Office 2003 Security Options Matrix [Office 2003 SDK Documentation]
Smart tag DLLs are in essence COM add-ins. Even though only Office add-ins security will affect whether a smart tag DLL will get loaded or not, this section will also talk about macro security since you will probably encounter or need to work with macros.
Note The terms "COM add-ins" and "add-ins" are used interchangeably here. Similarly the terms "VBA macro", "macro" and "template" are also used interchangeably here and meant the same thing.
Table 1 and Table 2 below describe the behavior of Word, Excel, PowerPoint and Access applications when loading unmanaged COM add-ins (add-ins built using Microsoft Visual Studio® 6.0), and macros. It demonstrates how Office security features mitigate the risks of loading malicious components by checking the identity of their publishers, letting users make explicit trust-based decisions, and so on depending on the users specific security settings. To display the Security dialog box, on the Tools menu, point to Macro, and click Security.
Note For managed smart tag DLLs (smart tags built using Microsoft Visual Studio® .NET), see the Managed Smart Tag Security section for detailed explanation on how security checking is done on managed smart tag DLLs and any dependent assemblies the managed smart tag DLLs call into.
The availability of, and options within, the Security dialog box varies depending on the specific Office application. Additionally, specific Office applications silently load macros only from specific directories. For example, selecting the Trust all installed add-ins and templates check box will allow all macros that are stored in certain personal or workgroup locations that are considered "trusted locations" to run regardless of whether they are code signed or not. For example in Word, to view these locations, in the Tools menu, click Options and then click the File locations tab. It should also be noted that not all Office applications support the "trusted locations" option for macros. For more discussions about the Trust all installed add-ins and templates option, see the Enable or Disable "Trust All Installed Add-ins and Templates" topic.
Table 1: Security Dialog Box Options General Description
The table below explains the security options in the Security dialog box and what they mean.
| Option | General Description |
|---|---|
| Very High | The Very High security level is a new security level introduced in Office 2003. If this security level is selected and the Trust all installed add-ins and templates check box is not selected (that is cleared), all add-ins and macros will be disabled regardless of whether they are signed, from trusted publishers or unsigned.
If the Trust all installed add-ins and templates check box is selected, all installed add-ins will be allowed to run. However, whether a macro will be allowed to run or not depends on whether it is in the "trusted locations" or not. |
| High | If the High security level is selected and the Trust all installed add-ins and templates check box is not selected (that is cleared), all unsigned add-ins and macros will be disabled. If they are signed and the publisher of the add-ins or macros are not in the Trusted Publishers list, users will be prompted to either trust the publisher or disable the add-ins or macros. Users do not have the option to run the add-in or macro on a per-application session basis. The only option is to either trust or not trust the publisher.
If the Trust all installed add-ins and templates check box is selected, all installed add-ins will be allowed to run regardless of whether they are signed or not. Macros (signed and unsigned) will be allowed to run if they are in the "trusted locations". |
| Medium | If the Medium security level is selected and the Trust all installed add-ins and templates check box is not selected (that is cleared), users will be prompted to either enable or disable all add-ins and macros that are unsigned. If they are signed and the publisher of the add-ins or macros are not in the Trusted Publishers list, users will be prompted to either trust the publisher or enable the add-in or macro on a per-document session basis.
If the Trust all installed add-ins and templates check box is selected, all installed add-ins will be allowed to run regardless of whether they are signed or not. Macros (signed and unsigned) will be allowed to run if they are in the "trusted locations". If they are not in the "trusted locations", users will be prompted to enable or disable the macros. You can run the macro only for the current application session. |
| Low | If the Low security level is selected, all add-ins and macros will be loaded, regardless of whether the Trust all installed add-ins and templates check box is selected or not, the add-ins or macros are signed or not and whether the macros are in the "trusted locations" or not. It is like choosing not to have any security. |
| Trust all installed add-ins and templates | If you select the Trust all installed add-ins and templates check box for a particular Office application, you are specifying to trust and load all installed and registered add-ins regardless of whether they are signed or not. Additionally, if the application supports the "trusted locations" option, you are specifying to trust and load all installed macros in the "trusted locations" regardless of whether they are signed or not. |
| Trusted locations | "Trusted locations" only applies to macros. It should be noted that not all Office applications support the "trusted locations" option.
