Excel 信任文档 trust document对于用电脑名称的UNC和用IP地址共享路径的不同处理方式

Excel在打开网络共享文件时,默认会用保护试图来打开。如果是包含了宏的excel文件,会提示Enable content开启内容来启用宏。

我们有个同事编写了一个VBA的excel文件,放到不同的文件服务器上供不同的人员使用。

然后他发现了一个有趣的现象,在某个文件服务器上的该文件打开时会提示 Enable content开启内容 。但在另外一个文件服务器上的该文件不会提示。两个文件服务器并无任何不同的设置。该用户的Excel也没有针对宏安全做任何设置。该用户想在所有共享上都取消掉该提示。

经过分析测试发现,没有出现提示的那个共享文件在第一次打开的时候会提示是否把该文件设置为信任文档。如果点Yes的话,下次打开就不会再提示。关于信任文档的资料微软有说明,有些文件是可以设置为信任文档的,有些文件不可以设置为信任文档。

https://support.office.com/en-us/article/trusted-documents-cf872bd8-47ec-4c02-baa5-1fdba1a11b53

Some files can’t be made trusted documents
There are situations when you can’t make a file a trusted document. For example, one or several, types of active content have been disabled when you attempt to open the file. Active content can be disabled if:
The system administrator has set security policy to disable a certain type of active content for your organization (for example, Disable all macros without notification). In this case, if you open a file with macros, and data connections, the file can’t be trusted because the macros are disabled when the file opens.
You have changed your Trust Center settings for one, or more, active-content types.
To see your security settings click the File tab. Click Options. Click Trust Center, and then click Trust Center Settings. Or you can learn more in View my options and settings in the Trust Center.
More reasons why files cannot be made trusted documents
The file opened from an unsafe location, such as your temporary Internet folder (TIF) or the Temp folder
If the feature is turned off by your system administrator for network locations, or for all locations
If the file you are trying to trust is a template, such as files with the extensions .dot, .dotx, or .dotm
For these files, click Enable All Content to enable the active content for that session. This enables the content for one time, only. The Message Bar appears when you reopen the file.
The following example is an image the Security Warning area when a file cannot be trusted.

经过仔细分析共享路径发现,可以设置为信任文档的共享路径UNC采用的是完整的域名\\xxx.xxx.int\share,而不可以设置为信任文档的共享路径采用的是IP地址 \\xx.xx.xx.xx\share

经过测试如果将UNC共享路径中的IP地址更改为电脑名称或域名,则可以将该文档设置为信任文档。

之所以用IP地址来做共享路径,是觉得无论是电脑名称或者是完整的域名,DNS都最终会转换为IP地址来访问,使用IP地址会节省时间。但万万没想到,Excel会识别IP地址的共享更不安全。

这一点从来没有遇到过。不清楚微软是怎么想的。

打赏

共有 0 条评论

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注