Using GPO to manage macros

%3CLINGO-SUB%20id%3D%22%5C%26quot%3Blingo-sub-3167296%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3EUsing%20GPO%20to%20manage%20macros%26lt%3B%5C%2Flingo-sub%26gt%3B%3CLINGO-BODY%20id%3D%22%5C%26quot%3Blingo-body-3167296%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3E%3CP%3EFor%20most%20of%20my%20users%2C%20macros%20are%20only%20likely%20to%20be%20encountered%20in%20stray%20spam%2Fphishing%20emails%20that%20broach%20our%20various%20defences.%20I'd%20like%20to%20block%20their%20operation%20if%20I%20can%20and%20have%20followed%20some%20of%20the%20tips%20%3CA%20title%3D%22%5C%26quot%3B4sysops.com%5C%26quot%3B%22%20href%3D%22%5C%26quot%3Bhttps%3A%2F%2F4sysops.com%2Farchives%2Frestricting-or-blocking-office-2016-2019-macros-with-group-policy%2F%23force-verification-by-virus-scanner%5C%26quot%3B%22%20target%3D%22%5C%26quot%3B_blank%5C%26quot%3B%22%20rel%3D%22%5C%26quot%3Bnoopener%20nofollow%20noopener%20noreferrer%22%20nofollow%3D%22%22%20noreferrer%3D%22%22%3Ehere%26lt%3B%5C%2FA%26gt%3B%20to%20create%20a%20test%20GPO%20that%20will%20prevent%20most%20users%20from%20inadvertently%20running%20any%20illegitimate%20code.%26lt%3B%5C%2FP%26gt%3B%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EThe%20main%20issue%20I've%20uncovered%20so%20far%20though%20is%20that%20it%20highlights%20various%20add-ins%20that%20Outlook%20loads%20on%20start-up%2C%20including%20several%20from%20MS%20itself%20(Exchange%20Add-in%2C%20Teams%20etc.)%20and%20from%20my%20AV%20supplier%2C%20TeamViewer%20etc.%2C%20each%20asking%20to%20enable%20or%20disable%2C%20with%20the%20option%20to%20%22Trust%20all%20documents%20from%20this%20publisher%22%3A%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%5C%26quot%3Blia-inline-image-display-wrapper%22%20lia-image-align-inline%3D%22%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fgxcuf89792%2F%5C%26quot%3Bhttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F348327i3B6D4C17709E21A2%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%5C%26quot%3B%22%20role%3D%22%5C%26quot%3Bbutton%5C%26quot%3B%22%20title%3D%22Trusted%20Documents.PNG%22%20documents.png%3D%22%22%20alt%3D%22Trusted%20Documents.PNG%22%20%2F%3E%26lt%3B%5C%2Fspan%26gt%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EI%20don't%20want%20to%20go%20to%20the%20trouble%20of%20warning%20all%20my%20users%20that%20macros%20are%20bad%20then%20tell%20them%20to%20simply%20%22Trust%20all%22%20for%20every%20warning%20on%20Outlook%20startup%20-%20seems%20kinda%20counterintuitive!%20Is%20there%20a%20way%20I%20can%20push%20this%20trust%20out%20via%20GPO%20to%20AD%20workstations%3F%20I%20tried%20to%20track%20the%20certificate%20one%20of%20the%20warnings%20installed%20in%20an%20attempt%20to%20do%20this%20but%20I%20couldn't%20subsequently%20find%20it.%20Is%20there%20a%20way%20to%20simply%20trust%20-%20across%20the%20AD%20-%20certificates%20published%20by%20Microsoft%20and%20ESET%3F%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3Ethanks%20for%20any%20help%20in%20advance%2C%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3ECalum%26lt%3B%5C%2FP%26gt%3B%26lt%3B%5C%2Flingo-body%26gt%3B%3CLINGO-LABS%20id%3D%22%5C%26quot%3Blingo-labs-3167296%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3E%3CLINGO-LABEL%3EAdmin%26lt%3B%5C%2Flingo-label%26gt%3B%3CLINGO-LABEL%3EOffice%20365%26lt%3B%5C%2Flingo-label%26gt%3B%3CLINGO-LABEL%3ESecurity%26lt%3B%5C%2Flingo-label%26gt%3B%26lt%3B%5C%2Flingo-labs%26gt%3B%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3C%2FLINGO-SUB%3E
Occasional Visitor

For most of my users, macros are only likely to be encountered in stray spam/phishing emails that broach our various defences. I'd like to block their operation if I can and have followed some of the tips here to create a test GPO that will prevent most users from inadvertently running any illegitimate code.

 

The main issue I've uncovered so far though is that it highlights various add-ins that Outlook loads on start-up, including several from MS itself (Exchange Add-in, Teams etc.) and from my AV supplier, TeamViewer etc., each asking to enable or disable, with the option to "Trust all documents from this publisher":

Trusted Documents.PNG

 

I don't want to go to the trouble of warning all my users that macros are bad then tell them to simply "Trust all" for every warning on Outlook startup - seems kinda counterintuitive! Is there a way I can push this trust out via GPO to AD workstations? I tried to track the certificate one of the warnings installed in an attempt to do this but I couldn't subsequently find it. Is there a way to simply trust - across the AD - certificates published by Microsoft and ESET?

 

thanks for any help in advance,

 

Calum

0 Replies