Disabling Macros in MS Office

Macro security for Microsoft Office Word 2003, Microsoft Office Excel 2003, Microsoft Office Outlook® 2003, Microsoft Office Publisher 2003, Microsoft Office Access 2003, Microsoft Office PowerPoint® 2003, Microsoft Office Project 2003, and Microsoft Office Visio® 2003 can be set to High, Medium, or Low through the Security dialog box of the user interface.

Users can set the macro security level within Word, Access, Excel, Outlook, or PowerPoint by clicking on Tools, pointing to Macro, and then clicking Security. They can also gain access to the security features of each application by clicking Tools, clicking Options, and then clicking the Security tab.

A new macro security level Very High is available for Microsoft Office Word 2003, Office Excel 2003, Office Outlook® 2003, Office Publisher 2003, and Office PowerPoint® 2003, but not for Office Access 2003. This dialog box can be found by clicking on the Tools menu, pointing to Macro, and then clicking Security.

It is highly recommended that you select High and only select Medium if absolutely necessary. Setting the security level to Low allows a macro, Microsoft Visual Basic® for Applications (VBA) program, or other executable file or program to run without the knowledge or approval of the user. This can cause various files to be corrupted or infected by viruses. Setting macro security level to Very High is only recommended in cases where a user is expected to run a known set of macros and will never need to run macros from another source. All Office applications are installed with macro security set to High by default.

When you set security levels to Very High, High, Medium, or Low, the following conditions apply:
Very High security
VBA macros can run only if the Trust all installed add-ins and templates option is checked and the macros (signed or unsigned) are stored in a specific trusted folder on the user's hard disk. If all these conditions are not met, VBA macros cannot run under Very High security.

High security
Executables must be signed by an acknowledged trusted source (certificate of trust) in order to run. Otherwise, all executables associated with, or embedded in, documents are automatically disabled without warning the user when the documents are opened.

Medium security
Users are prompted to enable or disable executables in documents when the documents are opened. Later requests by a macro to run from a trusted source which is accepted and available from the registry are automatically accepted (the executable runs without prompting the user).

Low security
Executables are run without restrictions. This security level does not protect against malicious programs, does not allow for acceptance of certificates of trust, is considered generally insecure and, therefore, is not recommended.

Click Here for Recommended IT Practices.