This article describes what a trusted publisher is, how to enable content from a publisher, why it is more secure to use code projects created by trusted publishers. Also you can learn how to add, view, or remove trusted publishers from the Trusted Publishers list in the Trust Center.
Enable active content from a publisher when the Message Bar appears
When new active content (such as a signed macro or add-in) arrives in a file from a publisher, the Message Bar appears with a shield icon, warning text and the Enable Content button. If you know the publisher is reliable, you can click Enable Content to enable the active content to run.
- On the Message Bar, click Enable Content.
- The file opens and is a trusted document.
Notes
- The file becomes a trusted document, but the publisher is not trusted. See the following section for more information about how to add publishers to the Trusted Publishers list.
- To view publisher details, click the File tab. In the Security Warning area, click Enable Content > Advanced Options to learn more about the publisher.
Top of Page
Add a trusted publisher when the Security Warning appears
To add a publisher the Trusted Publishers list in the Trust Center, do the following:
- Open the file from the new publisher.
- Click File > Enable Content in the Security Warning area.
- Click Advanced Options > Trust all documents from this publisher.
Enable a publisher's active content for one time when the Security Warning appears
To enable a publisher's active content for one time when the Security Warning appears, use the previous instructions to access the Microsoft Office Security Options dialog box. In the dialog box, click Enable all content for this session for each piece of active content in the list.
Top of Page
Add a trusted publisher via the Trust Center
If you know that active content (macros, ActiveX controls, data connections, and so on) from a new publisher is reliable, you can add the publisher to the trusted publishers list in the Trust Center.
- Open the file from the new publisher.
- Click File > Options.
- Click Trust Center > Trust Center Settings > Trusted Publishers.
- In the list, select the publisher's certificate, and then click OK.
Important If you open a file from a publisher and you receive a warning message that there is no signature present, or that the signature is invalid, you should not enable the content or trust the publisher unless you are sure the code project comes from a reliable source. You can learn more about digital signatures and their certificates in How to tell if a digital signature is trustworthy.
Top of Page
View or remove a trusted publisher
- Open a file created by a publisher.
- Click File > Options.
- Click Trust Center > Trust Center Settings > Trusted Publishers.
- In the Trusted Publishers list, select the publisher to remove, and then click Remove.
What do I do if the Remove button is grayed out?
The Office program isn’t running with administrator privileges. Here’s how to fix it.
For Windows 7
- Click Start > All Programs > Microsoft Office.
- Right click an Office program, like Word 2013.
- Click Run as administrator.
For Windows 8
- Swipe in from the right edge of the screen, and then tap Search. If you are using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, and then click Search.
- In the Apps box, type the name of an Office program like Word 2013. In the results pane, swipe down on that Office program to reveal the app bar, then click Run as administrator on the app bar. If you’re using a mouse, right-click that Office program to reveal the app bar.
If you don’t log on to the computer as an administrator, you’re asked to provide the administrator account. When you’re asked to provide the administrator account, type the administrator user name and password in the User Account Control dialog box. Then click OK.
After you click Remove, close the Office program since running Office with administrator privileges isn’t recommended for regular use.
- Click OK.
Top of Page
What is a trusted publisher?
A publisher is someone, usually a software developer, who has created a code project, such as a macro, an ActiveX control, an add-in, and so on. Before you can consider a publisher to be reliable, you have to know who the person is and whether the person's credentials are valid. Trusted publishers are reputable and meet all the following criteria:
- The code project is signed by the developer with a digital signature.
- The digital signature is valid (valid: Refers to the status of a certificate checked against a certificate authority's database and found to be legitimate, current, and not expired or revoked. Documents signed by a valid certificate and not altered since signing are considered valid.).
- This digital signature is current (not expired).
- The certificate (certificate: A digital means of proving identity and authenticity. Certificates are issued by a certification authority, and like a driver's license, can expire or be revoked.) associated with the digital signature was issued by a reputable certificate authority (CA) (certificate authority (CA): A commercial organization that issues digital certificates, keeps track of who is assigned to a certificate, signs certificates to verify their validity, and tracks which certificates are revoked or expired.).
- The developer who signed the code project is a trusted (trust: Indicates whether you trust the individual or group to whom the certificate is issued. The default setting is Inherit Trust from Issuer, which means that the certificate is trusted because the issuer, usually a certificate authority, is trusted.) publisher.
Note If you try to run code that does not meet all of these criteria, the code is disabled, and the Message Bar appears to notify you of a potentially unsafe publisher.
Important If you open a file from a publisher and you receive a warning message that there is no signature present, or that the signature is invalid, you should not enable the content or trust the publisher unless you are sure the code project comes from a reliable source. You can learn more about digital signatures and their certificates in How to tell if a digital signature is trustworthy.
Top of Page
