Allow file extensions for OLE embedding

This policy setting only applies to subscription versions of Office, such as Microsoft 365 Apps for enterprise, and to subscription versions of Project and Visio.​

This policy setting allows you to specify which file extensions Office won't block when they are embedded as an OLE package in an Office file by using the Object Packager control.

By default, Office blocks certain file extensions. For a list of those file extensions, go to

Important: Malicious scripts and executables can be embedded as an OLE package and can cause harm if clicked by the user.

If you enable this policy setting, enter the file extensions to allow, separated by semicolons. For example, exe;vbs;js.

If you disable or don't configure this policy setting, the default set of file extensions will be blocked.

If you want to block additional file extensions, enable the "Block additional file extensions for OLE embedding" policy setting.

Supported on: At least Windows 7

File extensions:

Registry Pathsoftware\policies\microsoft\office\common\security
Value Nameallowedextensions
Value TypeREG_SZ
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)