Using GPO to manage macros

Occasional Visitor

For most of my users, macros are only likely to be encountered in stray spam/phishing emails that broach our various defences. I'd like to block their operation if I can and have followed some of the tips here to create a test GPO that will prevent most users from inadvertently running any illegitimate code.

 

The main issue I've uncovered so far though is that it highlights various add-ins that Outlook loads on start-up, including several from MS itself (Exchange Add-in, Teams etc.) and from my AV supplier, TeamViewer etc., each asking to enable or disable, with the option to "Trust all documents from this publisher":

Trusted Documents.PNG

 

I don't want to go to the trouble of warning all my users that macros are bad then tell them to simply "Trust all" for every warning on Outlook startup - seems kinda counterintuitive! Is there a way I can push this trust out via GPO to AD workstations? I tried to track the certificate one of the warnings installed in an attempt to do this but I couldn't subsequently find it. Is there a way to simply trust - across the AD - certificates published by Microsoft and ESET?

 

thanks for any help in advance,

 

Calum

0 Replies