Troubleshoot macro security and warnings

Restricted Access

ShowI can't change the macro security level.

Your network administrator might have enforced a security level for your workgroup or corporation to ensure that you use only macros that have been determined to be virus-free. For more information, see your network administrator.

ShowI can't copy macros between documents or templates.

Your access to the document or template (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) to which you want to copy macros might be restricted in one of the following ways:

  • Protected except for comments or tracked changes     To remove protection, click Unprotect Document on the Tools menu. If the document is protected with a password, you must know the password before you can remove protection from the document.
  • Protected with a password to modify     You can open the document or template, but you can't save changes to it without the password.
  • Protected as a read-only file     You can open the document or template, but if you change it, you need to give it a different file name to be able to save it.
  • Limited to users with network privileges     If the document or template you're trying to access is on a network, you might not have the user permissions necessary to save changes to it.

ShowI can't view macros in a file that I opened in an Office 97 program.

Macro Warnings

ShowBuilt-in wizards, templates, or custom commands no longer work, or I get a message that macros are disabled.

If some items — such as templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.), wizards, or custom commands — do not function the way you expect, you may be running a Microsoft Office program with the Microsoft Visual Basic for Applications (VBA) (Visual Basic for Applications (VBA): A macro-language version of Microsoft Visual Basic that is used to program Microsoft Windows-based applications and is included with several Microsoft programs.) shared feature disabled. Many features in Office are created in VBA or depend on VBA support to function correctly. If you choose not to install the VBA feature, these dependent applications and features will be disabled or not installed.

For additional information about the effects of disabling VBA, see the Microsoft Office 2003 Editions Resource Kit Web site.

To re-enable VBA, follow these steps:

  1. Run the Office Setup program again.

ShowHow?

  1. Quit all programs.
  2. Click Start, click Control Panel, and then click Add or Remove Programs.
  3. In the Currently installed programs box, click Microsoft Office 2003 or Microsoft Office Word 2003, depending on whether you installed Word as part of Office or as an individual program, and then click Change.
  1. On the Maintenance Mode Options screen, click Add or Remove Features, and then click Next.
  2. On the Custom Setup screen, select the Choose advanced customization of applications check box, and then click Next.
  3. On the Advanced Customization screen, click the expand indicator Plus box next to Office Shared Features.
  4. Click the arrow next to Visual Basic for Applications, and then click Run from My Computer.

If someone else set up your Office installation for you, contact your system administrator or Information Technology (IT) professional to see whether you are running Office with VBA disabled.

ShowWhen I start Microsoft Word, I receive a warning about macros, or macros that used to work can't be run anymore.

You may have cleared the Trust all installed add-ins and templates check box. To avoid these messages, re-select the check box or digitally sign (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) the macros in your Normal.dot template (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and trust the certificate used to sign them. After you sign Normal.dot, any further macros you add to the file will be automatically signed if the certificate used to sign them originally is installed on your computer.

ShowSelect the Trust all installed add-ins and templates check box.

  1. On the Tools menu, click Options, and then click the Security tab.
  2. Under Macro security, click Macro Security.
  3. Click the Trusted Sources tab.
  4. Select the Trust all installed add-ins and templates check box.

 Note   All templates, add-ins, and macros shipped with Microsoft Office 2003 are digitally signed by Microsoft. After you add Microsoft to your list of trusted sources for one of these installed files, all subsequent interaction with these files will not generate messages.

ShowDigitally sign the Normal.dot template.

You digitally sign (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) a file or a macro project (macro project: A collection of components, including forms, code, and class modules, that make up a macro. Macro projects created in Microsoft Visual Basic for Applications can be included in add-ins and in most Microsoft Office programs.) by using a digital certificate (digital certificate: Attachment for a file, macro project, or e-mail message that vouches for authenticity, provides secure encryption, or supplies a verifiable signature. To digitally sign macro projects, you must install a digital certificate.).

  1. If you don't already have a digital certificate, you must obtain one.

ShowHow?

You can obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., or from your internal security administrator or Information Technology (IT) professional. Or, you can create a digital signature yourself by using the Selfcert.exe tool.

To learn more about certification authorities that offer services for Microsoft products, see the Microsoft Security Advisor Web site.

 Note   Because a digital certificate you create yourself isn't issued by a formal certification authority, macro projects signed by using such a certificate are referred to as self-signed projects. Depending on how Microsoft Office digital-signature features are being used in your organization, you might be prevented from using such a certificate, and other users might not be able to run self-signed macros for security reasons.

  1. Do one of the following:

ShowSign a file

  1. On the Tools menu, click Options, and then click the Security tab.
  2. Click Digital Signatures.
  3. Click Add.
  4. Select the certificate you want to add, and then click OK.

ShowSign a macro project

  1. Open the file that contains the macro project you want to sign.
  2. On the Tools menu, point to Macro, and then click Visual Basic Editor.
  3. In the Project Explorer, select the project you want to sign.
  4. On the Tools menu, click Digital Signature.
  5. Do one of the following:
    • If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
    • To use the current certificate, click OK.

ShowTips

  • Sign macros only after your project has been tested and is ready for distribution, because whenever code in a signed macro project is modified in any way, its digital signature is removed. However, if you have the proper digital certificate on your computer, the macro project will automatically be re-signed when saved.
  • Your digital signature says only that you guarantee that this project is safe. It does not prove that you wrote the project.
  • If you want to prevent users of your project from accidentally modifying your macro project and invalidating your signature, lock the macro project before signing it.

