Windows GPO local and doman for office 2013

8 March 2016

Admnistratve templates: 

32-bytes (11,2 MB): https://download.microsoft.com/download/5/8/C/58CA3974-1640-4CFC-A991-3904B3B8939C/admintemplates_32bit.exe
64-bytes (11,4 MB): https://download.microsoft.com/download/5/8/C/58CA3974-1640-4CFC-A991-3904B3B8939C/admintemplates_64bit.exe

extract and find admx files

local station:

  • .admx  move to C:\Windows\PolicyDefinitions
  • .adml move to C:\Windows\PolicyDefinitions\en-US

domain controler

  • .admx  move to C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions
  • .adml move to C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\en-US

Run gpedit.msc

MOST important setting

GPO
value
User Configuration\Policies\Administrative Templates\Microsoft Excel 2013\Excel Options\Security\Trust Center
Trust Access to Visual Basic Project
Disabled
VBA Macro Notification Settings
Enabled
 
Disable all without notification
User Configuration\Policies\Administrative Templates\Microsoft Excel 2013\Excel Options\Security\Trust Center\Trusted Locations
Allow Trusted Locations on the network
Disabled
Disable all trusted locations
Enabled
User Configuration\Policies\Administrative Templates\Microsoft Office 2013\Security Settings
Automation Security
Enabled
 
Set the Automation Security Level: Use application macro security level
User Configuration\Policies\Administrative Templates\Microsoft Office 2013\Security Settings\Trust Center
Allow mix of policy and user locations
Disabled
User Configuration\Policies\Administrative Templates\Microsoft Outlook 2013\Security\Trust Center
Apply macro security settings to macros, add-ins and additional actions
Enabled
 
Security setting for macros
Enabled
 
Security Level: Never warn, disable all
User Configuration\Policies\Administrative Templates\Microsoft PowerPoint 2013\PowerPoint Options\Security\Trust Center
Trust Access to Visual Basic Project
Disabled
VBA Macro Notification Settings
Enabled
 
Disable all without notification
User Configuration\Policies\Administrative Templates\Microsoft PowerPoint 2013\PowerPoint Options\Security\Trust Center\Trusted Locations
Allow Trusted Locations on the network
Disabled
Disable all trusted locations
Enabled
User Configuration\Policies\Administrative Templates\Microsoft Word 2013\Word Options\Security\Trust Center
Trust Access to Visual Basic Project
Disabled
VBA Macro Notification Settings
Enabled
 
Disable all without notification
User Configuration\Policies\Administrative Templates\Microsoft Word 2013\Word Options\Security\Trust Center\Trusted Locations
Allow Trusted Locations on the network
Disabled
Disable all trusted locations
Enabled

 

Medium important setting

GPO
value
User Configuration\Policies\Administrative Templates\Microsoft Excel 2013\Excel Options\Security\Trust Center
Turn off trusted documents
Enabled
Turn off Trusted Documents on the network
Enabled
User Configuration\Policies\Administrative Templates\Microsoft PowerPoint 2013\PowerPoint Options\Security\Trust Center
Turn off trusted documents
Enabled
Turn off Trusted Documents on the network
Enabled
User Configuration\Policies\Administrative Templates\Microsoft Word 2013\Word Options\Security\Trust Center
Turn off trusted documents
Enabled
Turn off Trusted Documents on the network
Enabled
User Configuration\Policies\Administrative Templates\Microsoft Excel 2013\Excel Options\Security\Trust Center
Disable all application add-ins
Enabled
Disable Trust Bar Notification for unsigned application add-ins and block them
Not configured
Require that application add-ins are signed by Trusted Publisher
Not configured
User Configuration\Policies\Administrative Templates\Microsoft Excel 2013\Excel Options\Security\Trust Center\Trusted Locations
Allow Trusted Locations on the network
Disabled
Disable all trusted locations
Enabled
User Configuration\Policies\Administrative Templates\Microsoft Office 2013\Security Settings\Trust Center
Allow mix of policy and user locations
Disabled
User Configuration\Policies\Administrative Templates\Microsoft PowerPoint 2013\PowerPoint Options\Security\Trust Center
Disable all application add-ins
Enabled
Disable Trust Bar Notification for unsigned application add-ins and block them
Not configured
Require that application add-ins are signed by Trusted Publisher
Not configured
User Configuration\Policies\Administrative Templates\Microsoft PowerPoint 2013\ PowerPoint Options\Security\Trust Center\Trusted Locations
Allow Trusted Locations on the network
Disabled
Disable all trusted locations
Enabled
User Configuration\Policies\Administrative Templates\Microsoft Word 2013\Word Options\Security\Trust Center
Disable all application add-ins
Enabled
Disable Trust Bar Notification for unsigned application add-ins and block them
Not configured
Require that application add-ins are signed by Trusted Publisher
Not configured
User Configuration\Policies\Administrative Templates\Microsoft Word 2013\ Word Options\Security\Trust Center\Trusted Locations
Allow Trusted Locations on the network
Disabled
Disable all trusted locations
Enabled
User Configuration\Policies\Administrative Templates\Microsoft Office 2013\Security Settings
Disable All ActiveX
Enabled
User Configuration\Policies\Administrative Templates\Microsoft Excel 2013\Excel Options\Security
Turn off file validation
Disabled
User Configuration\Policies\Administrative Templates\Microsoft Office 2013\Security Settings
Turn off error reporting for files that fail file validation
Enabled
User Configuration\Policies\Administrative Templates\Microsoft PowerPoint 2013\PowerPoint Options\Security
Turn off file validation
Disabled
User Configuration\Policies\Administrative Templates\Microsoft Word 2013\Word Options\Security
Turn off file validation
Disabled
User Configuration\Policies\Administrative Templates\Microsoft Excel 2013\Excel Options\Security\Trust Center\Protected View
Do not open files from the Internet Zone in Protected View
Disabled
Do not open files in unsafe locations in Protected View
Disabled
Set document behaviour if file validation fails
Enabled
 
