Powershell: trusted locations for Office applications

Introduction

In this blog post, we will explore a PowerShell script that remediates trusted locations for Office applications. The script automates the process of creating new trusted locations for Microsoft Word, Excel, and PowerPoint.

Prerequisites

The Script

The script uses a foreach loop to iterate over an array of Office applications. For each application, it creates two new trusted locations in the registry.

$apps = @("Word", "Excel", "Powerpoint")

foreach ($app in $apps) {
    $regpath = "HKCU:\SOFTWARE\Microsoft\Office\16.0\$app\Security\Trusted Locations"

    new-item -Path $regpath -name "Location10" -ItemType Directory  -force -ErrorAction SilentlyContinue
    new-itemproperty -Path "$regpath\Location10" -PropertyType String -Name Description -Value "Allow files from Downloads" -FORCE -ErrorAction SilentlyContinue
    new-itemproperty -Path "$regpath\Location10" -PropertyType String -Name Path -Value "c:\users\$env:username\Downloads" -FORCE -ErrorAction SilentlyContinue
    new-itemproperty -Path "$regpath\Location10" -PropertyType DWORD -Name AllowSubFolders -Value "1" -FORCE -ErrorAction SilentlyContinue

    #C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook
    new-item -Path $regpath -name "Location11" -ItemType Directory  -force -ErrorAction SilentlyContinue
    new-itemproperty -Path "$regpath\Location11" -PropertyType String -Name Description -Value "Allow files from outlook" -FORCE -ErrorAction SilentlyContinue
    new-itemproperty -Path "$regpath\Location11" -PropertyType String -Name Path -Value "C:\Users\$env:username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook" -FORCE -ErrorAction SilentlyContinue
    new-itemproperty -Path "$regpath\Location11" -PropertyType DWORD -Name AllowSubFolders -Value "1" -FORCE -ErrorAction SilentlyContinue
}

How It Works

Creating Trusted Locations

The script creates two trusted locations for each Office application. The first location is used to allow files from the Downloads folder, while the second location is used to allow files from Outlook.

Key Code Snippets

new-item -Path $regpath -name "Location10" -ItemType Directory  -force -ErrorAction SilentlyContinue
new-itemproperty -Path "$regpath\Location10" -PropertyType String -Name Description -Value "Allow files from Downloads" -FORCE -ErrorAction SilentlyContinue
new-itemproperty -Path "$regpath\Location10" -PropertyType String -Name Path -Value "c:\users\$env:username\Downloads" -FORCE -ErrorAction SilentlyContinue
new-itemproperty -Path "$regpath\Location10" -PropertyType DWORD -Name AllowSubFolders -Value "1" -FORCE -ErrorAction SilentlyContinue

#C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook
new-item -Path $regpath -name "Location11" -ItemType Directory  -force -ErrorAction SilentlyContinue
new-itemproperty -Path "$regpath\Location11" -PropertyType String -Name Description -Value "Allow files from outlook" -FORCE -ErrorAction SilentlyContinue
new-itemproperty -Path "$regpath\Location11" -PropertyType String -Name Path -Value "C:\Users\$env:username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook" -FORCE -ErrorAction SilentlyContinue
new-itemproperty -Path "$regpath\Location11" -PropertyType DWORD -Name AllowSubFolders -Value "1" -FORCE -ErrorAction SilentlyContinue

Usage Examples

To use this script, simply copy and paste the code into PowerShell. The script will create two trusted locations for each Office application specified in the $apps array.

Conclusion

This blog post has demonstrated a PowerShell script that remediates trusted locations for Office applications. By automating this process, administrators can save time and improve efficiency when managing their systems.