DTOO146 - Trust access for VBA must be disallowed.

Information

This policy setting controls whether automation clients such as Microsoft Visual Studio 2005 Tools for Microsoft Office (VSTO) can access the Visual Basic for Applications project system in the specified applications. VSTO projects require access to the Visual Basic for Applications project system in Excel, PowerPoint, and Word, even though the projects do not use Visual Basic for Applications. Design-time support of controls in both Visual Basic and C# projects depends on the Visual Basic for Applications project system in Word and Excel. If you enable this policy setting, VSTO and other automation clients can access the Visual Basic for Applications project system in the specified applications. Users will not be able to change this behavior through the 'Trust access to the VBA project object model' user interface option under the Macro Settings section of the Trust Center. If you disable this policy setting, VSTO does not have programmatic access to VBA projects. In addition, the 'Trust access to the VBA project object model' check box is cleared and users cannot change it. Note: Disabling this policy setting prevents VSTO projects from interacting properly with the VBA project system in the selected application. If you do not configure this policy setting, automation clients do not have programmatic access to VBA projects. Users can enable this by selecting the 'Trust access to the VBA project object model' in the 'Macro Settings' section of the Trust Center. However, doing so allows macros in any documents the user opens to access the core Visual Basic objects, methods, and properties, which represents a potential security hazard.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2016 -> Excel Options -> Security -> Trust Center 'Trust access to Visual Basic Project' to 'Disabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Excel_2016_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-238185r879587_rule, STIG-ID|DTOO146, STIG-Legacy|SV-85643, STIG-Legacy|V-71019, Vuln-ID|V-238185

Plugin: Windows

Control ID: 44915e54d374b85ee866112a4fadba53d9a6933641c5ed7fec9de5e36d83c972