Block files completely
Turn off Protected View for attachments opened from Outlook
Disabled
User Configuration\Policies\Administrative Templates\Microsoft PowerPoint 2013\PowerPoint Options\Security\Trust Center\Protected View
Do not open files from the Internet Zone in Protected View
Disabled
Do not open files in unsafe locations in Protected View
Disabled
Set document behaviour if file validation fails
Enabled
 
Block files completely
Turn off Protected View for attachments opened from Outlook
Disabled
User Configuration\Policies\Administrative Templates\Microsoft Word 2013\Word Options\Security\Trust Center\Protected View
Do not open files from the Internet Zone in Protected View
Disabled
Do not open files in unsafe locations in Protected View
Disabled
Set document behaviour if file validation fails
Enabled
 
Block files completely
Turn off Protected View for attachments opened from Outlook
Disabled
User Configuration\Policies\Administrative Templates\Microsoft Excel 2013\Excel Options\Security
Force file extension to match file type
Enabled
 
Always match file type
User Configuration\Policies\Administrative Templates\Microsoft PowerPoint 2013\PowerPoint Options\Security
Force file extension to match file type
Enabled
 
Always match file type
User Configuration\Policies\Administrative Templates\Microsoft Word 2013\Word Options\Security
Force file extension to match file type
Enabled
 
Always match file type
User Configuration\Policies\Administrative Templates\Microsoft Excel 2013\Excel Options\Security\Trust Center\File Block Settings
dBase III / IV files
Enabled
 
File block setting: Block
Dif and Sylk files
Enabled
 
File block setting: Block
Excel 2 macrosheets and add-in files
Enabled
 
File block setting: Block
Excel 2 worksheets
Enabled
 
File block setting: Block
Excel 2007 and later add-in files
Enabled
 
File block setting: Block
Excel 2007 and later binary workbooks
Enabled
 
File block setting: Block
Excel 2007 and later macro-enabled workbooks and templates
Enabled
 
File block setting: Block
Excel 3 macrosheets and add-in files
Enabled
 
File block setting: Block
Excel 3 worksheets
Enabled
 
File block setting: Block
Excel 4 macrosheets and add-in files
Enabled
 
File block setting: Block
Excel 4 workbooks
Enabled
 
File block setting: Block
Excel 4 worksheets
Enabled
 
File block setting: Block
Excel 95 workbooks
Enabled
 
File block setting: Block
Excel 95-97 workbooks and templates
Enabled
 
File block setting: Block
Excel 97-2003 add-in files
Enabled
 
File block setting: Block
Excel 97-2003 workbooks and templates
Enabled
 
File block setting: Block
Set default file block behavior
Enabled
 
Blocked files are not opened
User Configuration\Policies\Administrative Templates\Microsoft PowerPoint 2013\PowerPoint Options\Security\Trust Center\File Block Settings
PowerPoint 97-2003 presentations, shows, templates and add-in files
Enabled
 
File block setting: Block
PowerPoint beta files
Enabled
 
File block setting: Block
Set default file block behavior
Enabled
 
Blocked files are not opened
User Configuration\Policies\Administrative Templates\Microsoft Word 2013\Word Options\Security\Trust Center\File Block Settings
Set default file block behavior
Enabled
 
Blocked files are not opened
Word 2 and earlier binary documents and templates
Enabled
 
File block setting: Block
Word 2000 binary documents and templates
Enabled
 
File block setting: Block
Word 2003 binary documents and templates
Enabled
 
File block setting: Block
Word 2007 binary and later binary documents and templates
Enabled
 
File block setting: Block
Word 6.0 binary documents and templates
Enabled
 
File block setting: Block
Word 95 binary documents and templates
Enabled
 
File block setting: Block
Word 97 binary documents and templates
Enabled
 
File block setting: Block
Word XP binary documents and templates
Enabled
 
File block setting: Block
User Configuration\Policies\Administrative Templates\Microsoft PowerPoint 2013\PowerPoint Options\Security
Make hidden markup visible
Enabled
User Configuration\Policies\Administrative Templates\Microsoft Word 2013\Word Options\Security
Make hidden markup visible
Enabled

 

LESS important setting

 

GPO
value
User Configuration\Policies\Administrative Templates\Microsoft Office 2013\Privacy\Trust Center
Allow including screenshot with Office Feedback
Disabled
Automatically receive small updates to improve reliability
Disabled
Disable Opt-in Wizard on first run
Enabled
Enable Customer Experience Improvement Program
Disabled
Send Office Feedback
Disabled
User Configuration\Policies\Administrative Templates\Microsoft Office 2013\Security Settings\Trust Center\Trusted Catalogs
Allow Unsecure Apps and Catalogs
Disabled