Troubleshoot macro security and warnings

Microsoft Office Word 2003

previous page next page

Your network administrator might have enforced a security level for your workgroup or corporation to ensure that you use only macros that have been determined to be virus-free. For more information, see your network administrator.

ShowI can't copy macros between documents or templates.

Your access to the document or template to which you want to copy macros might be restricted in one of the following ways:

  • Protected except for comments or tracked changes    To remove protection, click Unprotect Document on the Tools menu. If the document is protected with a password, you must know the password before you can remove protection from the document.
  • Protected with a password to modify    You can open the document or template, but you can't save changes to it without the password.
  • Protected as a read-only file    You can open the document or template, but if you change it, you need to give it a different file name to be able to save it.
  • Limited to users with network privileges    If the document or template you're trying to access is on a network, you might not have the user permissions necessary to save changes to it.

ShowI can't view macros in a file that I opened in an Office 97 program.

The macros might have been digitally signed from within the Visual Basic Editor in a version 2000 or later program. Microsoft Office 97 programs don't recognize digital signatures, so they can't update the signature if you modify a signed Microsoft Visual Basic for Applications (VBA) macro. Therefore, to prevent modifications, you cannot view in Office 97 the code for macros that have been digitally signed in Microsoft Office 2000 or later.

Macro Warnings

ShowBuilt-in wizards, templates, or custom commands no longer work, or I get a message that macros are disabled.

If some items— such as templates, wizards, or custom commands— do not function the way you expect, you may be running a Microsoft Office program with the Microsoft Visual Basic for Applications (VBA) shared feature disabled. Many features in Office are created in VBA or depend on VBA support to function correctly. If you choose not to install the VBA feature, these dependent applications and features will be disabled or not installed.

For additional information about the effects of disabling VBA, see the Microsoft Office 2003 Resource Kit Web site.

To re-enable VBA, follow these steps:

  1. Run the Office Setup program again.

    ShowHow?

    1. Quit all programs.
    2. Click Start, click Control Panel, and then click Add or Remove Programs.
    3. In the Currently installed programs box, click Microsoft Office 2003 or Microsoft Office Word 2003, depending on whether you installed Word as part of Office or as an individual program, and then click Change.
  2. On the Maintenance Mode Options screen, click Add or Remove Features, and then click Next.
  3. On the Custom Setup screen, select the Choose advanced customization of applications check box, and then click Next.
  4. On the Advanced Customization screen, click the expand indicator Plus box next to Office Shared Features.
  5. Click the arrow next to Visual Basic for Applications, and then click Run from My Computer.

If someone else set up your Office installation for you, contact your system administrator or Information Technology (IT) professional to see whether you are running Office with VBA disabled.

ShowWhen I start Microsoft Word, I receive a warning about macros, or macros that used to work can't be run anymore.

You may have cleared the Trust all installed add-ins and templates check box. To avoid these messages, re-select the check box or digitally sign the macros in your Normal.dot template and trust the certificate used to sign them. After you sign Normal.dot, any further macros you add to the file will be automatically signed if the certificate used to sign them originally is installed on your computer.

ShowSelect the Trust all installed add-ins and templates check box.

  1. On the Tools menu, click Options, and then click the Security tab.

  2. Under Macro security, click Macro Security.
  3. Click the Trusted Sources tab.
  4. Select the Trust all installed add-ins and templates check box.

Note  All templates, add-ins, and macros shipped with Microsoft Office 2003 are digitally signed by Microsoft. After you add Microsoft to your list of trusted sources for one of these installed files, all subsequent interaction with these files will not generate messages.

ShowDigitally sign the Normal.dot template.

You digitally sign a file or a macro project by using a digital certificate.

  1. If you don't already have a digital certificate, you must obtain one.

    ShowHow?

    You can obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., or from your internal security administrator or Information Technology (IT) professional. Or, you can create a digital signature yourself by using the Selfcert.exe tool.

    To learn more about certification authorities that offer services for Microsoft products, see the Microsoft Security Advisor Web site.

    Note  Because a digital certificate you create yourself isn't issued by a formal certification authority, macro projects signed by using such a certificate are referred to as self-signed projects. Depending on how Microsoft Office digital-signature features are being used in your organization, you might be prevented from using such a certificate, and other users might not be able to run self-signed macros for security reasons.

  2. Do one of the following:

    ShowSign a file

    1. On the Tools menu, click Options, and then click the Security tab.
    2. Click Digital Signatures.
    3. Click Add.
    4. Select the certificate you want to add, and then click OK.

    ShowSign a macro project

    1. Open the file that contains the macro project you want to sign.
    2. On the Tools menu, point to Macro, and then click Visual Basic Editor.
    3. In the Project Explorer, select the project you want to sign.
    4. On the Tools menu, click Digital Signature.
    5. Do one of the following:
      • If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
      • To use the current certificate, click OK.

    ShowTips

    • Sign macros only after your project has been tested and is ready for distribution, because whenever code in a signed macro project is modified in any way, its digital signature is removed. However, if you have the proper digital certificate on your computer, the macro project will automatically be re-signed when saved.
    • Your digital signature says only that you guarantee that this project is safe. It does not prove that you wrote the project.
    • If you want to prevent users of your project from accidentally modifying your macro project and invalidating your signature, lock the macro project before signing it.

