This article explains the risks involved in enabling ActiveX controls and how the in the Microsoft Office system can help to mitigate these risks. In this article, the term "document" can mean any Office file that can contain ActiveX controls.In this article

What is an ActiveX control and what is the security risk?

An ActiveX control can be as simple as a text box or more complex, such as a special toolbar, an entire dialog box, or a small application. ActiveX controls are used in Web sites and in applications on your computer. ActiveX controls are not stand-alone solutions. ActiveX controls can be run only from within host programs, such as Windows Internet Explorer and Microsoft Office programs. However, ActiveX controls are very powerful, because they are Component Object Model (COM) objects and have unrestricted access to your computer. ActiveX controls can access the local file system and change the registry settings of your operating system. If a hacker repurposes an ActiveX control to take over your computer, the damage can be significant.

How can the Trust Center help protect me from unsafe ActiveX controls?

There are two main parts to achieving a secure environment for running ActiveX controls. The first is that the developer creates a with security in mind. The second part involves the Trust Center checking for the following two things before the ActiveX control is loaded:

The Trust Center also examines the document that contains the ActiveX control. If the document contains a Visual Basic for Applications (VBA) project - for example, a macro-enabled .xlsm file - the Trust Center is more restrictive, because the document contains both macros and ActiveX controls. For more information on the ActiveX control settings, see the section.

If the Trust Center detects a potentially unsafe ActiveX control, the control is disabled by default, and the Message Bar appears to notify you of a potentially unsafe ActiveX control.

message bar

If you click Options on the Message Bar, a security dialog box appears that gives you the option to enable the Active X control. See the next section for how to make a secure decision before you click an option.

Note In Microsoft Office Outlook and Microsoft Office Publisher, security alerts appear in dialog boxes, not in the Message Bar.

What should I do when a security warning asks if I want to enable or disable an ActiveX control?

When a security dialog box appears, you have the option to enable the ActiveX control or leave it disabled. You should enable the ActiveX control only if you are sure it is from a trustworthy source.

Microsoft Office security dialog

Note If you do enable the ActiveX control, it is enabled only for that document in that Office program session and according to the current setting for ActiveX controls in the Trust Center. See the next section for more information on all the ActiveX control settings.

Important If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a . None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

Change ActiveX security settings for all documents in the Trust Center

ActiveX control security settings are located in the Trust Center. If you work in an organization, your system administrator might have changed the default settings, and this might prevent you from changing any settings.

Note If you change an ActiveX control setting in one Office program, the settings are changed in all the other Office programs listed in these steps.

  1. Do the following in these Microsoft Office system programs:

    Word, Excel, PowerPoint, or Access

    1. Click the Microsoft Office Button button image, and then click Program Name Options, where Program Name is the name of the program you are in, for example, Word Options.
    2. Click Trust Center, click Trust Center Settings, and then click ActiveX Settings.

    Visio

    1. On the Tools menu, click Trust Center.
    2. Click ActiveX Settings.
  2. Click the option that you want:
    • Disable all controls without notification Click this option if you don't trust the ActiveX controls. All the ActiveX controls in documents are disabled. Only their placeholder red X or a picture of the control is displayed in the document. The Message Bar and any associated notifications and warnings about ActiveX controls are not displayed.

      Important If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a . None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

    • Prompt me before enabling Unsafe for Initialization controls with additional restrictions and Safe for Initialization (SFI) controls with minimal restrictions This option has different behavior depending on whether the document that contains the ActiveX control has a VBA project.
      • Documents that contain a VBA project

        All ActiveX controls are disabled Documents that contain a VBA project can include files in Microsoft Office 97-2003 and any macro-enabled files in the Office release. For example, a Microsoft Office Word .docm document is a macro-enabled file. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, UFI ActiveX controls are loaded with additional restrictions. SFI ActiveX controls are loaded with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

      • Documents without a VBA project

        SFI ActiveX controls are enabled with minimal restrictions Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one UFI ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

        UFI ActiveX controls are disabled When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls (SFI and UFI) are loaded with additional restrictions. Additional restrictions means that the ActiveX control is initialized with default values (InitNew). The persisted properties of the control are lost if you save changes to the document.

    • Prompt me before enabling all controls with minimal restrictions This is the default option and determines different behavior, depending on whether the document that contains the ActiveX control has a Visual Basic for Applications (VBA) project.
      • Documents that contain a VBA project

        All ActiveX controls are disabled Documents that contain a VBA project can include files in Microsoft Office 97-2003 and any macro-enabled files in Office release. For example, a Microsoft Office Word .docm document is a macro-enabled file that can contain a VBA project. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls (SFI and UFI) are loaded with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

      • Documents without a VBA project

        Safe for Initialization (SFI) ActiveX controls are enabled with minimal restrictions Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one Unsafe for Initialization (UFI) ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

        UFI ActiveX controls are disabled When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls (SFI and UFI) are loaded with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

    • Enable all controls without restrictions and without prompting (not recommended, potentially dangerous controls can run) Click this option if you want to enable all ActiveX controls in documents with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents.

      Important If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a . None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

    • Safe mode (Helps limit the control's access to your computer) Select this check box to enable only SFI ActiveX controls in safe mode. Safe mode means the developer has the control as safe. For example, a worksheet control can both read and write files when it is in unsafe mode, but perhaps only read from files when it is in safe mode. This would allow the control to be used in very powerful ways when safety wasn't important, but the control would still be safe for use in a Web page. Safe mode applies only to SFI ActiveX controls. UFI ActiveX controls are always loaded in unsafe mode.