O365-AC-000004 - Allowing Trusted Locations on the network must be disabled in Access.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


This policy setting controls whether trusted locations on the network can be used.

If you enable this policy setting, users can specify trusted locations on network shares or in other remote locations that are not under their direct control by selecting the 'Allow Trusted Locations on my network (not recommended)' check box in the Trusted Locations section of the Trust Center. Content, code, and add-ins are allowed to load from trusted locations with minimal security and without prompting the user for permission.

If you disable or do not configure this policy setting, the selected application ignores any network locations listed in the Trusted Locations section of the Trust Center. Disabling this policy setting does not delete any network locations from the Trusted Locations list. Instead, it forces the selected application to treat the locations as non-trusted and prevents users from adding new network locations to the list.

If you also deploy Trusted Locations via Group Policy, you should verify whether any of them are remote locations. If any of them are remote locations and you do not allow remote locations via this policy setting, those policy keys that point to remote locations will be ignored on client computers.

Disabling this policy setting will cause disruption for users who add network locations to the Trusted Locations list. However, it is not recommended to enable this policy setting (as the 'Allow Trusted Locations on my network (not recommended)' check box itself states), so in practice it should be possible to disable this policy setting in most situations without causing significant usability issues for most users.


Set the User Configuration >> Administrative Templates >> Microsoft Access 2016 >> Application Settings >> Security >> Trust Center >> Trusted Locations >> Allow trusted Locations on the network to 'Disabled'.

See Also


Item Details

References: CAT|II, CCI|CCI-001662, Rule-ID|SV-223283r508019_rule, STIG-ID|O365-AC-000004, STIG-Legacy|SV-108743, STIG-Legacy|V-99639, Vuln-ID|V-223283

Plugin: Windows

Control ID: 7b13b5999f91ded7951804880f0e5fe4d22ad2e5de9114aca6563b8401bbc187