Plan security settings for add-ins for Office 2013
적용 대상: Office 365 ProPlus, Office
마지막으로 수정된 항목: 2014-06-26
Summary: Explains how to control the way that add-ins behave in Office 2013, and how to prevent users from running add-ins.
Audience: IT Professionals
Modify Office 2013 add-in settings to reduce the potential security risks that are posed by unknown or untrusted add-ins to Office 2013 applications.
This article is part of the Office 2013 보안 콘텐츠 로드맵. Use the roadmap as a starting point for articles, downloads, posters, and videos that help you assess Office 2013 security.
Are you looking for security information about individual Office 2013 applications? You can find this information by searching for “2013 security” on Office.com.
In this article:
Office 2013 provides several settings that enable you to control the behavior of add-ins. By configuring these settings, you can do the following:
Disable add-ins on a per-application basis.
Require that add-ins are signed by a trusted publisher.
Disable notifications for unsigned add-ins.
You can configure add-in settings only on a per-application basis. There are no global add-in settings.
For information about how to configure security settings in the Office Customization Tool (OCT) and the Office 2013 Administrative Templates, see OCT 또는 그룹 정책을 사용하여 Office 2013에 대한 보안 구성.
By default, any add-in that is installed and registered can run without requiring user intervention or warning. Installed and registered add-ins can include the following:
Component Object Model (COM) add-ins
Visual Studio Tools for Office (VSTO) add-ins
RealTimeData (RTD) servers
Application add-ins (for example, .wll, .xll, and .xlam files)
XML expansion packs
XML style sheets
This default behavior is the same as selecting the Trust all installed add-ins and templates setting in Office 2003 or an earlier Office system.
Office 2013 provides a setting that enables you to disable add-ins. Use the following guidelines to determine whether to use this setting.
Group Policy setting name: Disable all application add-ins
Office 2013 provides a setting that enables you to require that all add-ins be signed by a trusted publisher. Use the following guidelines to determine whether to use this setting.
Group Policy setting name: Require that application add-ins are signed by trusted publisher
Office 2013 provides a setting that enables you to prevent users from seeing Message Bar warnings when unsigned add-ins can’t run. Use the following guidelines to determine whether to use this setting.
Group Policy setting name: Disable Trust Bar Notification for unsigned application add-ins
|For the latest information about policy settings, refer to the Office 2013 Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool TechNet article.|