How to set LibreOffice macro security to “Very High” by default

English
, , , ,
#1

Hello,

I want to set LibreOffice macro security to “Very High” by default , so it cannot be lowered when the application starts.

I am using Linux (Ubuntu/Debian), LibreOffice version 4:7.4.7-1+deb12u8 amd64 , I am looking for a reliable method to enforce this system-wide, either through configuration or a script.

Thank you.

#2

https://wiki.documentfoundation.org/Deployment_and_Migration#Some_tricks_for_post_deployment_configuration

#3

Thank you for sharing the link. I followed the steps mentioned there, but unfortunately it didn’t work on my Linux system (Debian based).

The macro security level still isn’t fixed to “Very High” — users can change it after starting LibreOffice.

Is there any alternative method or configuration to enforce this setting system-wide and make it non-editable.

#4

Heh. Since you didn’t mention what exactly you did, I can only use my crystal ball, and guess that you missed the “This example disables auto-updates (and prevents user override)” there on the wiki page, showing the effect of oor:finalized. Or if you used that, and it didn’t have effect, then it would be a bug - maybe even already fixed since that old v.7.4.

See also https://wiki.documentfoundation.org/images/b/b0/LibreOffice_config_extension_writing.pdf

#5

Hello,
macros.zip (2.7 KB)

I followed the steps mentioned in the documentation and successfully executed the .oxt configuration extension. After doing this, the macro options such as Run Macro, Organize Macros, and Edit Macros were disabled, and the macro security level was set to Very High when LibreOffice started.

However, the issue is that users can still manually change the macro security level through the GUI (Tools → Options → LibreOffice → Security → Macro Security).

My requirement is to set the macro security level to “Very High” by default and prevent users from changing it.

Could you please guide me on how to make this setting permanent so that end users cannot modify the macro security level.

#6

Your common.xcu is:

<?xml version="1.0" encoding="UTF-8"?>
<oor:component-data oor:name="Common" oor:package="org.openoffice.Office"
  xmlns:oor="http://openoffice.org/2001/registry"
  xmlns:xs="http://www.w3.org/2001/XMLSchema">

  <node oor:name="Security">
    <!-- Disable macro execution (user default) -->
    <node oor:name="Scripting">
      <prop oor:name="DisableMacrosExecution" oor:type="xs:boolean" oor:finalized="false">
        <value>true</value>
      </prop>
    </node>

    <!-- Macro security level must be under MacroSecurity node -->
    <node oor:name="MacroSecurity">
      <!-- use finalized="false" while testing -->
      <prop oor:name="MacroSecurityLevel" oor:type="xs:int" oor:finalized="false">
        <value>3</value>
      </prop>
    </node>
  </node>
</oor:component-data>

And I already mentioned, that what you want is oor:finalized. Please look. You have them false. Did you try the obvious thing, and set them true?

#7

I did, but even after that, the macro security is still not set as default. When I open LibreOffice, it is set to “Very High,” and the user can still change it through the GUI. Only the background has changed to black.
macros (2).zip (2.7 KB)

#8

Heh, one must check every aspect.

I don’t know how people follow guidelines in such a way. The “Deployment and Migration” wiki seems quite clear:

For example the following XML file with .xcd extension can be placed in

%PROGRAMFILES%\LibreOffice\share\registry

and will set macro security level to Medium

<?xml version="1.0"?>
 <oor:data xmlns:xs="http://www.w3.org/2001/XMLSchema"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:oor="http://openoffice.org/2001/registry">
   <dependency file="main" />
   <oor:component-data xmlns:install="http://openoffice.org/2004/installation"
   oor:name="Common" oor:package="org.openoffice.Office">
     <node oor:name="Security">
       <node oor:name="Scripting">
         <prop oor:name="MacroSecurityLevel" oor:op="fuse">
           <value>1</value>
         </prop>
       </node>
     </node>
   </oor:component-data>
 </oor:data>

I do exactly that - use the correct name and the correct structure. Also I take the notice about oor:finalized into account, and add that (with value of true) to the MacroSecurityLevel node in the text. And also, I tweak the wanted level to 3. And guess what?

image
image444×535 26.5 KB

Your common.xcu (why XCU?) - which I blindly copied with only minor tweaks in my reply above, uses completely different structure. No wonder it doesn’t work…

#9

But they documented it:

The problem seems to be the difference between “under” as below in the source-code and “under” in the hierarchical order of the nodes properties…


But I wonder where the sentence originated…

#10

I can “document” whatever I like that way. I didn’t even suspect that someone just picks whatever they want, and put in whatever order they like, before testing the exact examples and seeing the results. I just took the file, made a change that I thought was relevant - thinking it’s otherwise sane … yes, I loose common sense, by trusting users.

Impressum (Legal Info) | Datenschutzerklärung (Privacy Policy)   Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.