Microsoft Access 2016 Microsoft Access 2016 16.0.4266.1001 Trusted Locations Disable Trust Bar Notification for unsigned application add-ins and block them This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy setting only applies if you enable the "Require that application add-ins are signed by Trusted Publisher" policy setting, which prevents users from changing this policy setting. If you enable this policy setting, applications automatically disable unsigned add-ins without informing users. If you disable this policy setting, if this application is configured to require that all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar at the top of the active window. The Trust Bar contains a message that informs users about the unsigned add-in. If you do not configure this policy setting, the disable behavior applies, and in addition, users can configure this requirement themselves in the "Add-ins" category of the Trust Center for the application. This policy setting controls whether add-ins for this applications must be digitally signed by a trusted publisher. If you enable this policy setting, this application checks the digital signature for each add-in before loading it. If an add-in does not have a digital signature, or if the signature did not come from a trusted publisher, this application disables the add-in and notifies the user. Certificates must be added to the Trusted Publishers list if you require that all add-ins be signed by a trusted publisher. For detail on about obtaining and distributing certificates, see http://go.microsoft.com/fwlink/?LinkId=294922. Office 2016 stores certificates for trusted publishers in the Internet Explorer trusted publisher store. Earlier versions of Microsoft Office stored trusted publisher certificate information (specifically, the certificate thumbprint) in a special Office trusted publisher store. Office 2016 still reads trusted publisher certificate information from the Office trusted publisher store, but it does not write information to this store. Therefore, if you created a list of trusted publishers in a previous version of Office and you upgrade to Office 2016, your trusted publisher list will still be recognized. However, any trusted publisher certificates that you add to the list will be stored in the Internet Explorer trusted publisher store. For more information about trusted publishers, see the Office Resource Kit. If you disable or do not configure this policy setting, this application does not check the digital signature on application add-ins before opening them. If a dangerous add-in is loaded, it could harm users' computers or compromise data security. Require that application add-ins are signed by Trusted Publisher Trust Center Cryptography This policy setting allows you to specify a location that is used as a trusted source for opening files in this application. Files in trusted locations bypass file validation, active content checks and Protected View. Macros and code in these files will execute without displaying warnings to the user. If you change or add a location make sure that the new location is secured, with only appropriate user permissions to add document/files. If you enable this policy setting, you may specify a folder location, path, and date from which files can the application can open files which run macros without warning. If you check the "Allow sub folders" check box, then all sub-folders in the folder you specify will also be trusted. If you disable or do not configure this policy setting, the trusted location is not specified. Path: Date: Description: Allow sub folders: Trusted Location #1 Trusted Location #2 Trusted Location #3 Trusted Location #4 Trusted Location #5 Trusted Location #6 Trusted Location #7 Trusted Location #8 Trusted Location #9 Trusted Location #10 Trusted Location #11 Trusted Location #12 Trusted Location #13 Trusted Location #14 Trusted Location #15 Trusted Location #16 Trusted Location #17 Trusted Location #18 Trusted Location #19 Trusted Location #20 Allow Trusted Locations on the network This policy setting controls whether trusted locations on the network can be used. If you enable this policy setting, users can specify trusted locations on network shares or in other remote locations that are not under their direct control by selecting the "Allow Trusted Locations on my network (not recommended)" check box in the Trusted Locations section of the Trust Center. Content, code, and add-ins are allowed to load from trusted locations with minimal security and without prompting the user for permission. If you disable or do not configure this policy setting, the selected application ignores any network locations listed in the Trusted Locations section of the Trust Center. Disabling this policy setting does not delete any network locations from the Trusted Locations list. Instead, it forces the selected application to treat the locations as non-trusted and prevents users from adding new network locations to the list. If you also deploy Trusted Locations via Group Policy, you should verify whether any of them are remote locations. If any of them are remote locations and you do not allow remote locations via this policy setting, those policy keys that point to remote locations will be ignored on client computers. Disabling this policy setting will cause disruption for users who add network locations to the Trusted Locations