable or disable ActiveX settings in Office files

See how to work with ActiveX controls in your files, changing their settings, and how to enable or disable them by using the Message Bar and the Trust Center. You can also learn more about ActiveX controls and how they improve your files.

IT Pros can learn more about planning ActiveX settings in the Plan security settings for ActiveX controls for Office 2010 TechNet article.

In this article

Enable ActiveX controls when the Message Bar appears

Enable ActiveX controls for one time when the Security Warning appears

Change ActiveX-control settings in Word, Access, Excel, PowerPoint, Publisher, and Visio

ActiveX-control settings explained

What is an ActiveX control and what are the risks?

Risk and potential damage

Enable ActiveX controls when the Message Bar appears

When you open a file that has ActiveX controls, the yellow Message Bar appears with a shield icon and the Enable Content button. If you know the controls are from a reliable source, use the following instructions:

  • On the Message Bar, click Enable Content.
    The file opens and is a trusted document.

The following image is an example of the Message Bar when ActiveX controls are in the file.

Message Bar with ActiveX warning message

Top of Page

Enable ActiveX controls in the Backstage view

Another method to enable ActiveX controls in a file is via the Microsoft Office Backstage view, the view that appears after you click the File tab, when the yellow Message Bar appears.

  1. Click the File tab.

  2. In the Security Warning area, click Enable Content.

  3. Under Enable All Content, click Always enable this document's active content.
    The file becomes a trusted document.

The following image is an example of Always enable this document's active content and Advanced Options.

Security Warning, make a trusted document

The following image is a larger example of the Enable Content options.

Security Warning drop-down

Note: The one exception is an ActiveX control with the kill-bit set. In this state, the ActiveX control does not run. A kill bit is security feature that instructs an ActiveX control to never use a piece of ActiveX software, for instance by closing a security vulnerability, by or preventing code from running.

Top of Page

Enable ActiveX controls for one time when the Security Warning appears

Use the following instructions to enable controls for the duration of time that the file is open. When you close the file, and then reopen it, the warning appears again.

  1. Click the File tab.

  2. In the Security Warning area, click Enable Content.

  3. Select Advanced Options.

  4. In the Microsoft Office Security Options dialog box, select Enable content for this session for each ActiveX control.

The following image is an example of the Security Warning area when ActiveX controls can be enabled for the duration of time that the file is open.

Security Warning area when a file cannot be trusted

Notes: 

  • If the file contains a Visual Basic for Applications (VBA) project, for example, and a macro-enabled Microsoft Excel file, the Trust Center is more restrictive, because the file may contain macros.

  • Enable ActiveX controls and other active content only if you know that they are from a reliable source.

Top of Page

Change ActiveX-control settings in Word, Access, Excel, PowerPoint, Publisher, and Visio

Use the following instructions to enable or disable ActiveX controls in the Trust Center.

  1. Click File > Options.

  2. Click Trust Center > Trust Center Settings > ActiveX Settings.

  3. Click the options you want, and then click OK.

The following is an example of the ActiveX Settings area of the Trust Center.

ActiveX Settings area of Trust Center

Important: If you change an ActiveX setting in Word, Access, Excel, PowerPoint, Publisher, or Visio, the settings are changed in all those programs.

Top of Page

ActiveX-control settings explained

The following explanations apply to ActiveX controls in files that are not in a trusted location or trusted documents.

Important: If you trust a file and do not want to receive security warnings about content containing ActiveX controls, or other active content, put the file in a trusted location.

  • Disable all controls without notification     All the ActiveX controls in documents are disabled.

  • Prompt me before enabling Unsafe for Initialization (UFI) controls with additional restrictions and Safe for Initialization (SFI) controls with minimal restrictions     There are two behaviors based on the presence of VBA projects:

    • With a VBA project     All ActiveX controls are disabled and the Message Bar appears. Click Enable Content to enable the controls.

    • Without a VBA project     SFI ActiveX controls are enabled with minimal restrictions and the Message Bar does not appear. However, ActiveX controls must all be marked as SFI to not to generate the Message Bar. UFI ActiveX controls are disabled. However, when a user enables the UFI controls they are initialized with additional restrictions (e.g. default values). Any persisted data that is part of the UFI control will be lost.

  • Prompt me before enabling all controls with minimal restrictions     This is the default. There are two behaviors based on the presence of VBA projects:

    • With a VBA project     All ActiveX controls are disabled and the Message Bar appears. Click Enable Content to enable the controls.

  • Without a VBA project     SFI ActiveX controls are enabled with minimal restrictions and the Message Bar doesn't appear. However, ActiveX controls must all be marked as SFI to not to generate the Message Bar. UFI ActiveX controls are disabled. However, when a user enables the UFI controls they are initialized with minimal restrictions (e.g. persisted values or default values if persisted values don't exist).

  • Enable all controls without restrictions and without prompting (not recommended)     Enable all ActiveX controls in documents with minimal restrictions.

  • Safe mode     Enable SFI ActiveX controls in safe mode, which means a developer has marked the control as safe.

Top of Page

What is an ActiveX control and what are the risks?

ActiveX controls are small building blocks that create applications that work over the Internet through Web browsers. Examples include customized applications for collecting data, viewing certain kinds of files, and displaying animation. Common uses of ActiveX controls are command buttons, list boxes, and dialog boxes. Office programs also let you use ActiveX controls to improve some documents.

Top of Page

Risk and potential damage

ActiveX controls can have unrestricted access to your computer and therefore can access your local file system and change your operating system registry settings. If a hacker uses an ActiveX control to take over your computer, the damage can be significant.

Top of Page

No comments:

Post a Comment