Trusted Documents in Microsoft Office 2010

by on March 24th, 2010

Trusted Documents in Microsoft Office 2010 provides a simple one click step to always enable active content (e.g. Macros, ActiveX controls etc.) in a document. Microsoft Office remember your trust decision on the file and don’t show you the security prompt the next time you open that file.

Why Trusted Documents

Versions of Office before Office 2007 showed you modal prompts for macros and other types of active contents before opening documents. Those dialogs were useful but problematic; you were shown the prompt that said – “Do you want to enable macros?” before letting you interact with the file. Many users who didn’t need to enable those macros also ended up enabling them, although often all they wanted to do was read the document. Trusted Documents feature is an improved feature of Microsoft Office to help while protecting you from security threats.

It more closely reflects how people work. If I create a document with a macro in it, I don’t want to be prompted to enable the macro the next time I open it. Or, if I get a document with daily reports from my co-worker that has a pivot table, I don’t want to enable the data connection to our trusted server every time I want updated numbers. Also, I may be opening documents from multiple folders (SharePoint, network shares, desktop, attachments received in email). I don’t necessarily want to put them into a trusted folder every time I open them. Trusted Documents helps with all the above. It remembers the first time you enabled the content and unless the trust record for that document changes, it doesn’t bother you with a security notification for the content anymore.

With Trusted Documents, the trust is recorded on a per file basis. The trust record is added to the Current User section of your local registry and contains the file’s full path along with other data such as the created time for a document. Note that because ‘trust records’ are stored on a specific machine you’ll get prompted again if you open the file on another computer. Also since the trust record consists of more than just the file’s path it protects against social engineering attacks such as replacing existing trusted documents with malicious documents that have the same name.

Protected View help to create a good security boundary between documents that are on your machine which you may have trusted vs. new incoming untrusted documents opened from the Internet, attachments, etc. For example, an attachment containing macros is first opened in Protected View. If you trust the file and exit Protected View ‘Office’ does not enable the macros automatically. Instead it shows another Message Bar to enable the macros. By disallowing macros from running automatically while exiting Protected View Office prevents opening up the computer to additional risk where the user may have intended to just reply to the document with comments and not run the macros. Now, if you explicitly save the attachment and also enable the macros Office makes it trusted and the next time you open the document it does not open in Protected View and active content is enabled for that document.

Trusted Documents: Security User Experience

In Office 2010, you will continue to see the Message Bar when a macro, data connection, ActiveX control or other type of active content is in the document. Here is the Message Bar that comes up when more than one type of active content is disabled (e.g. macros and ActiveX controls).

There are two entry points to make a document Trusted. If you click Enable Content on the Message Bar the document will be automatically added to Trusted Documents list in your registry. You can click the Message Bar for details; it will take you to the Backstage view. In the Backstage view you can click the Enable Content button which will bring up two options.

a) You can enable all the content and make it a trusted document. This will enable macros and ActiveX controls in the document and add the document to your list of trusted documents in the registry. This option provides you with a simple one-click option to enable all the content at once and make it a trusted document. The next time you open this document you will not be shown the security warning.

b) If you are an advanced user who wants more control over the types of content to enable/disable then you can click the Advanced Options button, which brings up the Security Notifications dialog that has options for enabling content for one time (this is similar to Office 2007).

Trusted Documents – Security settings

Similar to Trusted Locations Microsoft Office has got security restrictions and settings around trusted documents. For example, it does not allow users to trust documents from untrusted locations such as Temporary Internet Files (TIF) or TEMP.

Trusting documents on a network share is riskier than trusting documents on your local hard drive as other users who have access to the network locations can modify the contents of your file. For this reason, Office shows you a security warning the first time you try to trust a document on a network location. In Trust Center, you can disallow documents on a trusted location to be trusted, causing Office to show you the security notification every time you open a document from a network location. Microsoft also provides you with more options in the Trust Center, such as disabling all trusted documents completely or purging the documents you have trusted. All these options can be found under Trust Center settings for an application. Similarly all these settings can also be configured by an administrator of an IT organization via group policy (e.g. an administrator can configure for disallowing trusted documents to be created on network shares thus limiting the use only to your local hard drive).

How have been your Microsoft Office 2010 experience? Share with me.