Allow root or intermediate certificates as VBA trusted publishers

Supported OS tags: Windows10

This policy setting controls whether root and intermediate certificates can be added as trusted publishers for VBA macro validation when the VBA Macro Notification Settings policy is set to "Disable all except digitally signed macros". If you enable this policy setting, administrators can add root or intermediate certificates to the trusted publishers store. VBA macros signed by any certificate that chains to these trusted root or intermediate certificates will be considered as signed by a trusted publisher and allowed to run. If you disable or don't configure this policy setting, only end (leaf) certificates can be added as trusted publishers. Note: This policy setting only takes effect when the VBA Macro Notification Settings policy is set to "Disable all except digitally signed macros".

This policy has no additional user input fields.

• User
  ActiveX Control Initialization

  Windows7
• User
  Allow Basic Authentication prompts from network proxies

  Windows7
• User
  Allow file extensions for OLE embedding

  Windows7
• User
  Allow specified hosts to show Basic Authentication prompts to Office apps

  Windows7
• User
  Allow VBA to load typelib references by path from untrusted intranet locations

  Windows 10
• User
  Automation Security

  Windows7
• User
  Block additional file extensions for OLE embedding

  Windows7
• User
  Block all internet macros (ignore trusted locations or publishers)

  Windows 10
• User
  Block Insecure Protocols

  Windows7
• User
  Block loading of COM/VSTO add-ins registered in HKCU

  Windows 10
• User
  Block OLE Graph

  Windows7
• User
  Block OrgChart

  Windows7