locked
Office 2016 "Trust access to Visual Basic Project" RRS feed

  • Question

  • Is it possible, either through the registry or via GPO to check this box for Office 2016 products, but still allow the end user to uncheck the box if they require? 

    Josh

    Thursday, September 27, 2018 7:02 PM

All replies

  • That is a dangerous setting to apply as the user's default, as it exposes your system to viruses that deploy their own macros to damage your system and/or steal your data.

    Cheers
    Paul Edstein
    [MS MVP - Word]

    Friday, September 28, 2018 12:32 AM
  • Hi Josh,

    Do you mean the end user can unchek the option but not able to check the option?

    As far as I know, there is no way to get this result, you can only use GPO to able or disbale this option.

    Regards,

    Emi


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Josh_1987 Friday, October 5, 2018 8:00 PM
    • Unmarked as answer by Josh_1987 Friday, October 5, 2018 8:01 PM
    Wednesday, October 3, 2018 8:01 AM
  • Thanks, I know it's dangerous. We have some internal macros so I was wondering if this was possible. 

    Josh

    Wednesday, October 3, 2018 2:25 PM
  • Thanks, that's what I've found as well. I was looking for something that would enable me to have this option checked/enabled by default, but still allow it to be unchecked/disabled on by the end user if desired. 

    Josh

    Wednesday, October 3, 2018 2:26 PM
  • Having 'internal macros' is no reason for doing that; simply save them in documents/templates designated as trusted and/or stored in a folder that is designated as a trusted location.

    Cheers
    Paul Edstein
    [MS MVP - Word]

    • Proposed as answer by Charles Kenyon Friday, October 5, 2018 8:00 PM
    Wednesday, October 3, 2018 10:01 PM
  • I don't have access to or know what the macros are/do. They are part of some reports that come out of an Oracle system that I don't have access to. 

    Josh

    Wednesday, October 3, 2018 10:05 PM
  • That is irrelevant to the consideration of whether they should be placed in a trusted document and/or folder.

    Cheers
    Paul Edstein
    [MS MVP - Word]

    Thursday, October 4, 2018 1:25 AM
  • It's actually not irrelevant considering I don't have the ability to do so. 

    Josh

    Friday, October 5, 2018 8:01 PM
  • Then get someone with the appropriate access rights to do so... If you can't do that, your chances of messing around with trusted access are even less.

    Cheers
    Paul Edstein
    [MS MVP - Word]

    Friday, October 5, 2018 9:21 PM
  • I get the feeling there may be some "talking at cross-purposes" here:

    "Ordinary" macros do not need Access to the VBP. Only macros that actually use the VBP, e.g. to list modules in a VB Project or inspect/modify VB code, need access to the VBP.

    If the code actually needs access to the VBP then that "Trust Access to the Visual Basic Project" must be checked, regardless of whether or not the relevant .docm/.dotm is trusted or in a trusted location. If the code does not need access, that box does not need to be checked.

    If the users are seeing an error message generated directly by the VB environment, I think it's probably error 1004 (but whoever coded the VBA may be handling the errors another way).

    If you are not in a position to see exactly what the problem is, it is difficult to advise further. As far as the GPOs are concerned, I cannot provide a definitive answer but

     a. the documentation I have seen seems pretty clear that if you enable the relevant policy, users cannot change the policy. If you don't enable the policy they can choose whether or not to check the box
     b. What I do not know is whether, once the *policy* is enabled, the behaviour could be changed via a registry change, e.g. by code given to the user that release on elevated privileges or some such to modify the appropriate registry entry.


    Peter Jamieson

    Saturday, October 6, 2018 4:49 PM