 Note   Locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators might re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users may run on their computers.

  • If you create an add-in that adds code to a macro project, your code should determine whether the project is digitally signed and notify the user of the consequences of modifying a signed project before continuing.

ShowAdd a certificate to the list of trusted sources.

To perform these procedures, you must have Microsoft Internet Explorer version 4.0 or later installed on your computer.

Do one of the following:

ShowAdd a macro developer to the list of trusted sources

  1. If you haven't already done so, set the macro (macro: An action or a set of actions that you can use to automate tasks. Macros are recorded in the Visual Basic for Applications programming language.) security level to Medium or High.

ShowHow?

  1. On the Tools menu, click Options.
  2. Click the Security tab.
  3. Under Macro security, click Macro Security.
  4. Click the Security Level tab, and then select the security level you want to use.
  1. Open the file or load the add-in (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) that contains macros certified by the macro developer that you want to add to the list.

 Note   Be sure that the macro developer is a person or entity that you trust.

  1. In the Security Warning box, select the Always trust macros from this source check box.

 Note   If the Security Warning box does not display the Always trust macros from this source check box, the macros are not digitally signed (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.). You cannot add this macro developer to the list of trusted sources without a digital signature.

ShowRemove a macro developer from the list of trusted sources

  1. On the Tools menu, click Options, and then click the Security tab.
  2. Under Macro security, click Macro Security.
  3. Click the Trusted Publishers tab.
  4. Click the source you want to remove from the list.
  5. Click Remove.

ShowI don't want to be warned about any macros.

To avoid macro warnings, attach a digital signature to each macro project and add that signature to your list of trusted sources. If the macros are already signed and if you are willing to trust all macros signed with that certificate, add the signer to your list of trusted sources. This will stop macro warnings when your Security setting is set to High or Medium.

 Note   The presence of a certificate does not guarantee that a macro is safe. Always review the details of the certificate—for example, look at the Issued to and Issued by fields to determine whether you trust its publisher, and look at the Valid from field to determine whether the certificate is current.

ShowI don't see a warning when I open a file or load an add-in that contains macros.

To confirm that the macros in the file were signed and to see the name of the source of this file, point to Options on the Tools menu, and then click Security. Under Macro security, click Macro Security, and then click the Trusted Publishers tab.

ShowMicrosoft Word displays a message asking me to turn on trusted access to Visual Basic projects.

The appearance of this message indicates that your Microsoft Visual Basic for Applications (Visual Basic for Applications (VBA): A macro-language version of Microsoft Visual Basic that is used to program Microsoft Windows-based applications and is included with several Microsoft programs.) (VBA) project does not have access to the Visual Basic object model. To allow access, click Options on the Tools menu, click the Security tab, and then click Macro Security. On the Trusted Publishers tab, select the Trust access to Visual Basic Project check box.

 Note   By allowing this access, macros (macro: An action or a set of actions that you can use to automate tasks. Macros are recorded in the Visual Basic for Applications programming language.) in any documents that you open can access the core Visual Basic (Visual Basic: A high-level, visual-programming version of Basic. Visual Basic was developed by Microsoft for building Windows-based applications.) objects, methods, and properties. This represents a possible security hazard.

ShowI keep getting a warning about macros.

  • The macro you want to run might not be from a trusted source     If the security level is set to Medium or High, and you open a file or load an add-in that contains digitally signed (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) macros that are not from a trusted source, you receive a macro warning. If you are sure you trust the macro developer, add the name to the list of trusted publishers.
  • The file might contain a macro virus     If you don't expect the file to contain a macro, you might have a virus that is adding a macro virus to the file. Check your computer for viruses, and try to get an uninfected copy of the file from the source.
  • The macro might be in a file you downloaded as an HTML page from a Web site and opened as a temporary file     If your virus scanner tells you it cleaned out a virus in this file every time you open it, you are removing the virus from the temporary file only, not from the original file on the Web server. Check your computer for viruses, and notify the source about problems with the original file.
  • The file contains legitimate macros     If you know these are legitimate and safe macros, you might want to digitally sign those macros and then add your name to the list of trusted publishers.

ShowThe Security Warning box tells me the source has not been authenticated.

This warning appears in the Security Warning box if the security level is set to High or Medium and if you open a file or load an add-in that contains digitally signed (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) macros but the digital certificate (digital certificate: Attachment for a file, macro project, or e-mail message that vouches for authenticity, provides secure encryption, or supplies a verifiable signature. To digitally sign macro projects, you must install a digital certificate.) has not been authenticated (authenticate: The process of verifying that people and products are who and what they claim to be. For example, confirming the source and integrity of a software publisher's code by verifying the digital signature used to sign the code.). For example, if the macro developer has created his or her own digital certificate, you receive this warning. If the security setting is set to High, Microsoft Office Word 2003 will not allow you to run macros from an unauthenticated source. In addition, you will be unable to add the source to your list of trusted publishers.

This type of unauthenticated certificate can be forged by malicious users to claim that it is anyone's certificate. For example, a malicious user can create a certificate named "Microsoft Corporation." The only warning you have that the certificate is false is this warning. You should not expect professional software developers to sign with an unauthenticated certificate. You should expect this type of certificate only from individual co-workers or friends.

 
 
Applies to:
Word 2003