Don't ask permission before updating IncludePicture and IncludeText fields in Word

This policy setting allows you to control whether Word prompts the user with a security message before updating IncludePicture and IncludeText fields in the document.

By default, the user is prompted with a security message before those fields are updated. But, the prompt might effect automated workflows that merge Word documents.

Important: Fields that contain IncludePicture and IncludeText references can be used for data exfiltration or phishing exploits. A field containing these references can be modified to point to external websites for content. If credentials are required for accessing the picture or text, the process of updating the field will request a sign-in from the user. While this is a legitimate scenario for trusted sources, it is vulnerable to phishing if the document is not from a trusted source.

If you enable this policy setting, the user won't be prompted with a security message before those fields are updated. Enabling this policy setting is not recommended because of the possible security implications.

If you disable or don't configure this policy setting, the user will be prompted with a security message before those fields are updated.

Supported on: At least Windows 7

Registry HiveHKEY_CURRENT_USER
Registry Pathsoftware\policies\microsoft\office\16.0\word\security
Value Namedisablewarningonincludefieldsupdate
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

word16.admx

Administrative Templates (Computers)

Administrative Templates (Users)