In Microsoft Office Excel, you can choose the macro security settings to control what happens when you open a workbook that contains a macro. For example, you can choose to run macros based on whether they are digitally signed by a developer who is on your list of trusted sources.In this article

Macro security settings and their effects

The following information summarizes how macro virus protection works under each setting. Under all settings, if antivirus software that works with Microsoft Office system is installed and the workbook contains macros, the workbook is scanned for known viruses before it is opened.

You can change the macro security settings in the Trust Center (Microsoft Office Button button image, Excel Options button, Trust Center category, Trust Center Settings button, Macro Settings category. Or Developer tab, Code group, Macro Security button). However, if you work in an organization, your system administrator might have changed the default settings and prevented you from changing the settings.

Note Any macro setting changes that you make in Excel in the Macro Settings category apply only to Excel and don't affect any other Office program.

Use this macro setting For the following purpose
Disable all macros without notification Use this setting if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a . Documents in trusted locations are allowed to run without being checked by the Trust Center security system.
Disable all macros with notification This is the default setting. Use it if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case-by-case basis.
Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.
Enable all macros (not recommended, potentially dangerous code can run) Use this setting temporarily to allow all macros to run. Because it makes your computer vulnerable to potentially malicious code, we do not recommend that you use this setting permanently.
Trust access to the VBA project object model This setting is for developers only.

Digital signatures and how they work

2007 Office release uses Microsoft Authenticode technology to enable macro creators to digitally sign a file or a macro project . The certificate that is used to create this signature confirms that the macro or document originated from the signer, and the signature confirms that the macro or document has not been altered.

After you install your digital certificate, you can sign files and macro projects.

Digitally signing macros

You should sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is modified in any way, its digital signature is removed. However, if you have the proper digital certificate on your computer, the macro project will automatically be re-signed when you save it. If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before signing it. Your digital signature says only that you guarantee that this project is safe. It does not prove that you wrote the project. So locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators might re-sign templates and add-ins so that they can control exactly what users can run on their computers.

If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and notify the user of the consequences of changing a signed project before continuing.

Obtaining a digital certificate for signing

You can obtain a digital certificate from a commercial certificate authority (CA) or from your internal security administrator or information technology (IT) professional.

To learn more about certificate authorities that offer services for Microsoft products, see the list of .

Creating your own digital certificate for self-signing

You can also create your own self-signing certificate by using the Selfcert.exe tool.

Note Because a digital certificate that you create isn't issued by a formal certificate authority, macro projects that are signed by using such a certificate are referred to as self-signed projects. Microsoft Office trusts a self-signed certificate only on a computer that has that certificate in your Personal Certificates store.

See also: