Enable or disable ActiveX controls in Office documents

This article explains the risks involved in enabling ActiveX controls and how the Trust Center in the 2007 Microsoft Office system can help to mitigate these risks. In this article, the term document can mean any Office file that can contain ActiveX controls.

To learn more about the Trust Center, you can read View my options and settings in the Trust Center.

For information about Office 2003 and ActiveX, you can see Allow ActiveX controls.

In this article


Enable ActiveX controls when the Security Warning appears

When the Security Warning appears, you can enable ActiveX controls, for the current session, if the control is from a trustworthy source.

  1. On the Security Warning message bar, click Options.
  2. The Security Options dialog box appears.
  3. Select Enable this content.
  4. The content is enabled for this session.

 Note   In Microsoft Office Outlook 2007 and Microsoft Office Publisher 2007, security alerts appear in dialog boxes, not in the Message Bar.

Microsoft Office Security Dialog

 Important   If you do not want to receive security alerts about the content again, you can put the document in a trusted location. Security settings in the Trust Center do not affect a document in a trusted location. The one exception to this is an ActiveX control with the kill bit set. In this state, the ActiveX control does not run.

Top of Page Top of Page

Change ActiveX security settings for Access, Excel, PowerPoint, and Word

Your system administrator might have changed the default settings, and this might prevent you from changing any settings.

 Note   If you change an ActiveX control setting in one Office program, the settings are changed in all the other Office programs listed in these steps.

Which program are you using?


Access

  1. Open an Access database file.
  2. On the Security Warning message bar click Options.
    • Help protect me from unknown content (recommended)    All the ActiveX controls in the database are disabled. Use this option for unknown publshers.
    • Enable this content    Enable all ActiveX controls, modules, and macro actions.

 Important   If you do not want to receive security alerts about the content again, you can put the database in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the kill-bit set. In this state, the ActiveX control does not run.

You can learn more about Access controls, business data, forms, and other topics in Access Demos.

Top of Page Top of Page

Excel

  1. Click the Microsoft Office Button Button image, at the bottom of the dialog, click Excel Options.
  2. Click Trust Center, click Trust Center Settings, and then click ActiveX Settings.
  3. Click the option that you want:
    • Disable all controls without notification     All the ActiveX controls in documents are disabled. A placeholder red X, or a picture of the control appears.

 Important   If you do not want to receive security alerts about the content again, put the document in a trusted location.

  • Prompt me before enabling Unsafe for Initialization controls with additional restrictions and Safe for Initialization (SFI) controls with minimal restrictions     There are two behaviors based on the presence of VBA projects.
  • With a VBA project    All ActiveX controls are disabled and the Message Bar appears. Click Enable to enable the controls.
  • Without a VBA project    SFI ActiveX controls are enabled with minimal restrictions and the Message Bar does not appear. However, ActiveX controls must all be marked as SFI to not to generate the Message Bar. UFI ActiveX controls are disabled.
  • Prompt me before enabling all controls with minimal restrictions     This is the default. There are two behaviors based on the presence of VBA projects.
  • With a VBA project    All ActiveX controls are disabled and the Message Bar appears. Click Enable to enable the controls.
  • Without a VBA project    SFI ActiveX controls are enabled with minimal restrictions and the Message Bar does not appear. However, ActiveX controls must all be marked as SFI to not to generate the Message Bar. UFI ActiveX controls are disabled.
  • Enable all controls without restrictions and without prompting (not recommended, potentially dangerous controls can run)    Enable all ActiveX controls in documents with minimal restrictions.
  • Safe mode (Helps limit the control's access to your computer)     Enable SFI ActiveX controls in safe mode. Safe mode means the developer has marked the control as safe.

To learn more about ActiveX controls and Excel, see Add or register an ActiveX control

 Note   For more about SFI, see Safe Initialization and Scripting for ActiveX Controls

Top of Page Top of Page

PowerPoint

  1. Click the Microsoft Office Button Button image, at the bottom of the dialog click PowerPoint Options.
  2. Click Trust Center, and then .
  3. Under Microsoft Office PowerPoint Trust Center, click Trust Center Settings.
  4. Click ActiveX Settings
  5. Click the option that you want:
    • Disable all controls without notification     All the ActiveX controls in documents are disabled. A placeholder red X, or a picture of the control appears.

 Important   If you do not want to receive security alerts about the content again, put the document in a trusted location.

