I'd like to disable the Protected View MS Office files open in when opening files from email and other non-local places.
We have a mixture of Office 20007, 2010, and 2013 in place so if these are controlled via different GPOs, I would need each of them.
Thanks in advance.
The Protected View settings are specific to each application in Office (Word, Excel and Powerpoint only), and to each year (2010 and 2013 only).
Grab the ADMX templates, install them to the PolicyDefinitions folder for the domain, or add them individually to a GPO in Group Policy Management.
The settings are in: User Configuration, Policies, Administrative templates, Microsoft $PRODUCT $YEAR, $PRODUCT Options, Security, Trust Center, Protected View, "Do not open files in unsafe locations in Protected View", Enable.
Regarding updating the Central Store for Policies, this is the process I use.
Active Directory Central Store for policies
The domain Central Store is a file location on domain controllers that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are replicated to all domain controllers in the domain.
The Central Store must be updated with new .admx and .adml files when a new operating system comes up if you want to use the new policies.
Generally %systemroot% = C:\Windows
• On the domain controllers, the central store is located at
%systemroot%\SYSVOL_DFSR\domain\Policies\PolicyDefinitions
(was %systemroot%\sysvol\domain\policies\PolicyDefinitions in Windows Server 2008),
where %systemroot% is generally C:\Windows
• Sometimes the latest collection of .admx and .adml files can be downloaded from Microsoft. If you can find an up-to-date download link, use that. It does sometimes take them awhile to post the new policies.
• If not, you will find the needed .admx and .adml policies on the latest Windows and Windows Server computers themselves. %systemroot%\PolicyDefinitions stores the .admx and .adml files for installed components on the local computer. But to find all .admx and .adml files, go instead to %systemroot%\winsxs
• On the latest version of Windows and on the latest version of Windows Server, search for .admx files in %systemroot%\winsxs. Copy these to a new folder at \\Server\Share\CentralStore_Adds. For example, \\Server\Share \Windows 8.1 Update 1 Server 2012 R2
• Create a subfolder of this new folder named en-US. Search %systemroot%\winsxs for all .adml files and copy these to the newly-created en-US folder
• Remember, the two steps above need to be done on the latest versions of both Windows Server and Windows.
• Combine these two folders, keeping the latest version of the .admx and .adml files. I used robocopy to do this.
robocopy \\server\share\folder1 \\server\share\folder2 /XO /S
• After consulting with group policy admins on both the workstation and server side, this combined folder is now ready to be copied to the Central Store on a domain controller at %systemroot%\sysvol\domain\policies\PolicyDefinitions. In Server 2012 R2, these will be at
%systemroot%\SYSVOL_DFSR\sysvol\hcggse.frse.co.hennepin.mn.us\Policies\PolicyDefinitions
• Once replication has occurred, you will be able to use these new policies in your Group Policy Management Console. The new policies will be available in all GPOs that you edit.
