Office Macros are basically small bits of code written in Visual Basic (VBA), that allow you to carry out select repetitive tasks. They are useful by themselves, but many a times malware writers misuse this functionality to introduce malware into your computer system.

Macro virus is a virus that takes advantage of Macros that run in Microsoft Office applications such as the Microsoft Word, PowerPoint or Excel. Cyber criminals send you a macro-infested payload or a file which will later on download a malicious script, via email and use a subject line that interests or provokes you into opening the document. When you open the document, a macro runs to execute whatever the task the criminal wants.

It’s time to secure Microsoft Office.

Please follow the steps below in order to strengthen your environment by disabling Macros for all Office Apps via Group Policy Management Console.

 

  1. Create a new GPO on the Domain Controller and name it as: SecureEnvironment
  • Open Group Policy Management Console.
  • Expand the forest.
  • Click on the domain.
  • Right click on the Group Policy Objects and then click on New.
  • Enter its name, here I am using SecureEnvironment.
  1. Download all the ADM Template (X86) files for the required version of Office from Microsoft official website.
  2. Extract the downloaded files to a convenient folder accessible from the Server.
  3. Go to extracted folder location and then ADMX.

For e.g.: C:\ADMTemplates\ADMX

  1. Copy the required office apps .admx files and the language folder.

e.g.: For Excel and English you need to copy en-us folder and excel.admx file.

  1. Go to the following location i.e. <Domain.Local>\Sysvol\<Domain.local>\Policies and create a new folder naming PolicyDefinitions.
  2. Copy all the .admx files and the language folder to the PolicyDefinitions folder.
  3. Right click on the Group Policy Object (SecureEnvironment) created in step 1 and hit on Edit.
  4. Go to User Configuration > Policies > Administrative Templates

  1. Now you will be able to see all the Administrative Templates which you have been added to PolicyDefinitions folder.
  2. Go to office app, for an instance Microsoft Excel 2010 on the right pane of the Group Policy Management Editor.
  3. Open Excel options > Security > Trust Center
  4. Locate VBA Macro Notification Settings.

  1. Click on the Policy Settings and then choose Enabled.
  2. And in the drop down option choose Disable all except digitally signed macros.

  1. Hit on Apply and then OK.
  2. Do the same for all the Office Apps.
  3. Now go to Group Policy Management Console and right click on the Domain name and choose Link an Existing GPO.
  4. Choose the SecureEnvironment GPO from the list and hit OK.
  5. Now that you have linked the GPO to the Domain Level so that it gets applied to all PC’s/Users in the domain.
%d bloggers like this: