How to implement the Application.AutomationSecurity property in Office XP (317405)


The information in this article applies to:

  • Microsoft Office Excel 2003
  • Microsoft Excel 2002
  • Microsoft Office PowerPoint 2003
  • Microsoft PowerPoint 2002
  • Microsoft Office Word 2003
  • Microsoft Word 2002
This article was previously published under Q317405

SUMMARY

In Microsoft Office 2000, automation is considered a "trusted state", and, therefore, macros in a file are turned on by default, regardless of the security setting. The Application.AutomationSecurity property allows Microsoft Office XP programs to support security for solutions that programmatically open a document but are uncertain whether the macros in a document are safe. A developer may want to have the Office XP solution display the security warnings to the user for these documents.

To use the Application.AutomationSecurity property on a computer that has Office XP installed, you must install Microsoft Office XP Service Pack 2 or a later version.

For additional information about the latest service pack for Microsoft Office XP, click the following article number to view the article in the Microsoft Knowledge Base:

307841 How to obtain the latest Office XP service pack

Note Microsoft Office 2003 does not require any updates to use the Application.AutomationSecurity property.

MORE INFORMATION

AutomationSecurity property

The Application object of Microsoft Word, Microsoft Excel, and Microsoft PowerPoint supports this property.

This property returns or sets an MsoAutomationSecurity constant that represents the security mode that an Office XP program uses when programmatically opening files. This property is automatically set to msoAutomationSecurityLow when the program is started. Therefore, to avoid breaking solutions that rely on the default setting, be careful to reset this property to msoAutomationSecurityLow after you open a file programmatically. Also, be sure to set this property immediately before and after you open a file programmatically, to avoid malicious subversion.

This property also allows macros to choose to open a document and to trigger the appropriate security warning, which is the same as if an end user is manually opening the document. This new property does not affect the behavior when the end user uses the user interface (UI) to open files. In this case, this property does not change the settings in the Security dialog box (on the Tools menu, point to Macro, and then click Security).

The following are the MsoAutomationSecurity constants that you can choose from:
  • msoAutomationSecurityLow
  • msoAutomationSecurityForceDisable
  • msoAutomationSecurityByUI
MsoAutomationSecurityLow turns on all macros and is the default value when you start the program. MsoAutomationSecurityForceDisable disables all macros in all files that are opened programmatically, without showing any security warnings. MsoAutomationSecurityByUI uses the security setting that is controlled in the Security dialog box (on the Tools menu, point to Macro, and then click Security).

The value of the DisplayAlerts property does not apply to security warnings. For example, if the user sets the DisplayAlerts property equal to False and the AutomationSecurity property to msoAutomationSecurityByUI while the user is on the Medium security level, security warnings appear while the macro is running. This action allows the macro to trap "file open" errors, while still displaying the security warning if the "file open" succeeds.

Enumeration Values

  • msoAutomationSecurityForceDisable = 3
  • msoAutomationSecurityByUI = 2
  • msoAutomationSecurityLow = 1

Sample Code

Sub Security()
   Dim secAutomation As MsoAutomationSecurity
   secAutomation = Application.AutomationSecurity
   Application.AutomationSecurity = msoAutomationSecurityForceDisable
   With Application.FileDialog(msoFileDialogOpen)
      .Show
      .Execute
   End With
   Application.AutomationSecurity = secAutomation
End Sub

Implications

If the user cancels the command to open the file through the security warning dialog box (by clicking the message's Close button), a run-time error occurs, with the Visual Basic for Applications method that triggered the "file open." The error code distinguishes between this user UI action and a "file not found" error.

If the macro sets msoAutomationSecurityForceDisable and opens an Excel workbook with XLM code, the "file open" fails.
Modification Type:MajorLast Reviewed:9/26/2006
Keywords:kbhowto kbAutomation kbProgramming kbinfo kbOfficeXPsp2fix KB317405
©2004 Microsoft Corporation. All rights reserved.