      Note  Locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators might re-sign templates and add-ins so that they can control exactly what users may run on their computers.

    • If you create an add-in that adds code to a macro project, your code should determine whether the project is digitally signed and notify the user of the consequences of modifying a signed project before continuing.

ShowAdd a certificate to the list of trusted sources.

To perform these procedures, you must have Microsoft Internet Explorer version 4.0 or later installed on your computer.

Do one of the following:

ShowAdd a macro developer to the list of trusted sources

  1. If you haven't already done so, set the macro security level to Medium or High.

    ShowHow?

    1. On the Tools menu, click Options.
    2. Click the Security tab.
    3. Under Macro security, click Macro Security.
    4. Click the Security Level tab, and then select the security level you want to use.
  2. Open the file or load the add-in that contains macros certified by the macro developer that you want to add to the list.

    Note  Be sure that the macro developer is a person or entity that you trust.

  3. In the Security Warning box, select the Always trust macros from this source check box.

Note  If the Security Warning box does not display the Always trust macros from this source check box, the macros are not digitally signed. You cannot add this macro developer to the list of trusted sources without a digital signature.

ShowRemove a macro developer from the list of trusted sources

  1. On the Tools menu, click Options, and then click the Security tab.

  2. Under Macro security, click Macro Security.
  3. Click the Trusted Publishers tab.
  4. Click the source you want to remove from the list.
  5. Click Remove.

ShowI don't want to be warned about any macros.

To avoid macro warnings, attach a digital signature to each macro project and add that signature to your list of trusted sources. If the macros are already signed and if you are willing to trust all macros signed with that certificate, add the signer to your list of trusted sources. This will stop macro warnings when your Security setting is set to High or Medium.

Note  The presence of a certificate does not guarantee that a macro is safe. Always review the details of the certificate— for example, look at the Issued to and Issued by fields to determine whether you trust its publisher, and look at the Valid from field to determine whether the certificate is current.

A less secure option is to change the security level to Low. If you do use Low, you use Microsoft Word in its least secure setting. Be sure to take the following precautions to minimize your risk of getting a macro virus infection on your computer: Run a specialized antivirus software that can check files and add-ins for macro viruses and keep this software up to date, and be sure all the macros that you use are from trusted sources.

ShowI don't see a warning when I open a file or load an add-in that contains macros.

  • The security level might be set to Low    To receive a warning that a file or add-in contains macros, change the security level to Medium.
  • The security level might be set to High and the macros are not digitally signed    To receive a warning that a file or add-in contains macros that have not been digitally signed, change the security level to Medium.
  • You or someone you have designated as a trusted source might have developed the macros    If so, the file is opened and macros are enabled. If you no longer trust the macro developer, you can remove the developer from the list of trusted publishers.

  • To be prompted every time you open a file or load an add-in that contains macros, remove every source from the list of trusted publishers.

    To confirm that the macros in the file were signed and to see the name of the source of this file, point to Options on the Tools menu, and then click Security. Under Macro security, click Macro Security, and then click the Trusted Publishers tab.

ShowMicrosoft Word displays a message asking me to turn on trusted access to Visual Basic projects.

The appearance of this message indicates that your Microsoft Visual Basic for Applications (VBA) project does not have access to the Visual Basic object model. To allow access, click Options on the Tools menu, click the Security tab, and then click Macro Security. On the Trusted Publishers tab, select the Trust access to Visual Basic Project check box.

Note  By allowing this access, macros in any documents that you open can access the core Visual Basic objects, methods, and properties. This represents a possible security hazard.

ShowI keep getting a warning about macros.

  • The macro you want to run might not be from a trusted source    If the security level is set to Medium or High, and you open a file or load an add-in that contains digitally signed macros that are not from a trusted source, you receive a macro warning. If you are sure you trust the macro developer, add the name to the list of trusted publishers.
  • The file might contain a macro virus    If you don't expect the file to contain a macro, you might have a virus that is adding a macro virus to the file. Check your computer for viruses, and try to get an uninfected copy of the file from the source.
  • The macro might be in a file you downloaded as an HTML page from a Web site and opened as a temporary file    If your virus scanner tells you it cleaned out a virus in this file every time you open it, you are removing the virus from the temporary file only, not from the original file on the Web server. Check your computer for viruses, and notify the source about problems with the original file.
  • The file contains legitimate macros    If you know these are legitimate and safe macros, you might want to digitally sign those macros and then add your name to the list of trusted publishers.

ShowThe Security Warning box tells me the source has not been authenticated.

This warning appears in the Security Warning box if the security level is set to High or Medium and if you open a file or load an add-in that contains digitally signed macros but the digital certificate has not been authenticated. For example, if the macro developer has created his or her own digital certificate, you receive this warning. If the security setting is set to High, Microsoft Office Word 2003 will not allow you to run macros from an unauthenticated source. In addition, you will be unable to add the source to your list of trusted publishers.

This type of unauthenticated certificate can be forged by malicious users to claim that it is anyone's certificate. For example, a malicious user can create a certificate named "Microsoft Corporation." The only warning you have that the certificate is false is this warning. You should not expect professional software developers to sign with an unauthenticated certificate. You should expect this type of certificate only from individual co-workers or friends.

previous page start next page