Enable or Disable Trust All Installed Add-ins and Templates [Office 2003 SDK Documentation]

The Trust all installed add-ins and templates check box (see Table 1 in the Office 2003 Security Options Matrix topic for details) is commonly misunderstood. By default it is enabled, but Microsoft recommends that customers with very high security requirements disable it, and this is a good "defense in depth" approach.

If you have no need to run unsigned personal macros or unsigned COM add-ins, you should turn off this option. As can be seen in Table 1 and Table 2 when an Office application security level is at High, with Trust all installed add-ins and templates option disabled, all add-ins and templates that are not code signed will automatically be disabled. And if the add-ins and templates are code signed with a certificate not listed in the Trusted Publishers list, a user will be prompted to either enable or disable the add-ins or templates.

Selecting the Trust all installed add-ins and templates check box will allow all COM add-ins that have been installed in the registry (which requires administrative privileges) or macros that are stored in your personal or workgroup locations to run, regardless of whether they are code signed or not. It should also be noted that end-users do not need administrative privileges to install macros to certain template and startup folders. Examples of these locations in Word are:

1) \Documents and Settings\<user name>\Application Data\Microsoft\Word\STARTUP

2) \Documents and Settings\<user name>\Application Data\Microsoft\Templates

If you enable the Trust all installed add-ins and templates option, the way you can be attacked is if you download, register, and run a malicious COM add-in or run a malicious template placed in a "trusted location" (templates don't need to be registered) from someone else.

If you decide to run personal macros or to run locally installed COM add-ins, and you don't want to purchase a digital certificate, and want to disable the Trust all installed add-ins and templates option, here is how you can do it.

1) Sign your personal macros or locally installed COM add-ins using a test certificate with either selfcert.exe or Authenticode tools, depending on whether it's a macro or add-in. This way, you can keep your security settings at High, with the Trust all installed add-ins and templates option disabled. For more information on how to generate a test certificate, refer to the Digital Code Signing For Testing Purposes topic.

2) Set your Office application security level to Medium with Trust all installed add-ins and templates disabled. With this particular security setting, you will be prompted to either disable or enable a COM add-in or macro when the application is launched. It's strongly recommended that you only do this in a testing environment (see the Running Unsigned Add-in Samples topic for more information).

It is recommended that you also read The Ten Immutable Laws of Security article on the Microsoft TechNet Web site.