How to use the registry to configure 2007 Office programs to prompt you when a packager object runs


Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry

Summary


This article describes how to use the registry to configure Microsoft 2007 Office programs to prompt you when a packager object runs. You can also configure 2007 Office programs to block packager objects from running in these programs.

More Information


Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Packager objects are small executable program codes that can run within other programs, such as 2007 Office programs. Packager objects may run silently in the background without your knowledge. Therefore, we recommend that you configure Microsoft Office programs to prompt you when a packager object runs on the computer. When you do this, you can control which packager objects run.

In Microsoft Office 2003 programs, you can configure the Security Level settings for Microsoft Visual Basic for Applications (VBA) macros so that you are prompted when a packager object runs. If you set the macro security level to Very High or to High, you are prompted when a packager object runs. If you set the macro security level setting to Medium, you are prompted to decide when to run safe packager objects. If you set the macro security level setting to Low, you are not prompted when a packager object runs.

In 2007 Office programs, you cannot set the security levels on the Security Levels tab of the Security dialog box. This dialog box does not exist. However, you can use the registry to configure 2007 Office programs to prompt you when a packager object runs. These registry settings are specific to each 2007 Office program. After you configure the registry, the Trust Center dialog box appears when a packager object runs. This dialog box contains a message that asks you whether you want the packager object to run.

To configure 2007 Office programs to prompt you when a packager object runs, configure the PackagerPrompt registry entry in the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Program_name\Security
This registry entry is a REG_DWORD entry. You can use any of the following values with this registry entry:
  • 0: By default, the value of the PackagerPrompt registry entry is set to 0. When you use this value, you are not prompted when a packager object runs. This value corresponds to the Low macro security level setting in Office 2003.
  • 1: When you use this value, you are prompted when a packager object runs. This value corresponds to the Medium and higher macro security level settings in Office 2003. However, if a document is in a trusted location, you are not prompted when a packager object runs.
  • 2: When you use this value, packager objects are blocked from running. You may want to use this value if you want to prevent all packager objects from running in the organization.
The prompt functionality for packager objects was introduced in Microsoft Windows XP Service Pack 1 (SP1). If you configure 2007 Office programs to prompt you when a packager object runs, you are prompted two times. First, you are prompted by the 2007 Office program. Then, you are prompted by the Windows operating system. However, if you configure a 2007 Office program not to prompt you when a packager object runs, you may still be prompted by Windows in certain cases. Windows prompts you if a packager object that has a known dangerous file name extension is trying to run. To determine whether the file name extension is dangerous, Windows refers to the file name extensions that are included in the AssocIsDangerous function. This function contains a hard-coded list of file name extensions that may be dangerous. This function is updated through Windows Update. Windows automatically adds these file name extensions to the registry. You can use policy settings to configure the list of file name extensions.

Windows typically prompts you when a packager object that has a dangerous file name extension is trying to run. Therefore, the default behavior in 2007 Office programs is that you are not prompted when a packager object runs.

When a document is in a trusted location, Windows prompts you if a packager object has a dangerous file name extension. In this case, the Trust Center dialog box does not appear. When the document is in a location that is not trusted, the Trust Center dialog box appears when a packager object that has a dangerous file name extension is trying to run.

Note When you configure 2007 Office programs either to prompt you when a packager object runs or to block packager objects, these settings do not affect any other programs.