All automatic loading from trusted locations must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-71005	DTOO133	SV-85629r1_rule		Medium

Description
This policy setting allows administrators to disable all trusted locations in the specified applications. Trusted locations specified in the Trust Center are used to define file locations that are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with a minimal amount of security, without prompting the users for permission. If a dangerous file is opened from a trusted location, it will not be subject to standard security measures and could harm users' computers or data. If you enable this policy setting, all trusted locations (those specified in the Trust Center) in the specified applications are ignored, including any trusted locations established by Office 2016 during setup, deployed to users using Group Policy, or added by users themselves. Users will be prompted again when opening files from trusted locations. If you disable or do not configure this policy setting, all trusted locations (those specified in the Trust Center) in the specified applications are assumed to be safe.

Description

This policy setting allows administrators to disable all trusted locations in the specified applications. Trusted locations specified in the Trust Center are used to define file locations that are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with a minimal amount of security, without prompting the users for permission. If a dangerous file is opened from a trusted location, it will not be subject to standard security measures and could harm users' computers or data. If you enable this policy setting, all trusted locations (those specified in the Trust Center) in the specified applications are ignored, including any trusted locations established by Office 2016 during setup, deployed to users using Group Policy, or added by users themselves. Users will be prompted again when opening files from trusted locations. If you disable or do not configure this policy setting, all trusted locations (those specified in the Trust Center) in the specified applications are assumed to be safe.

STIG	Date
Microsoft Excel 2016 Security Technical Implementation Guide	2017-09-19

Details

Check Text ( C-71433r2_chk )
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2016 -> Excel Options -> Security -> Trust Center -> Trusted Locations "Disable all trusted locations" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\16.0\excel\security\trusted locations Criteria: If the value AllLocationsDisabled is REG_DWORD = 1, this is not a finding.

Check Text ( C-71433r2_chk )

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2016 -> Excel Options -> Security -> Trust Center -> Trusted Locations "Disable all trusted locations" is set to "Enabled".

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\16.0\excel\security\trusted locations

Criteria: If the value AllLocationsDisabled is REG_DWORD = 1, this is not a finding.

Fix Text (F-77337r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2016 -> Excel Options -> Security -> Trust Center -> Trusted Locations "Disable all trusted locations" to "Enabled".