Then, open Word, go to File > Options > Trust Center > Trust Center Settings > Macro Settings. Once you make these changes, run a gpupdate on a client workstation.
Repeat this step for each of the other Microsoft Office products (Excel, PowerPoint, and Outlook). Select “Enabled”, and change the dropdown to the setting you would like - “Disable All With Notification” is a good choice. Navigate to User Configuration > Administrative Templates > Microsoft Word 20xx (where xx is your MS Office version) > Word Options > Security > Trust Centerĭouble click on VBA Macro Notification Settings. Right-click and edit the GPO you just created (or your existing Office GPO). Name it something like “MS Office – Disable Macros”. Create a new group policy object in root of your domain. If not, you’ll need to import the MS Office administrative templates (ADMX files) for the version of Office that you’re using, and then create a new Group Policy Object to hold the macro settings.ĭownload the Administrative Templates for your version of Office from the Microsoft downloads site (for example, the files for Office 2013 can be found here.) Follow the instructions for importing ADMX templates into your central store here. If you are already managing Office settings using Group Policy, you can skip this step. To disable macros in group policy, do the following: Set Up Group Policy Disabling Microsoft Office macros is a quick and easy way to beef up your network security against new and emerging threats. So, unless macros are an important part of your company’s workflow, the safest option is to disable them completely using Group Policy. For example, the malicious Word documents that spread the Locky virus appeared to have garbled formatting, strange characters, and gibberish, with a “helpful” note that said “If document is not formatted correctly, enable macros”. But virus writers have developed some sneaky social engineering tricks to get users to disable Protected Mode and run macros. Once it’s activated, it executes a bit of Javascript that connects to a web server and downloads the virus payload.īy default, MS Word does not run macros automatically, but prompts the user to enable them if the document contains them. In those cases, the macro itself isn’t the virus. Several of the recent Cryptolocker-type viruses, such as Locky, spread themselves through malicious Word macros. Believe it or not, Microsoft Office macros are still a serious security threat.