list. However, it is not recommended to enable this policy setting (as the "Allow Trusted Locations on my network (not recommended)" check box itself states), so in practice it should be possible to disable this policy setting in most situations without causing significant usability issues for most users. Disable all trusted locations Turn off trusted documents This policy setting allows you to turn off the trusted documents feature. The trusted documents feature allows users to always enable active content in documents such as macros, ActiveX controls, data connections, etc. so that they are not prompted the next time they open the documents. Trusted documents are exempt from security notifications. If you enable this policy setting, you will turn off the trusted documents feature. Users will receive a security prompt every time a document containing active content is opened. If you disable or do not configure this policy setting, documents will be trusted when users enable content for a document, and users will not receive a security prompt. This policy setting allows administrators to disable all trusted locations in the specified applications. Trusted locations specified in the Trust Center are used to define file locations that are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with a minimal amount of security, without prompting the users for permission. If a dangerous file is opened from a trusted location, it will not be subject to standard security measures and could harm users' computers or data. If you enable this policy setting, all trusted locations (those specified in the Trust Center) in the specified applications are ignored, including any trusted locations established by Office 2016 during setup, deployed to users using Group Policy, or added by users themselves. Users will be prompted again when opening files from trusted locations. If you disable or do not configure this policy setting, all trusted locations (those specified in the Trust Center) in the specified applications are assumed to be safe. Turn off Trusted Documents on the network This policy setting allows you to turn off the trusted documents feature for documents opened from the network. If you enable this policy setting, users will always see security notifications for active content such as macros, ActiveX controls, data connections, etc. for documents opened from the network. If you disable or do not configure this policy setting, the trusted documents feature allows users to always allow active content in documents such as macros, ActiveX controls, data connections, etc. so that users are not prompted the next time they open the documents. Trusted documents are exempt from security notifications. Set CNG cipher algorithm This policy setting allows you to configure the CNG cipher algorithm that is used. If you enable this policy setting, then the cipher provided will be used if it is a supported algorithm. If you disable or do not configure this policy setting, AES will be used. Configure CNG cipher chaining mode This policy setting allows you to configure the cipher chaining mode used. If you enable this policy setting, the cipher chaining mode specified will be applied. If you disable or do not configure this policy setting, Cipher Block Chaining (CBC) will be the default CNG cipher chaining mode used. Cipher Block Chaining (CBC) Cipher Feedback (CFB) Set CNG cipher key length This policy setting allows you to configure the number of bits to use when creating the cipher key. This number will be rounded down to a multiple of 8. If you enable this policy setting, the key bits specified will be used. If you disable or do not configure this policy setting, the default value will be used. Specify encryption compatibility This policy setting allows you to specify the encrypted database compatibility. If you enable this policy setting, the compatibility format specified will be applied during encryption for new files - Use legacy format - Use next generation format - All files save with next generation format If you disable or do not configure this policy setting, the default setting, "Use next generation format," will be applied. Use legacy format Use next generation format All files save with next generation format Set parameters for CNG context This policy setting allows you to specify the encryption parameters that should be used for the CNG context. If you enable this policy setting, the parameters specified will be passed to the CNG context. If you disable or do not configure this policy setting, the default CNG values will be used. Specify CNG hash algorithm This policy setting allows you to specify the hash algorithm used. If you enable this policy setting, the hashing algorithm selected will be used by CNG. If you disable or do not configure this policy setting, the default CNG hash algorithm will be used. SHA1 SHA256 SHA384 SHA512 Set CNG password spin count This policy setting allows you to specify the number of times to spin (rehash) the password verifier. If you enable this policy setting, the number specified will be the number of times the password will be rehashed. If you disable or do not configure this policy setting, the default (100000) will be used. Specify CNG random number generator algorithm This policy setting allows you to configure the CNG random number generator to use. If you enable this policy setting, the random number