Share via

How to enable the macro automatically on other computer

Karthikeyan R 0 Reputation points
2025-02-12T15:26:13.6133333+00:00

Suppose I sign an Excel macro with a certificate from a trusted Certificate Authority (CA). Will the macro automatically enable on another computer even if that computer does not have the CA's root certificate installed?

Excel
Excel
A family of Microsoft spreadsheet software with tools for analyzing, charting, and communicating data.
2,160 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gao Chen 6,855 Reputation points Microsoft Vendor
    2025-02-12T16:09:14.29+00:00

    Hello Karthikeyan R

    Welcome to Microsoft Q&A!

    In this case, the macro will not be enabled automatically on another computer if that computer does not have the CA's root certificate installed. For the macro to be trusted and enabled without prompting the user, the computer must recognize the CA that issued the certificate, this means the CA's root certificate must be present in the Trusted Root Certification Authorities store on that computer

    If the root certificate is not installed, the user will likely receive a security warning and will need to manually enable the macro. So, to ensure smooth operation across multiple computers, you should ensure that the CA's root certificate is installed on all relevant machines

    I hope the information provided was useful!

    Regards,

    Gao

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

  2. Jiajing Hua-MFST 14,575 Reputation points Microsoft Vendor
    2025-02-14T09:06:28.0266667+00:00

    Hi @Karthikeyan R

    Please refer to the article "Macros from the internet are blocked by default in Office", that use group policy to enable Macro, manage Trusted Locations in Office and Trusted Sites in Internet Options.

    • To enable macro for Excel, the group policy is "Block macros from running in Office files from the Internet" located under User Configuration\Policies\Administrative Templates\Microsoft Excel 2016\Excel Options\Security\Trust Center, please disable it. User's image Besides, enabling "Macro Notification Settings" policy also works, you can choose "Enable VBA macros". User's image If the CA you mentioned above has been distributed to every client in your organization, you can check the box of "Require macros to be signed by a trusted publisher". Use Group Policy to manage trusted publishers, please checkout "Trusted publishers for Office files".
    • To manage the Trusted Locations in Office, you can use the group policy "Trusted Location #1" policy, it is under User Configuration\Policies\Administrative Templates\Microsoft Excel 2016\Excel Options\Security\Trust Center\Trusted Locations. You can add 20 instances of this policy, such as Trusted Location #2, that allow you add the path to the destination folder for files downloaded by users. User's image
    • As you said, the file is download via browse, you can use the "Site to Zone Assignment List" policy to add locations as trusted sites or to the Local intranet zone for Windows devices in your organization. This policy is found under Windows Components\Internet Explorer\Internet Control Panel\Security Page in the Group Policy Management Console. (It’s available under both Computer Configuration\Policies\Administrative Templates and User Configuration\Policies\Administrative Templates.)

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.