You set Word’s macro security to Disable all macros without notification in the Trust Center, yet macros inside a .dotm template file still execute when you open the template or create a document from it. This behavior occurs because Word applies different security rules to templates stored in trusted locations, specifically the default Templates folder. This article explains why .dotm macros bypass your global security setting and shows you how to enforce consistent macro blocking across all template files.
Key Takeaways: How .dotm Templates Bypass Macro Disable Settings
- Trusted Locations setting in File > Options > Trust Center > Trust Center Settings > Trusted Locations: Any .dotm file inside a folder listed as a trusted location runs macros without restriction, ignoring the global macro disable policy.
- Default Templates folder path %AppData%\Microsoft\Templates: Word automatically marks this folder as a trusted location, so a .dotm placed here always executes macros even when Disable all macros is active.
- Remove the trusted location or move the .dotm file outside it: Either delete the folder from the Trusted Locations list or store your .dotm file in a non-trusted folder to enforce the macro disable setting.
Why Word Allows .dotm Macros When Macro Disable Is Active
Word’s macro security operates on a two-tier system. The first tier is the global macro setting found in File > Options > Trust Center > Trust Center Settings > Macro Settings. When you select Disable all macros without notification, Word suppresses macros in all .docm, .dotm, and .pptm files — unless the file resides in a trusted location.
The second tier is the Trusted Locations list. Any folder added to this list tells Word that files inside it are safe. Macros in files from a trusted location run without being checked against the global macro setting. By default, Word adds the following folders to the trusted location list:
- %AppData%\Microsoft\Templates (the user’s personal Templates folder)
- %ProgramFiles%\Microsoft Office\Templates (the shared Templates folder)
- %ProgramFiles%\Microsoft Office\root\Templates (for Click-to-Run installations)
A .dotm file placed in any of these folders will have its macros executed regardless of your macro disable setting. This is by design — Word assumes that templates you or your administrator placed in these folders are trusted. The same behavior applies to add-ins (.dotm, .dotx, .wll) stored in the Startup folder, which is also a trusted location.
A second common cause is signed macros. If a .dotm template contains a macro signed by a trusted publisher whose certificate is installed in the Trusted Publishers store, Word runs that macro even with Disable all macros without notification selected. The Trusted Publishers list overrides the macro disable setting.
Steps to Stop .dotm Template Macros From Running
Use one of the following methods to block .dotm macros from executing. Each method targets a different root cause: trusted locations, signed macros, or the template’s storage path.
Method 1: Remove the Templates Folder From Trusted Locations
- Open the Trust Center
In Word, go to File > Options > Trust Center. Click the Trust Center Settings button. - Open the Trusted Locations page
In the left pane, select Trusted Locations. The right pane shows all folders Word trusts. - Locate the Templates folder entry
Look for a row where the Path column ends with \Microsoft\Templates. This is the default user Templates folder. Select that row. - Remove the trusted location
Click the Remove button. Confirm the removal when prompted. - Restart Word
Close and reopen Word for the change to take effect. Any .dotm file stored in the removed location will now have its macros blocked by the global disable setting.
Method 2: Move the .dotm File Out of the Templates Folder
If you cannot remove the Templates folder from trusted locations — for example, because group policy enforces it — move the .dotm file to a non-trusted folder such as Documents or Desktop. When you open the .dotm from that location, Word applies the global macro disable setting and blocks the macros.
Method 3: Disable Trusted Publishers for Signed Macros
- Open the Trust Center
Go to File > Options > Trust Center > Trust Center Settings. - Select Trusted Publishers
In the left pane, click Trusted Publishers. The right pane lists all publishers whose certificates are trusted. - Remove the publisher
Select the publisher that signed the .dotm template and click Remove. Confirm the removal. - Disable the Trusted Publishers check
On the Macro Settings page, clear the check box labeled Trust access to the VBA project object model. This prevents signed macros from running even if the publisher certificate remains installed.
Method 4: Enable Protected View for Templates
- Open Protected View settings
Go to File > Options > Trust Center > Trust Center Settings > Protected View. - Enable Protected View for files from the Internet
Check the box Enable Protected View for files originating from the Internet. This applies to .dotm files downloaded from email or web. - Enable Protected View for unsafe locations
Check the box Enable Protected View for files located in potentially unsafe locations. This blocks macros in .dotm files stored in folders that Word considers risky, such as the Temporary Internet Files folder.
If .dotm Macros Still Run After Applying These Changes
Group Policy Overrides Your Trust Center Settings
In a corporate environment, your IT administrator may deploy Group Policy settings that force Word to trust specific folders or publishers. To check for group policy restrictions, open the Registry Editor and navigate to HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Word\Security. If keys such as TrustedLocations or VBAWarnings exist, your settings are managed by policy and cannot be changed locally.
Add-In Load Paths Are Also Trusted
Word treats the Startup folder as a trusted location. If your .dotm file is stored in the Word Startup folder, its macros run regardless of your macro setting. To find the Startup folder path, go to File > Options > Advanced. Scroll to the General section and note the path shown next to File Locations > Startup. Remove the .dotm from that folder or remove the Startup folder from the Trusted Locations list.
Macros Are Embedded in a .dotx File
A .dotx file cannot contain macros by definition. However, if a .dotx file references a .dotm file with macros, the macros run when you create a document from the .dotx. Check whether your template is actually a .dotx that depends on a separate .dotm. In that case, block or remove the referenced .dotm file.
| Item | Disable All Macros Without Notification | Disable All Macros With Notification |
|---|---|---|
| Macros in .docm from non-trusted folder | Blocked | Blocked; notification shown |
| Macros in .dotm from trusted Templates folder | Allowed | Allowed |
| Macros in .dotm from non-trusted folder | Blocked | Blocked; notification shown |
| Macros signed by trusted publisher | Allowed | Allowed |
| Macros in .dotm from Internet zone | Blocked (Protected View) | Blocked (Protected View) |
You can now identify why .dotm macros bypass your macro disable setting and apply one of the four methods to stop them. Start by checking whether the template file resides in the default Templates folder or in another trusted location. If the file must stay in a trusted folder, use the Trusted Publishers removal method to block signed macros. For full control over macro execution, remove the Templates folder from the Trusted Locations list entirely.