generator specified will be used. If you disable or do not configure this policy setting, the default random number generator will be used. Specify CNG salt length This policy setting allows you to specific the number of bytes of salt that should be used. If you enable this policy setting, the bytes specified will be used. If you disable or do not configure this policy setting, the default length or 16 will be used. Set maximum number of trusted documents This policy setting allows you to specify the maximum number of trust records for trusted documents that can be stored in the registry before the purge task runs. The purge task reduces the number of trusted documents stored in the registry to the value set by the "Set maximum number of trust records to preserve" policy setting. If you enable this policy setting, you can specify the maximum number of trusted documents to be stored in the registry before the purge task runs, with an upper limit of 20,000 documents. For performance reasons, we do not recommend setting this policy setting to the upper limit. If you disable or do not configure this policy setting, the default value of 500 is used for the maximum number of trusted documents that can be stored in the registry before the purge task runs. Set maximum number of trust records to preserve This policy setting allows you to specify the maximum number of trust records to preserve when the purge task detects that this application has trusted more than the number of trusted documents set by the "Set maximum number of trusted documents" policy setting. If you enable this policy setting, you may specify the maximum number of trust records to preserve, with an upper limit of 20000. Due to performance reasons, it is not recommended to set it to the upper limit. If you disable or you do not configure this policy setting, the default value for of 400 is used. VBA Macro Notification Settings This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are present. If you enable this policy setting, you can choose from four options for determining how the specified applications will warn the user about macros: - Disable all with notification: The application displays the Trust Bar for all macros, whether signed or unsigned. This option enforces the default configuration in Office. - Disable all except digitally signed macros: The application displays the Trust Bar for digitally signed macros, allowing users to enable them or leave them disabled. Any unsigned macros are disabled, and users are not notified. - Disable all without notification: The application disables all macros, whether signed or unsigned, and does not notify users. - Enable all macros (not recommended): All macros are enabled, whether signed or unsigned. This option can significantly reduce security by allowing dangerous code to run undetected. If you disable this policy setting, "Disable all with notification" will be the default setting. If you do not configure this policy setting, when users open files in the specified applications that contain VBA macros, the applications open the files with the macros disabled and display the Trust Bar with a warning that macros are present and have been disabled. Users can inspect and edit the files if appropriate, but cannot use any disabled functionality until they enable it by clicking "Enable Content" on the Trust Bar. If the user clicks "Enable Content", then the document is added as a trusted document. Important: If "Disable all except digitally signed macros" is selected, users will not be able to open unsigned Access databases. Also, note that Microsoft Office stores certificates for trusted publishers in the Internet Explorer trusted publisher store. Earlier versions of Microsoft Office stored trusted publisher certificate information (specifically, the certificate thumbprint) in a special Office trusted publisher store. Microsoft Office still reads trusted publisher certificate information from the Office trusted publisher store, but it does not write information to this store. Therefore, if you created a list of trusted publishers in a previous version of Microsoft Office and you upgrade to Office, your trusted publisher list will still be recognized. However, any trusted publisher certificates that you add to the list will be stored in the Internet Explorer trusted publisher store. Disable all with notification Disable all except digitally signed macros Disable all without notification Enable all macros (not recommended) Aqua Black Blue Bright Green Dark Blue Fuchsia Gray Green Maroon Olive Red Silver Teal Violet White Yellow Custom Customizable Error Messages Disable commands Disable Items in User Interface Disable shortcut keys Enter a command bar ID to disable Enter a key and modifier to disable Enter error ID for Value Name and custom button text for Value General Left-to-Right List of error messages to customize Miscellaneous Predefined Number of files in the Recent list This policy setting specifies the number of entries displayed in the Recent list that appears when users click Open on the File tab in Backstage view. If you enable this policy setting, you can specify the number of entries to be between 0 and 50. If you set the number to 0, all pinned and unpinned entries are hidden. If you disable or do not configure this policy setting, a maximum of 25 items will be displayed in the Recent list. Note: If you want