Modifica dell'ufficio locale dal client Web: host approvati dal Centro protezione

Allowing Forms Based Authentication

Quando gli utenti aprono documenti di Office in Ufficio locale dal client Web, gli utenti con versioni nuove/aggiornate di Microsoft Office installate localmente potrebbero ricevere un avviso sull'apertura di documenti da fonti online che fanno riferimento al Centro protezione.

It only applies to Local Office when opening from the Web Client. Clients opening in Local Office via the map drive, or Office 365 via the Web Client are unimpacted.

This is not an issue in the MyWorkDrive software; Microsoft introduced a change in Office to prompt for approval for 3rd party data sources starting in 2020, which has slowly been released to Office versions via updates. You can read more in detail here:

autenticazione basata su moduli nelle app di Office

Il processo che l'utente dovrà completare è aprire il centro protezione e scegliere l'opzione di richiesta e autorizzazione per ciascun host.

La prossima volta che l'utente apre un documento, gli verrà richiesto di aggiungere il tuo server MyWorkDrive come posizione approvata

Quindi riceveranno la richiesta di accesso normale/prevista per procedere alla modifica.

Questo è un processo che si effettua una sola volta; una volta che il server è attendibile, l'utente otterrà l'accesso solo allo scadere della sessione.

Potresti essere in grado di inviare origini approvate tramite criteri di gruppo per le macchine aggiunte al dominio o tramite MDM per i dispositivi gestiti.

 

Setting paths as trusted locations

By setting a drive letter or path as a trusted location, you avoid the warning that a file has opened read only and editing must be enabled.

This can be done manually using the instructions noted above on a device by device basis, or you can use a GPO in Group Policy to push an update to domain joined devices.

 

Start by downloading the Group Policy templates for office from Microsoft.
https://www.microsoft.com/en-us/download/details.aspx?id=49030

After downloading them, run the executable and choose a location to store the files.

Transfer those files to the domain controller.

Connect to the domain controller, browse to the group policy template files, and move all those files to C:\Windows\PolicyDefinitions on the domain controller.

You may wish to select/copy only select files from the archive.

 

Next, open group policy management and create a new policy and link it to the desired OU.

Edit the new policy, then browse to:
User Configuration > Policies > Administrative Templates > Microsoft Word 2016 > Word Options > Security > Trust Center > and select Trusted Locations.
(note that you will have to set this policy for each office application)

In the right pane, you will see several options. The option we are interested in is “Allow Trusted Locations on the network.” Double-click that option and choose “enable.”

 

 

Next, add your network locations under trusted location and ensure “Allow sub folders:” is enabled and select Apply/OK. The drive letter will be the letter or letters you are are using for MyWorkDrive shares. If you are not specifying a drive letter on the server, the client default is typically W:, but can be changed client side.

 

 

Repeat this process for the rest of your Office applications by choosing the appropriate template.

After you have done this for all your applications, close the Group Policy Management Editor and ensure your new group policy is enabled.

The next time your users get group policy, your MyWorkDrive paths should be trusted and office documents will no longer be opened in protected view by default.