Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
DoD Office 2019-M365 Apps STIG User v2r12
Data collected on: 3/7/2024 4:41:00 PM
General
Details
Domainsecurity.local
OwnerSECURITY\Domain Admins
Created3/5/2024 9:31:36 AM
Modified3/5/2024 9:31:56 AM
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{4B12CA18-EE5E-4C72-A390-5B2C45C09400}
GPO StatusComputer settings disabled
Links
LocationEnforcedLink StatusPath
None

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
SECURITY\Domain AdminsEdit settings, delete, modify securityNo
SECURITY\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Disabled)
No settings defined.
User Configuration (Enabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the local computer.
Microsoft Access 2016/Application Settings/Security/Trust Center
PolicySettingComment
Block macros from running in Office files from the internetEnabled
Disable Trust Bar Notification for unsigned application add-ins and block themEnabled
VBA Macro Notification SettingsEnabled
Disable all except digitally signed macros
Require macros to be signed by a trusted publisher 
Block certificates from trusted publishers that are only installed in the current user certificate store 
Require Extended Key Usage (EKU) for certificates from trusted publishers 
Microsoft Access 2016/Application Settings/Security/Trust Center/Trusted Locations
PolicySettingComment
Allow Trusted Locations on the networkDisabled
Microsoft Excel 2016/Data Recovery
PolicySettingComment
Do not show data extraction options when opening corrupt workbooksEnabled
Microsoft Excel 2016/Excel Options/Advanced
PolicySettingComment
Ask to update automatic linksEnabled
Microsoft Excel 2016/Excel Options/Advanced/Web Options.../General
PolicySettingComment
Load pictures from Web pages not created in ExcelDisabled
Microsoft Excel 2016/Excel Options/Save
PolicySettingComment
Disable AutoRepublishEnabled
Do not show AutoRepublish warning alertDisabled
Microsoft Excel 2016/Excel Options/Security
PolicySettingComment
Force file extension to match file typeEnabled
Always match file type
PolicySettingComment
Scan encrypted macros in Excel Open XML workbooksEnabled
Scan encrypted macros (default)
PolicySettingComment
Turn off file validationDisabled
WEBSERVICE Function Notification SettingsEnabled
Disable all with notification
Microsoft Excel 2016/Excel Options/Security/Trust Center
PolicySettingComment
Block macros from running in Office files from the internetEnabled
Disable Trust Bar Notification for unsigned application add-ins and block themEnabled
Macro Notification SettingsEnabled
Disable VBA macros except digitally signed macros
Enable Excel 4.0 macros when VBA macros are enabled 
Require macros to be signed by a trusted publisher 
Block certificates from trusted publishers that are only installed in the current user certificate store 
Require Extended Key Usage (EKU) for certificates from trusted publishers 
Microsoft Excel 2016/Excel Options/Security/Trust Center/External Content
PolicySettingComment
Always prevent untrusted Microsoft Query files from openingEnabled
Don’t allow Dynamic Data Exchange (DDE) server launch in ExcelEnabled
Don’t allow Dynamic Data Exchange (DDE) server lookup in ExcelEnabled
Microsoft Excel 2016/Excel Options/Security/Trust Center/File Block Settings
PolicySettingComment
dBase III / IV filesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Dif and Sylk filesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Excel 2 macrosheets and add-in filesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Excel 2 worksheetsEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Excel 3 macrosheets and add-in filesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Excel 3 worksheetsEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Excel 4 macrosheets and add-in filesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Excel 4 workbooksEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Excel 4 worksheetsEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Excel 95 workbooksEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Excel 95-97 workbooks and templatesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Set default file block behaviorEnabled
Blocked files are not opened
PolicySettingComment
Web pages and Excel 2003 XML spreadsheetsEnabled
File block setting:Open/Save blocked, use open policy
Microsoft Excel 2016/Excel Options/Security/Trust Center/Protected View
PolicySettingComment
Always open untrusted database files in Protected ViewEnabled
Do not open files from the internet zone in Protected ViewDisabled
Do not open files in unsafe locations in Protected ViewDisabled
Set document behavior if file validation failsEnabled
Open in Protected View
Checked: Allow edit. Unchecked: Do not allow edit.Disabled
PolicySettingComment
Turn off Protected View for attachments opened from OutlookDisabled
Microsoft Excel 2016/Excel Options/Security/Trust Center/Trusted Locations
PolicySettingComment
Allow Trusted Locations on the networkDisabled
Microsoft Office 2016/Global Options/Customize
PolicySettingComment
Disable UI extending from documents and templatesEnabled
Disallow in WordEnabled
Disallow in ExcelEnabled
Disallow in PowerPointEnabled
Disallow in AccessEnabled
Disallow in OutlookEnabled