to prevent items from being added to the Recent list entirely, you can enable the "Do not keep history of recently opened documents" Windows policy setting. Number of folders in the Recent Folders list This policy setting specifies the number of unpinned entries displayed in the Recent Folders list that appears when users click Open or Save As on the File tab in Backstage view. If you enable this policy setting, you can specify the number of unpinned entries to be between 0 and 20. If you set the number to 0, all pinned and unpinned entries are hidden. If you disable or do not configure this policy setting, a maximum of 5 unpinned items are displayed in the Recent Folders list. Note: If you want to prevent items from being added to the Recent Folders list entirely, you can enable the "Do not keep history of recently opened documents" Windows policy setting. Right-to-left Security Visual Web Options... Ctrl+F (Home | Find | Find) Alt+F11 (Database Tools | Macro | Visual Basic) This policy setting controls whether hyperlinks in Access tables, queries, forms, and reports are underlined. If you enable this policy setting, Access underlines all hyperlinks in tables, queries, forms, and reports when they are created, overriding any configuration changes on the users' computers. If you disable this policy setting, Access does not underline hyperlinks in tables, queries, forms and reports. If you do not configure this policy setting, Access underlines hyperlinks that appear in tables, queries, forms, and reports. Enabling this policy setting enforces the default configuration in Access, and is therefore unlikely to cause a significant usability issue for most users. If this configuration is changed, users might click on dangerous hyperlinks without realizing it, which could pose a security risk. Modal Trust Decision Only This policy setting controls how Access notifies users about untrusted components. If you enable this policy setting, when users attempt to open an untrusted Access database that contains user-programmed executable components, users see a dialog box where they then must choose whether to enable or disable the components before they can work with the database. If you disable or do not configure this policy setting, when users open an untrusted Access database that contains user-programmed executable components, Access opens the database with the components disabled and displays the Message Bar with a warning that database content has been disabled. Users can inspect the contents of the database, but cannot use any disabled functionality until they enable it by clicking Options on the Message Bar and selecting the appropriate action. Access 2000 Access 2002-2003 Access 2007 This policy setting controls whether new database files are created in the new Access format or in a format used by earlier versions of Access. If you enable this policy setting, you can specify whether new database files are created in Access 2016 format by default or in Access 2002--2003 format. Users can still override the default and select a specific format when they save the files, but cannot set the default by themselves from the Access Options dialog. If you disable or do not configure this policy setting, when users create new database files, Access saves them in the new Access 2016 format; however, users can change this functionality by selecting a file format from the Default file format drop down list under Access Options | Popular | Creating databases. Note: If you disable this policy setting, users can choose from three default file formats: Access 2000, Access 2002--2003, and Access 2016. You can use this policy setting to specify either the Access 2002--2003 or Access 2016 format as the default, but not the Access 2000 format. Default file format Application Settings This policy setting controls whether Access prompts users to convert older databases when they are opened. If you enable this policy setting, Access will leave Access 97-format databases unchanged. Access informs the user that the database is in the older format, but does not provide the user with an option to convert the database. Some features introduced in more recent versions of Access will not be available, and the user will not be able to make any design changes to the database. If you disable or do not configure this policy setting, when users open databases that were created in the Access 97 file format, Access prompts them to convert the database to a newer file format. Users can choose to convert the database or leave it in the older format. Cursor movement Default database folder Default direction Defines a list of custom error messages to activate. This policy setting allows you to disable any command bar button and menu item with a command bar ID, including command bar buttons and menu items that are not in the predefined lists. If you enable this policy setting, you can enter an ID number to disable a specific command bar button or menu item. The ID number needs to be in decimal (not hexadecimal). Multiple values should be separated by commas. If you disable or do not configure this policy setting, all default command bar buttons or menu items are available to users. This policy setting allows you to disable any shortcut key by using its virtual key code ID, including shortcut keys that are not in the predefined lists. If you enable this policy setting, you can