Block additional file extensions for OLE embedding

This policy setting only applies to subscription versions of Office, such as Microsoft 365 Apps for enterprise, and to subscription versions of Project and Visio.​ This policy setting allows you to specify additional file extensions that Office will block when they are embedded as an OLE package in an Office file by using the Object Packager control. By default, Office blocks certain file extensions. For a list of those file extensions, go to https://go.microsoft.com/fwlink/?linkid=847759. Important: Malicious scripts and executables can be embedded as an OLE package and can cause harm if clicked by the user. If you enable this policy setting, enter the additional file extensions to block, separated by semicolons. For example, py;rb. If you disable or don’t configure this policy setting, the default set of file extensions will be blocked. If you want to allow certain file extensions, enable the "Allow file extensions for OLE embedding" policy setting. Extensions added to this policy setting will take precedence over extensions in "Allow file extensions for OLE embedding"

No explicit registry values are set for enabled or disabled states.

• User
  ActiveX Control Initialization

  Windows7
• User
  Allow Basic Authentication prompts from network proxies

  Windows7
• User
  Allow file extensions for OLE embedding

  Windows7
• User
  Allow root or intermediate certificates as VBA trusted publishers

  Windows 10
• User
  Allow specified hosts to show Basic Authentication prompts to Office apps

  Windows7
• User
  Allow VBA to load typelib references by path from untrusted intranet locations

  Windows 10
• User
  Automation Security

  Windows7
• User
  Block all internet macros (ignore trusted locations or publishers)

  Windows 10
• User
  Block Insecure Protocols

  Windows7
• User
  Block loading of COM/VSTO add-ins registered in HKCU

  Windows 10
• User
  Block OLE Graph

  Windows7
• User
  Block OrgChart

  Windows7