  • Prompt me before enabling Unsafe for Initialization controls with additional restrictions and Safe for Initialization (SFI) controls with minimal restrictions     There are two behaviors based on the presence of VBA projects.
  • With a VBA project    All ActiveX controls are disabled and the Message Bar appears. Click Enable to enable the controls.
  • Without a VBA project    SFI ActiveX controls are enabled with minimal restrictions and the Message Bar does not appear. However, ActiveX controls must all be marked as SFI to not to generate the Message Bar. UFI ActiveX controls are disabled.
  • Prompt me before enabling all controls with minimal restrictions     This is the default. There are two behaviors based on the presence of VBA projects.
  • With a VBA project    All ActiveX controls are disabled and the Message Bar appears. Click Enable to enable the controls.
  • Without a VBA project    SFI ActiveX controls are enabled with minimal restrictions and the Message Bar does not appear. However, ActiveX controls must all be marked as SFI to not to generate the Message Bar. UFI ActiveX controls are disabled.
  • Enable all controls without restrictions and without prompting (not recommended, potentially dangerous controls can run)    Enable all ActiveX controls in documents with minimal restrictions.
  • Safe mode (Helps limit the control's access to your computer)     Enable SFI ActiveX controls in safe mode. Safe mode means the developer has marked the control as safe.

You can read more about macros, or learn about developer controls in PowerPoint by seeing Macros.

Top of Page Top of Page

Word

  1. Click the Microsoft Office Button Button image, at the bottom of the dialog click Word Options.
  2. Click Trust Center, and then .
  3. Under Microsoft Office Word Trust Center, click Trust Center Settings.
  4. Click ActiveX Settings
  5. Click the option that you want:
    • Disable all controls without notification     All the ActiveX controls in documents are disabled. A placeholder red X, or a picture of the control appears.

 Important   If you do not want to receive security alerts about the content again, put the document in a trusted location.

  • Prompt me before enabling Unsafe for Initialization controls with additional restrictions and Safe for Initialization (SFI) controls with minimal restrictions     There are two behaviors based on the presence of VBA projects.
  • With a VBA project    All ActiveX controls are disabled and the Message Bar appears. Click Enable to enable the controls.
  • Without a VBA project    SFI ActiveX controls are enabled with minimal restrictions and the Message Bar does not appear. However, ActiveX controls must all be marked as SFI to not to generate the Message Bar. UFI ActiveX controls are disabled.
  • Prompt me before enabling all controls with minimal restrictions     This is the default. There are two behaviors based on the presence of VBA projects.
  • With a VBA project    All ActiveX controls are disabled and the Message Bar appears. Click Enable to enable the controls.
  • Without a VBA project    SFI ActiveX controls are enabled with minimal restrictions and the Message Bar does not appear. However, ActiveX controls must all be marked as SFI to not to generate the Message Bar. UFI ActiveX controls are disabled.
  • Enable all controls without restrictions and without prompting (not recommended, potentially dangerous controls can run)    Enable all ActiveX controls in documents with minimal restrictions.
  • Safe mode (Helps limit the control's access to your computer)     Enable SFI ActiveX controls in safe mode. Safe mode means the developer has marked the control as safe.

To learn more about protection features, data, and your personal information in Word, see Protect your documents in Word 2007

Top of Page Top of Page

What is an ActiveX control and what is the risk?

ActiveX controls are small program building blocks that can be used to create distributed applications that work over the Internet through web browsers. Examples include customized applications for gathering data, viewing certain kinds of files, and displaying animation.

Risk and potential damage

ActiveX controls have unrestricted access to your computer and therefore can access the local file system and change the registry settings of your operating system. If a hacker uses an ActiveX control to take over your computer, the damage can be significant.

How the Trust Center helps

The Trust Center examines documents that contain ActiveX controls. If the document contains a Visual Basic for Applications (VBA) (Visual Basic for Applications (VBA): A macro-language version of Microsoft Visual Basic that is used to program Microsoft Windows-based applications and is included with several Microsoft programs.) project, for example, and a macro-enabled Excel file, the Trust Center is more restrictive, because the document contains both macros and ActiveX controls.

If the Trust Center detects a potentially unsafe ActiveX control, the control is disabled, and the Message Bar appears to notify you of a potentially unsafe ActiveX control.

Message Bar

Top of Page Top of Page

Well-designed ActiveX controls and Trust Center detections

There are two ways to achieve a secure environment for running ActiveX controls. The first is that the developer creates a well-designed ActiveX control. The second part involves the Trust Center checking for:

  • Whether the kill bit on the control is set in the registry     A kill bit prevents controls that have a known exploit from being loaded. If the Trust Center detects there is a kill-bit set, the control is not loaded and cannot be loaded under any circumstances.
  • Whether the control is as Safe for Initialization (SFI)     Developers mark to verify the safety of the control. If the control is not marked as SFI, the control is considered to be Unsafe for Initialization (UFI), and the Trust Center applies more restrictions.

To see an MSDN article on code that a control developer should implement to ensure safe initialization and safe scripting for a Microsoft ActiveX control, see Safe Initialization and Scripting for ActiveX Controls

Top of Page Top of Page

 
 
Applies to:
Access 2007, Excel 2007, PowerPoint 2007, Visio 2007, Word 2007