enter a virtual key code ID number to disable a specific shortcut key. If you disable or do not configure this policy setting, all default shortcut keys are enabled for users. This policy setting allows you to disable specific command bar buttons and menu items in the specified applications. If you enable this policy setting you can disable specific command bar buttons and menu items in the user interface for the selected application. The predefined list of command bar buttons and menu items you can disable becomes available to you when you enable this policy setting. If you disable or do not configure this policy setting, the predefined list of command bar buttons and menu items are enabled for the application. This policy setting allows you to disable specific shortcut key combinations in the specified applications. If you enable this policy setting you can disable specific shortcut keys for the selected application. The predefined list of shortcut keys you can disable becomes available to you when you enable this policy setting. If you disable or do not configure this policy setting, the predefined list of shortcut keys are enabled for the application. Do not prompt to convert older databases Followed hyperlink color General Alignment Hyperlink color Interface mode International Logical Microsoft Access 2016 Number of entries: Path to shared Workgroup information file for secured MDB files Specifies the default cursor movement mode. Specifies the default hyperlink text color. Specifies the default left-right text direction. Specifies the default path and filename for the workgroup information file. Specifies the default text alignment. Specifies the default text color of followed hyperlinks. Specifies the default working folder. Text mode Tools | Security Database Tools | Database Tools | Encode/Decode Database Database Tools | Administer | Users and Permission | User and Group Permissions Underline hyperlinks Workgroup Administrator... Path: Path: Path to shared Workgroup information file for secured MDB files Path: Date: Date: General Description: Default database folder Allow sub folders: Allow sub folders: Allow sub folders: Allow sub folders: Description: Allow sub folders: Description: Path: Description: Allow sub folders: Date: Path: Date: Path: Description: Date: Description: Allow sub folders: Path: Path: Description: List of error messages to customize Cursor movement Date: Description: Date: Path: Date: Allow sub folders: Date: Description: Allow sub folders: Description: Path: Description: Description: Path: Path: Date: Disable commands Path: Disable shortcut keys Date: Allow sub folders: Path: Allow sub folders: Path: Allow sub folders: Allow sub folders: Path: Description: Description: Date: Description: Default direction Date: Path: Date: Description: Date: Date: Allow sub folders: Followed hyperlink color Path: Description: Description: Description: Allow sub folders: Path: Date: Allow sub folders: Date: Allow sub folders: General Alignment Allow sub folders: Allow sub folders: Hyperlink color Date: Disable all application add-ins This policy setting disables all add-ins for the specified Office 2016 applications. If you enable this policy setting, all add-ins for the specified Office 2016 applications are disabled. If you disable or do not configure this policy setting, all add-ins for the specified Office 2016 applications are allowed to run without notifying the users. Use Access 2007 compatible cache This policy setting allows you to force new and existing databases to use a cache compatible Access 2007. If you enable this policy setting, new and existing databases will use caching compatible with Access 2007. If you disable or do not configure this policy setting, new databases will default to use caching that is not compatible with Access 2007. Existing databases will use the caching mode that they were created with. Clear cache on close This policy setting allows you to force the cache to be cleared for databases that are not compatible with Access 2016 when the database is closed. If you enable this policy setting, then any cached Microsoft SharePoint or Business Data Catalog (BDC) links will be cleared on close for databases that do not use Access 2016 compatible caching. If the database uses Access 2016 compatible caching, then this policy setting will have no effect when enabled. If you disable or do not configure this policy setting, then any cached Microsoft SharePoint or Business Data Catalog (BDC) links will be not cleared on close for databases that do not use Access 2016 compatible caching. If the database uses Access 2016 compatible caching, then this policy setting will have no effect when disabled or not configured. Never cache data This policy setting allows you to force databases that do not use Access 2016 compatible caching to not cache any data. If you enable this policy setting, then data from Microsoft SharePoint or Business Data Catalog (BDC) will not be cached for databases that do not use Access 2016 compatible caching. If the database uses Access 2016 compatible caching, then this policy setting will have no effect when enabled. If you disable or do not configure this policy setting, then data from Microsoft SharePoint or Business Data Catalog (BDC) will be cached for databases that do not use Access 2016 compatible caching. If the database uses Access 2016 compatible caching, then