Group policy to block office macros

microsoft-office macros virus group-policy spam-prevention
16,524

Solution 1

I've seen a lot of other posts using user config > administrative templates > office 2016 > block macros, but my server does not have this admin template in its group policy.

You need to install the Office 2016 Administrative Template files (ADMX/ADML) and Office Customization Tool on the Active Directory Domain Controller.

While you can individually add the required keys to block macros, if you create them for the current user, it would only apply to whichever user you were using. Using the group policy will disable them for all users, prevent all users from enabling macros unless they are an Administrator on the Active Directory domain.

  1. Open the Group Policy Management Console, right-click the Group Policy Object you want to configure and click Edit.

  2. In the Group Policy Management Editor, go to User Configuration.

  3. Click Administrative templates > Microsoft Word 2016 > Word options > Security Trust Center.

  4. Open the Block macros from running in Office files from the Internet setting to configure and enable it.

Source: New feature in Office 2016 can block macros and help prevent infection

Solution 2

In Office 2016 Group Policy settings, there is an item "Block macros from running in Office files from the Internet".

This policy setting allows you to block macros from running in Office files that come from the Internet.

If you enable this policy setting, macros are blocked from running, even if "Enable all macros" is selected in the Macro Settings section of the Trust Center. Also, instead of having the choice to "Enable Content," users will receive a notification that macros are blocked from running. If the Office file is saved to a trusted location or was previously trusted by the user, macros will be allowed to run.

To configure it, we can create the following registry key on your server:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\word\security HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\excel\security HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\powerpoint\security

In each key listed above, create this value:

DWORD: blockcontentexecutionfrominternet

Value = 1

Share:
16,524
crshadow
Author by

crshadow

Updated on September 18, 2022

Comments

  • crshadow
    crshadow over 1 year

    my organization has a windows 2016 server standard edition and i'm wondering how to go about adding a group policy to block office macros. I've seen a lot of other posts using user config > administrative templates > office 2016 > block macros, but my server does not have this admin template in its group policy.

    The reason I'd like to do this is because we've been getting hit with spammed with documents that say please see attached and confirm, and the users are able to enable editing to run the macros. This in turns their machine basically into a spam bot, and will post that exact thing to any mail as a reply.

    Any help with this would be greatly appreciated.

    Thanks

    • Ramhound
      Ramhound over 5 years
      So why can’t you add the administrator template? You will need to do that in order to accomplish what you want. This cannot be accomplished without installing the required template.
    • crshadow
      crshadow over 5 years
      I've tried finding instructions on adding the template, but I can't find solid instructions on how to do so, or where to actually find it. I've looked all over the microsoft site, and just couldn't find any good instruction for someone who has never added the template or done anything like this before. I'm very much a novice and trying to work through it.
  • crshadow
    crshadow over 5 years
    Thank you for this answer, will adding these keys configure just the server, or all users too? I'm sorry for my ignorance, i'm just new to this all. Like I mentioned on the previous comment, I'm not sure how to get the template installed, but will add those DWORDs to the registry. Hope to hear from you.
  • Ramhound
    Ramhound over 5 years
    @crshadow - See my answer.
  • WinniL
    WinniL over 5 years
    You can either add the Office 2016 Administrative Template on local server or directly add registry keys to do it.
  • crshadow
    crshadow over 5 years
    Thank you for this, After playing with it a bit, I discovered that after installing the package from microsoft, that you have to copy the admx files into the %systemroot%\PolicyDefinitions\ and the adml files into the EN-us folder that resides there. I appreciate the help!
  • Ramhound
    Ramhound over 5 years
    You really shouldn’t have to do that but whatever works.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Excel cannot open the file "filename.xlsm" because the file format or file extension is not valid?
Fake invoice attachments, what's the real functionality doing?
Find all instances of a text and make it a hyperlink with a macro
Office: file opens in protected view, how to find out why?
How to select radio buttons by cell value in Excel?
Prevent Sending Spam with my Yahoo Account?
Disable all Microsoft Office macros globally for all users
Using English macros in French version Excel
Console window keeps popping up
How do I import ADMX files for Microsoft Office 2013?