"Trusted locations" are folders that users or administrators choose to trust. There are also certain folders that are by default trusted. The "trusted locations" only works if the Trust all installed add-ins and templates check box is selected. When the Trust all installed add-ins and templates check box is selected, all macros that are stored in certain personal or workgroup locations that are considered "trusted locations" will be loaded regardless of whether they are code signed or not. For example, to view these locations in Word, in the Tools menu, click Options and then click the File locations tab. A complete discussion about which Office 2003 applications support the "trusted locations" option and which doesn't, and where each application's "trusted locations" are located is beyond the scope of the Smart Tag SDK. As stated at the beginning of the page, macro specific security does not affect smart tag DLLs. Macro security is being called out in the Smart Tag SDK only because add-ins and macros share the same security dialog box and this could cause confusion. The brief discussion here is to clear any confusion that may arise. |
Note In Access, there is no user interface for the Very High security level. You have to set the registry key to 4 (REG_DWORD) yourself if you want to set Access security level at Very High. The registry key to set is HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Access\Security::Level . If you do that, Access won't be able to open any ADPs or MDBs. However, you will still be able to open Access and get to the Security dialog box when the setting is at Very High. If you navigate to the Security dialog box when the registry key is at Very High, you will see none of the three security options (High, Medium and Low) selected. If you choose any of them, the registry key will then be set to the corresponding 3 (High), 2 (Medium), or 1 (Low) level.
Table 2: Security Settings Options Matrix
The table below describes in detail the security setting options and how selecting or not selecting a specific option affects whether an add-in or macro wil be loaded or not.
| Security Level | Trust all installed add-ins and templates checkbox | Digitally Signed | From a Trusted Publisher | VBA Macros In a Trusted locations | Word, Excel, PowerPoint, and Access will |
|---|---|---|---|---|---|
| Very High | Cleared | Yes | Yes | Yes or No | Not load the add-in or macro. |
| Very High | Cleared | Yes | No | Yes or No | Not load the add-in or macro. |
| Very High | Cleared | No | Not Applicable | Yes or No | Not load the add-in or macro. |
| High | Cleared | Yes | Yes | Yes or No | Loads the add-in or macro silently. |
| High | Cleared | Yes | No | Yes or No | Prompt to enable or disable the add-in or macro. |
| High | Cleared | No | Not Applicable | Yes or No | Not load the add-in or macro. |
| Medium | Cleared | Yes | Yes | Yes or No | Load the add-in or macro silently. |
| Medium | Cleared | Yes | No | Yes or No | Prompt to enable or disable the add-in or macro. |
| Medium | Cleared | No | Not Applicable | Yes or No | Prompt to enable or disable the add-in or macro. |
| Low | Cleared | Yes or No | Yes or No | Yes or No | Load the add-in or macro silently. |
| Very High | Selected | Yes or No | Yes or No | No | Load the add-in. But macro will not be loaded. |
| Very High | Selected | Yes or No | Yes or No | Yes | Load the add-in or macro silently. |
| High, Medium, or Low | Selected | Yes or No | Yes or No | Yes | Load the add-in or macro silently. |
For more detailed and complete information about Office security, see the "Microsoft Office XP Macro Security White Paper" on Office online. Even though it was written for Office XP, it is still relevant. The Microsoft Office 2003 security white paper wasn't out yet at the time of the Smart Tag SDK writing. But look out for it on Office online, or\and the Office Developer Center on MSDN. Another very good Web site for Office security related white papers is the Microsoft Office 2003 Resource Kit (ORK) Web site.