Resolving Excel Macro Issues Caused by Microsoft Security Baselines

Microsoft Security Baselines provide a set of recommended configuration settings for securing your environment. However, sometimes these settings can interfere with normal operations, causing unexpected issues. Recently, we encountered a problem where enabling the security baseline caused Excel macros to stop working. Here’s a detailed account of the issue and how we resolved it.

The Problem After turning on the Microsoft Security Baseline for Windows 10 and later, macros in Excel stopped functioning. Typically, this problem can be resolved by creating a trusted location for the file share. However, in our case, we were using DFS (Distributed File System) namespaces, and adding the file path to the DFS namespace as a trusted location did not solve the issue. Even though File Explorer recognized the DFS namespace as a trusted location, Excel continued to block the macros.

Here’s what normally fixes it when using a normal file share. Create a configuration profile to add the trusted location:

The Initial Attempt Our initial troubleshooting steps included the following:

  1. Ensuring that the file path for the DFS namespace was correctly added as a trusted location.
  2. Verifying that File Explorer acknowledged the DFS path as trusted.

Despite these efforts, Excel still blocked the macros, indicating that the issue lay deeper within the configuration settings. To resolve the issue, we decided to create a configuration profile using administrative templates, which mirrors group policy settings. Here’s the step-by-step solution:

  1. Create a Configuration Profile: We created a configuration profile in Microsoft Endpoint Manager using administrative templates.
  2. Set Intranet Zone to Low Security:
    o We configured the intranet zone template to have low security settings.
  3. Add DFS Namespace to Trusted Sites:
    o Instead of adding the DFS namespace as a trusted location, we added it as a trusted site.
    o The format used was file://. For example, file://corp.site.com instead of \corp.site.com for the DFS location.
  4. Include All Local Intranet Sites:
    o We enabled the setting to include all local intranet sites not listed in other zones. This ensures that any other network resources are also trusted.
  5. Apply the Settings:
    o We applied these settings, ensuring that the DFS namespace location was recognized as a trusted site.

This approach effectively resolved the issue. Excel macros started functioning correctly once the DFS namespace was added as a trusted intranet site instead of just a trusted location. Below are some screenshots:

Shipping DepartmentShipping Department
22:28 04 May 23
Patrick OzierPatrick Ozier
22:32 07 Apr 23
Habazatchery DuftonHabazatchery Dufton
23:56 10 Feb 22
Eddie De La RosaEddie De La Rosa
15:30 09 Feb 22
Remote IT Services in my previous work experiences has always felt a bit disconnected and i even felt reluctant to ask for help at times.The guys at Relion are the best, we've gotten to know them well and all have been onsite when ever needed, even for something as little as setting up a new PC.Big or small Relion will treat you like you are client #1
Jorge SanchezJorge Sanchez
15:06 05 Feb 22
great customer service, very fast response. Always taking care of their customers.Thank you Relion Team
Stephen LealStephen Leal
19:17 02 Feb 22
Relion exceeds all of my expectations. Their team is super responsive when any issue should arise, and troubleshoots problems with lighting speed while always maintaining a high level of customer service and great clear communication. Thank you for continued excellence!
Henry WongHenry Wong
16:42 26 Jan 22
Customer service was excellent! A great team with broad knowledgeable in IT.
Mike WhiteheadMike Whitehead
17:06 18 Jan 22
Brian and the Relion's IT Crew are rated as number one in my view.The support team is excellent and very responsive to my needs. I highly recommend Relion for any size organization!
Jeanine BJeanine B
18:15 14 Jan 22
I absolutely Love working with the guys from Relion! Every person on the team is very kind, respectful and knowledgeable. I feel secure with Relion supporting and securing our internal and external communications as we are navigating various forms of technology each day while working remote, onsite or some hybrid version of either. They are the best IT team I have ever worked with!!
Wayne Lee (LEWAYHUN)Wayne Lee (LEWAYHUN)
00:20 13 Jan 22
Relion is our outsourced IT, although often times they feel more in-house:)
Alejandra AguilarAlejandra Aguilar
00:40 12 Jan 22
Always will go above and beyond
Lainy AbudayyehLainy Abudayyeh
00:00 31 Aug 17
The above and beyond service Relion provides is definitely unmatched. We've had technical difficulties anywhere from 5am to 10pm and we've always been able to get a hold of someone. I cannot even tell you the last time we have been down or offline. I am sure almost all companies can agree, losing all or any data would be catastrophic so there is always a comfort in knowing ours is in good hands.
Sung Kim, DPTSung Kim, DPT
17:43 28 Jul 17
Brian and his team stand head and shoulders above the rest. Their instantaneous response time is a life-saver. They're fast, they're efficient, and most importantly, they're honest. They don't try to up-sell you on this or that, like other companies we contacted. Give them a try. You won't regret it.
AnthonyAnthony
23:56 20 Jul 17
Quick response and really helpful. This group is awesome. I've needed them late at night when system was down and they had me up and going in no time. Customer service is excellent.
js_loader

BUSINESS

STARTING AT $1,000 PER MONTH

NON-PROFIT

STARTING AT $750 PER MONTH

Get a free consultation

Scroll to Top