Disallow in PublisherEnabled
Disallow in ProjectEnabled
Disallow in VisioEnabled
Disallow in InfoPathEnabled
Microsoft Office 2016/Security Settings
PolicySettingComment
ActiveX Control InitializationEnabled
ActiveX Control Initialization:6
PolicySettingComment
Automation SecurityEnabled
Set the Automation Security levelUse application macro security level
PolicySettingComment
Disable all Trust Bar notifications for security issuesDisabled
Encryption type for password protected Office 97-2003 filesEnabled
Encryption type:Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256
PolicySettingComment
Encryption type for password protected Office Open XML filesEnabled
Encryption type:Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256
PolicySettingComment
Load Controls in Forms3Enabled
Load Controls in Forms3:1
PolicySettingComment
Macro Runtime Scan ScopeEnabled
Enable for all documents
PolicySettingComment
Protect document metadata for rights managed Office Open XML FilesEnabled
Microsoft Office 2016/Security Settings/Trust Center
PolicySettingComment
Allow mix of policy and user locationsDisabled
Microsoft Office 2016/Server Settings
PolicySettingComment
Disable the Office client from polling the SharePoint Server for published linksEnabled
Microsoft Office 2016/Smart Documents (Word, Excel)
PolicySettingComment
Disable Smart Document's use of manifestsEnabled
Microsoft Outlook 2016/Account Settings/Exchange
PolicySettingComment
Authentication with Exchange ServerEnabled
Select the authentication with Exchange server.Kerberos Password Authentication
PolicySettingComment
Enable RPC encryptionEnabled
Microsoft Outlook 2016/Outlook Options/Other/Advanced
PolicySettingComment
Do not allow Outlook object model scripts to run for public foldersEnabled
Do not allow Outlook object model scripts to run for shared foldersEnabled
Use Unicode format when dragging e-mail message to file systemDisabled
Microsoft Outlook 2016/Security
PolicySettingComment
Allow Active X One Off FormsEnabled
Sets which ActiveX controls to allow.
Load only Outlook Controls
PolicySettingComment
Prevent users from customizing attachment security settingsEnabled
Microsoft Outlook 2016/Security/Automatic Picture Download Settings
PolicySettingComment
Include Internet in Safe Zones for Automatic Picture DownloadDisabled
Microsoft Outlook 2016/Security/Cryptography
PolicySettingComment
Do not display 'Publish to GAL' buttonEnabled
Minimum encryption settingsEnabled
Minimum key size (in bits):168
PolicySettingComment
Signature WarningEnabled
Signature WarningAlways warn about invalid signatures
Microsoft Outlook 2016/Security/Cryptography/Signature Status dialog box
PolicySettingComment
Retrieving CRLs (Certificate Revocation Lists)Enabled
When online always retreive the CRL
Microsoft Outlook 2016/Security/Security Form Settings
PolicySettingComment
Outlook Security ModeEnabled
Outlook Security Policy:Use Outlook Security Group Policy
Microsoft Outlook 2016/Security/Security Form Settings/Attachment Security
PolicySettingComment
Allow users to demote attachments to Level 2Disabled
Display Level 1 attachmentsDisabled
Remove file extensions blocked as Level 1Disabled
Remove file extensions blocked as Level 2Disabled
Microsoft Outlook 2016/Security/Security Form Settings/Custom Form Security
PolicySettingComment
Allow scripts in one-off Outlook formsDisabled
Set Outlook object model custom actions execution promptEnabled
When executing a custom action:Automatically Deny
Microsoft Outlook 2016/Security/Security Form Settings/Programmatic Security
PolicySettingComment
Configure Outlook object model prompt when accessing an address bookEnabled
Guard behavior:Automatically Deny
PolicySettingComment
Configure Outlook object model prompt When accessing the Formula property of a UserProperty objectEnabled
Guard behavior:Automatically Deny
PolicySettingComment
Configure Outlook object model prompt when executing Save AsEnabled
Guard behavior:Automatically Deny
PolicySettingComment
Configure Outlook object model prompt when reading address informationEnabled
Guard behavior:Automatically Deny
PolicySettingComment
Configure Outlook object model prompt when responding to meeting and task requestsEnabled
Guard behavior:Automatically Deny
PolicySettingComment
Configure Outlook object model prompt when sending mailEnabled
Guard behavior:Automatically Deny
Microsoft Outlook 2016/Security/Trust Center
PolicySettingComment
Allow hyperlinks in suspected phishing e-mail messagesDisabled
Security setting for macrosEnabled
Security LevelWarn for signed, disable unsigned
Microsoft PowerPoint 2016/PowerPoint Options/Security
PolicySettingComment
Run ProgramsEnabled
disable (don't run any programs)
PolicySettingComment
Scan encrypted macros in PowerPoint Open XML presentationsEnabled
Scan encrypted macros (default)
PolicySettingComment
Turn off file validationDisabled
Microsoft PowerPoint 2016/PowerPoint Options/Security/Trust Center
PolicySettingComment
Block macros from running in Office files from the internetEnabled
Disable Trust Bar Notification for unsigned application add-ins and block themEnabled
VBA Macro Notification SettingsEnabled
Disable all except digitally signed macros
Require macros to be signed by a trusted publisher 
