Is there anyway a user can have macros enabled by default for a single workbook but not other ones? It is annoying you constantly have to enable them every time you open a particular workbook. Thanks
You can set trusted locations (folders) from which files can be opened without asking for enabling macros: http://office.microsoft.com/en-us/word-help/create-remove-or-change-a-trusted-location-for-your-files-HA010031999.aspx
In case, it is a workbook created by you then you can add your digital certificate to it. Digital certificate created by you will be trusted in your machine. Digital Certificate can be created by the tool listed in MS Office tools(start menu). And after creating digital certificate, you can attach it to your workbook in vba editor in excel.
Related
I have just moved machine from Windows 8.1/office 2010 to Win 10/Office 2019. I have an Excel spreadsheet with a lot of VBA code. Excel 2019 wont accept the old certificate so I am having to re-certificate the sheet.
In the Trust Centre
The options are set to "Disable all macros except digitally signed macros"
As far as I am able the trust centre settings in the two offices are set the same.
I have created a new certificate on the Windows 10 machine. (MyCert)
I have tried installing it as per microsoft's guide. (https://support.microsoft.com/en-us/office/digitally-sign-your-macro-project-956e9cc8-bbf6-4365-8bfa-98505ecd1c01)
But the protected view and the Enable editing messages persist.
I have tried removing the certificate saving the file; then adding the certificate and saving it again - without effect.
The certificate shows as having been added and appears in the dialog box. Both under Signed as and sign as parts of the dialog box.
The certificate is not in the trusted store but I could not see how to use mmc (certificate addin) to add it.
I realise that I am making a simple mistake but I cant see how to get Excel to recognise the certificate and I wonder if anyone can help?
I am trying in our installer to add a macro that is available to every worksheet. What we presently do in our wix installer is (both 32-bit & 64-bit):
msOfficeApp.Workbooks.Add
msOfficeApp.Workbooks.Open (Session.Property("ExcelMacroLoc") & "AutoTagExcelMacro.xla")
msOfficeApp.Workbooks("AutoTagExcelMacro.xla").RunAutoMacros 1
...
<Property Id="ExcelMacroLoc" Value='C:\' />
<CustomAction Id="AssignExcelMacroLoc" Return="check" Execute="firstSequence" Property ='ExcelMacroLoc' Value='[INSTALLDIR]'>
</CustomAction>
This works sometimes, but not always. Oftentimes we get some or all of the below. What is the best way to tell Excel where this VBA script is and that it's ok to use in any worksheet?
I think the issues/questions are:
Is there anything in this macro (AutoTagExcelMacro.xla) that needs to change (written in 2000)?
Should the file's extension be changed to .xlam? And does that require any other changes?
How do I digitally sign the xla file?
How do I figure out where Excel is installed (to know where to install the macro)?
How do I determine the bitness of Excel (GetBinaryType does not work).
Is there anything else I need to do besides copy the xla file to the appropriate folder?
Also asked on MSDN (I'll post any answer from there here).
" #ProfoundlyOblivious Could you please post an answer telling us how to do each part best - digitally signing, trusted location, etc. and what/where we should tell people to look for macros being disabled? – David Thielen "
Disclosure: I am not an expert in software deployment, my knowledge is limited to the obstacles I encountered sharing my VBA solutions among peers on IT managed networks.
Note: The dialog boxes in your post do not all originate from the same cause. The first relates to security and the others to file availability.
Security
Macros have been, and still are, used in the development and circulating of malicious software. As a result macros are disabled by default and require user interaction to run.
Macro Security Settings
Macros are enabled through the Trust Center, which is accessed through the file menu. These settings are independent for each Office application and some applications may have additional options involving the suppression of a dialog box. Such as Excel where all macros may be disaabled without notification or all macros may be disaabled with notification. There are three basic settings for all Office applications summarized as:
Disable all macros
Disable all unsigned macros
Enable all macros (Not Recommended)
I strongly recommend that one does not enable all macros. It may achieve a desired result but I believe the risk is far too great to warrant the consideration.
Digitally Signed Macros
A digitally signed macro in and of itself simply means the underlying code has not been changed by anyone since last saved by the signer. If the signer's certificate is installed on a computer as a trusted publisher then macros signed with that certificate can run without notification under the requisite macro security setting.
In corporate environments, IT may retain a library of certificates and there may be an established procedure for an internal developer to submit a project for wider circulation, whereafter IT signs the project so it can be run with minimal intervention.
In my experience however, I have found many companies do not have an SOP for this process or that the process is prohibitively onerous. At such times, I turn to self-signed certificates. A self-signed certificate if miraculous for personal development because it provides ample flexibility without incurring the risk if allowing unsigned code to run. The problem, of course, then comes with sharing your code because the recipient will not have your certificate installed. They could install my certificate but my personal preference is that I send an unsigned project and they create a certificate and sign the project themselves. This is an easy step-by-step process that requires no skill beyond the ability to follow instructions.
Trusted Location
A document saved in a trusted location can run macros without notifications. Trusted locations are added in the Trust Center.
By default, XLStart is a trusted location
File Availability
When Excel is opened, it will try to refresh links to other data sources and add-ins. Those files must be open for a successful refresh and a dialog box will appear if the refresh fails.
Based on little more than experience and deduction, I believe this message is often semi-erroneous and driven by either the lack of a time out timer or too short of one. I have tested this with a simple worksheet and a simple add-in. The message pops saying the link could not be updated but it was open and updated by the time I manually check the status of the connection.
In other words, the dialog box was an iritation that served no value.
There is an option that suposedly offers some control over the "Links Could Not Be Updated" window with options along the lines of:
Update links and notify
Update links and do not notify
I have found these settings unreliable and prone to resets from crashes and updates.
To the best of my knowledge, the most assured way if avoiding this type of warning is to install the add-in after Excel is stable and uninstall the add-in before Excel closes. Of course this comes with it's on set of problems including a user perceivable slower loading time.
I would like to know how I can achieve the following:
Have Excel open without the request to "Enable Macros" for an Excel sheet that is distributed as a template and filled in by many, to then come back to a script of mine that wants to read the contents of the Excel sheet (Macros are only there for the users).
Any actions that require me to perform a change to my own installation of Excel (such as adding the file to the trusted docs), won't work, since the computer that runs the script, can be any of a 1000 computers that contains the automated script.
Signing the Excel sheet (something I read here, could solve the issue), is fine, but I would like to know how to go about his, when operating from within an enterprise, governed with a lot of security regulations.
I don't have access to alter the trust center settings, nor can I click the "enable macro's" button every time...
All help is welcome.
The simplest solution is to store the template in a "Trusted Location" - that is a folder on your network where macros are allowed. You can either set the template's current location as trusted, or move the template into an existing trusted location. Your IT dept should be able to set up such a location if they don't already have one enabled in people's profiles. You'll have to talk to your IT dept because it's unlikely your users can alter this setting themselves.
Fortunately noone can do this. If it was allowed to automatically prevent the "Enable Macros" security warning pop-up, this would have been a huge security issue:
However, you may contact the people using the template and ask them to enable all macros from the Trust Centre:
This is how to navigate to the Trust Centre in Excel:
Microsoft Office Button
Excel Options
Trust Center
Trust Center Settings
Macro Settings
Enable or disable macros in Office files
Vityata's solution only works if your enterprise security policy allows trusting network drives. It doesn't work in our environment as our security policy disables trusting network drives.
I handled the issue on a much smaller scale by self-signing the macros and installing my cert on the client's computers. I only have a few clients that use the scripts I write so it's not a big deal for me.
However, to do this at scale would require your IT dept to distribute your cert via their Windows update mechanism. You have to have admin access to your machine and a second as a test platform for this to work.
The steps you would take would be:
Create your self-signed cert.
Sign the macro.
Test it works on another machine by installing your cert on the other machine and running the macro.
Send the cert to your IT dept for them to distribute.
Send the spreadsheet to your clients.
I'm working on an alternative approach of setting our department up as a certificate authority and issuing properly signed certs internally for our own use. We have a plethora of devices that don't have fully qualified domain names assigned to them because the network group doesn't want to deal with the overhead of maintaining thousands of certs. As you might imagine, it's a project to get all the pieces in play so that one person can handle it.
I have a Windows 2003 Server box with Excel 2010 installed, upon which I am unable to create new or execute existing macros in spreadsheets. Note: this machine is in a Windows Domain (and I am not getting much help from the network folks here.)
I can and have edited the macro security levels within Excel (File, Options, Trust Center, Macro Settings --> Enable All Macros) but despite this, when I try to:
Open a spreadsheet with macros, I get an exception "Excel found unreadable content...." which goes on to refer to the VBA macros within the spreadsheet
Create a new macro in a brand new spreadsheet created on this machine, all the toolbar buttons providing access to the VBA editor are disabled.
Could this be a Group Policy setting that allows me to edit the macro security settings, but overrides these settings and prevents me from actually creating, editing, or executing VBA macros? (If so, does anyone happen to know which group policy setting I should be looking for?)
I've run rsop.msc (Resultant Set of Policy) on the machine and looked through every single thing under both Computer Configuration and User Configuration, but I don't see anything related to Excel (or Office) Security/Macros.
In this case, the problem was that Visual Basic for Applications hadn't been installed when Excel itself was installed.
(As usual, Microsoft could do a much better job of alerting the user to this unusual configuration, but what can you do.)
I've created an add-in and installed it, but now when I open Excel I get an error pop-up telling me that the add-in file is a security risk and that automatic updating of links is disabled. I've looked it up and it refers to the Windows DDE protocol, but what does that have to do with this add-in? Does anyone know what's happening behind the scenes here?
Thanks
Excel does not know if the add-in is truly trusted so it is killing Dynamic Data Exchange so that your shiny new add-in can't download malicious code without the user knowing it. You are going to want to tell Excel to trust the plugin using the Excel trust center (Office Button > Excel Options > Trust Center > Trust Center Settings Button). Look at both the Add-Ins section and the Macro Settings section.
One thing you might want to consider is signing your code with a certificate (tools > Digital Signature in the Vb editor) and then having your end users add your cert to the trusted publishers. If your end users are in a domain setting, the trusted publishers can be set as a domain policy so the end users won't even have to think about it.