Today I’ll show you how to disable the protected view when opening Office 2016 files on a local network share using Group Policy.
If you happen to have a network share connected via its IP Address instead of its FQDN, you probably will run into the issue that Office 2016 will see that network path as untrusted. To work around this, we can create a GPO that disables this protected view.
I’ll walk you through each step.
For this example, we will use Windows Server 2016.
Table of Contents
- Step 1 – Downloading Office 2016 admx templates
- Step 2 – Installing the templates
- Step 3 – Creating the GPO
Step 1 – Downloading Office 2016 admx templates
First, we need to download and install the Office 2016 admx templates.
Head here and download the templates in either 64bit or 32bit version, according to your system. (Most likely it will be 64bit)
Double-click the installer and extract them in any folder you like. You will end up with this:
Step 2 – Installing the templates
Now we have to copy those templates in the correct location. Copy all the .admx files within the admx folder.
Now navigate to your local Policy store C:\Windows\PolicyDefinitions and paste the .admx files in here.
Back to the folder where you extracted the files, now open the language folder that suits your system, for me it’s en-us, and copy all of the .adml files.
And paste them into the folder with the same name within your PolicyDefinitions folder. (C:\Windows\PolicyDefinitions\en-US
) Alright, now we got the templates installed, time to create the GPO.
Step 3 – Creating the GPO
Open your Group Policy Management Console and create a new GPO. Edit the GPO.
Now, if you installed the templates correctly, you should see your Office 2016 Administrative Templates under: User Configuration -> Policies -> Administrative Templates like below:
Now Navigate to Microsoft Excel 2016 -> Excel Options -> Security -> Trust Center -> Protected View.
Here you want to Enable the “Do not open files from the Internet zone in Protected View.
Now you need to repeat this step for all the other Office Applications you want it to apply to, like Word and PowerPoint. After doing this, your files will no longer be opened in protected view. The good thing is, there is a separate option for Outlook files. So while the files on your network share are no longer opened in protected view, files opened from within Outlook still will be, which is desired.
The location you listed for the Policy Definitions files is incorrect in a domain environment. They should be dropped into the DFS share for Policy Definitions for the domain. i.e.: \\domain.local\SYSVOL\domain.local\Policies\PolicyDefinitions.
This is only if using a central store in Group Policy management, his location is correct.