Block certificates from trusted publishers that are only installed in the current user certificate store 
Require Extended Key Usage (EKU) for certificates from trusted publishers 
Microsoft PowerPoint 2016/PowerPoint Options/Security/Trust Center/File Block Settings
PolicySettingComment
PowerPoint 97-2003 presentations, shows, templates and add-in filesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Set default file block behaviorEnabled
Blocked files are not opened
Microsoft PowerPoint 2016/PowerPoint Options/Security/Trust Center/Protected View
PolicySettingComment
Do not open files from the internet zone in Protected ViewDisabled
Do not open files in unsafe locations in Protected ViewDisabled
Set document behavior if file validation failsEnabled
Open in Protected View
Checked: Allow edit. Unchecked: Do not allow edit.Disabled
PolicySettingComment
Turn off Protected View for attachments opened from OutlookDisabled
Microsoft PowerPoint 2016/PowerPoint Options/Security/Trust Center/Trusted Locations
PolicySettingComment
Allow Trusted Locations on the networkDisabled
Microsoft Project 2016/Project Options/Security/Trust Center
PolicySettingComment
Allow Trusted Locations on the networkDisabled
Disable Trust Bar Notification for unsigned application add-ins and block themEnabled
VBA Macro Notification SettingsEnabled
Disable all except digitally signed macros
Microsoft Publisher 2016/Security
PolicySettingComment
Publisher Automation Security LevelEnabled
By UI (prompted)
Microsoft Publisher 2016/Security/Trust Center
PolicySettingComment
Disable Trust Bar Notification for unsigned application add-ins and block themEnabled
VBA Macro Notification SettingsEnabled
Disable all except digitally signed macros
Require macros to be signed by a trusted publisher 
Block certificates from trusted publishers that are only installed in the current user certificate store 
Require Extended Key Usage (EKU) for certificates from trusted publishers 
Microsoft Visio 2016/Visio Options/Security/Trust Center
PolicySettingComment
Allow Trusted Locations on the networkDisabled
Block macros from running in Office files from the internetEnabled
Disable Trust Bar Notification for unsigned application add-ins and block themEnabled
VBA Macro Notification SettingsEnabled
Disable all except digitally signed macros
Require macros to be signed by a trusted publisher 
Block certificates from trusted publishers that are only installed in the current user certificate store 
Require Extended Key Usage (EKU) for certificates from trusted publishers 
Microsoft Visio 2016/Visio Options/Security/Trust Center/File Block Settings
PolicySettingComment
Visio 2000-2002 Binary Drawings, Templates and StencilsEnabled
File block setting:Open/Save blocked
PolicySettingComment
Visio 2003-2010 Binary Drawings, Templates and StencilsEnabled
File block setting:Open/Save blocked
PolicySettingComment
Visio 5.0 or earlier Binary Drawings, Templates and StencilsEnabled
File block setting:Open/Save blocked
Microsoft Word 2016/Word Options/Security
PolicySettingComment
Turn off file validationDisabled
Microsoft Word 2016/Word Options/Security/Trust Center
PolicySettingComment
Block macros from running in Office files from the internetEnabled
Disable Trust Bar Notification for unsigned application add-ins and block themEnabled
Scan encrypted macros in Word Open XML documentsEnabled
Scan encrypted macros (default)
PolicySettingComment
VBA Macro Notification SettingsEnabled
Disable all except digitally signed macros
Require macros to be signed by a trusted publisher 
Block certificates from trusted publishers that are only installed in the current user certificate store 
Require Extended Key Usage (EKU) for certificates from trusted publishers 
Microsoft Word 2016/Word Options/Security/Trust Center/File Block Settings
PolicySettingComment
Set default file block behaviorEnabled
Blocked files are not opened
PolicySettingComment
Word 2 and earlier binary documents and templatesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Word 2000 binary documents and templatesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Word 2003 binary documents and templatesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Word 2007 and later binary documents and templatesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Word 6.0 binary documents and templatesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Word 95 binary documents and templatesEnabled
File block setting:Open/Save blocked, use open policy
PolicySettingComment
Word 97 binary documents and templatesEnabled
File block setting: Open/Save blocked, use open policy
PolicySettingComment
Word XP binary documents and templatesEnabled
File block setting:Open/Save blocked, use open policy
Microsoft Word 2016/Word Options/Security/Trust Center/Protected View
PolicySettingComment
Do not open files from the internet zone in Protected ViewDisabled
Do not open files in unsafe locations in Protected ViewDisabled
Set document behavior if file validation failsEnabled
Open in Protected View
Checked: Allow edit. Unchecked: Do not allow edit.Disabled
PolicySettingComment
Turn off Protected View for attachments opened from OutlookDisabled
Microsoft Word 2016/Word Options/Security/Trust Center/Trusted Locations
PolicySettingComment
Allow Trusted Locations on the networkDisabled