this policy setting will have no effect when disabled or not configured. Block all unmanaged add-ins This policy setting blocks all add-ins that are not managed by the "List of managed add-ins" policy setting. If you enable this policy setting, and the "List of managed add-ins" policy setting is also enabled, all add-ins are blocked except those that are configured as 1 (always enabled) or 2 (configurable by the user) in the "List of managed add-ins" policy setting. If you disable or do not configure this policy setting, users can enable or disable any add-ins that are not managed by the "List of managed add-ins" policy setting. List of managed add-ins List of managed add-ins This policy setting allows you to specify which add-ins are always enabled, always disabled (blocked), or configurable by the user. To block add-ins that are not managed by this policy setting, you must also configure the "Block all unmanaged add-ins" policy setting. To enable this policy setting, provide the following information for each add-in: In "Value name," specify the programmatic identifier (ProgID) for COM add-ins. To obtain the ProgID for an add-in, use Registry Editor on the client computer where the add-in is installed to locate key names under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Access\Addins or HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Access\Addins. You can also obtain the ProgID of an add-in by using Office Telemetry Dashboard. In "Value," specify the value as follows: To specify that an add-in is always disabled (blocked), type 0. To specify that an add-in is always enabled, type 1. To specify that an add-in is configurable by the user and not blocked by the "Block all unmanaged add-ins" policy setting when enabled, type 2. If you disable or do not enable this policy setting, the list of managed add-ins is deleted. If the "Block all unmanaged add-ins" policy setting is enabled, then all add-ins are blocked. Disable the Office Start screen for Access This policy setting controls whether the Office Start screen appears on boot for Access. If you enable this policy setting, users will not see the Office Start screen when they boot Access. If you disable or do not configure this policy setting, users will see the Office Start screen when they boot Access. Note: This policy setting is overridden by the policy setting "Microsoft Office 2016 > Miscellaneous > Disable the Office Start screen for all Office applications" if that policy setting is set. Personal templates path for Access This policy setting specifies the location of a user's personal templates. If you enable this policy setting, users will see any templates they have saved in the specified location in the custom templates tab on the Office Start screen and in File | New and when saving a template their default folder will change to be the specified location. If you disable or do not configure this policy setting, users will not see templates they have saved in the custom templates tab on the Office Start screen and in File | New and when saving a template their default folder will be their document save location. Show custom templates tab by default in Access on the Office Start screen and in File | New This policy setting controls whether custom templates (when they exist) show as the default tab in Access on the Office Start screen and in File | New. If you enable this policy setting, users will the see custom templates tab as the default tab in Access on the Office Start screen and in File | New when templates exist (this can include Custom XML programmed templates, templates in the Workgroup templates path, templates in the Personal templates path, or SharePoint templates). If you disable or do not configure this policy setting, users will see the Featured templates tab as the default tab in Access on the Office Start screen and in File | New, unless all Office-provided templates have been disabled. Default direction General Alignment Cursor movement Hyperlink color Followed hyperlink color Number of entries: Number of folders: Default database folder CNG cipher algorithm: Cipher key length Parameters Random number generator: Number of bytes Maximum number: Maximum to preserve: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path: Date: Description: Allow sub folders: Path to shared Workgroup information file for secured MDB files List of error messages to customize Enter error ID for Value Name and custom button text for Value File tab | Access Options | Customize | All Commands | Email Database tools | Database tools | Encrypt with Password File tab | Access Options | Customize | All Commands | User and Group Permissions File tab | Access Options | Customize | All Commands | User and Group accounts File tab | Access Options | Customize | All Commands | User-Level Security Wizard... File tab | Access Options | Customize | All Commands | Encode/Decode Database Database tools | Macro | Visual Basic Database Tools | Macro | Run Macro Database Tools | Macro | Convert Macros to Visual Basic Database Tools | Macro | Create Shortcut Menu from Macro Database Tools | Database Tools | Add-Ins Ctrl+F (Home | Find | Find) Ctrl+K (File tab | Options | Customize | All Commands | Insert Hyperlinks) Alt+F11 (Database Tools | Macro | Visual Basic) Enter a command bar ID to disable Enter a key and modifier to disable List of managed add-ins Personal templates path