jasmin leroux said:
I wonder if there's a GPO that prevent user to modify a Macro in Office
2007. They can user the recorder, but my client don't want them to add code.
You can password protect VBA projects, but that prevents users from
recording macros to be stored in modules in files with protected VBA
projects. Users could store recorded macros in other files, but that
points out a flaw with Office macro security: no Office program
provides any protection against macros in one file from being used on
the contents of other files.
There's no way to allow macros in a particular file to run while
preventing macros in other files from running. So while you can make
it difficult for users to alter or add to macros in one file, there's
nothing you can do to prevent them from running macros in other files.
Also, at least with regard to Excel, VBA project password security is
very weak. There are commercial password crackers which can remove VBA
project passwords in seconds. For that matter, anyone with a hex
editor and internet access (to find the instructions) can eliminate
VBA project passwords themselves manually.
You're stuck with this basic fact: if a user can open a particular
Office document, s/he can access EVERYTHING in it at varying levels of
difficulty cracking certain parts open. Only File > Open passwords
provide robust security, but if users can't open files that reduces
the utility of those files. Meaning there's no robust way to protect
Office documents' contents when users need at least read-only access
to those documents' contents.
