Open XLSM Without Enabling Macros
Safe Access to Data & Formulas
You received an XLSM file and you're not sure whether to enable macros. Maybe it's from an external sender. Maybe you just want to read the data without triggering anything. Either way — you don't have to choose between access and safety.
Excel opens XLSM files with macros disabled by default. You can read every cell, export the data, and even audit the VBA code before deciding whether to enable anything. Here's how.
What Happens When You Open XLSM Without Enabling Macros
When Excel opens an XLSM file with macros disabled:
- All cell data, values, and text are fully readable
- All formulas are present and calculated (except custom VBA functions — these show
#NAME?) - All charts, tables, and formatting display correctly
- Buttons and form controls are visible but clicking them does nothing
- Event handlers (Workbook_Open, Worksheet_Change) do not fire
- Auto_Open macros do not run
The macros remain inside the file — they're just dormant. Nothing executes. No network connections. No file writes. No registry changes.
Method 1 — Open in Excel (Default Behaviour)
Excel's default security settings handle this automatically:
- Double-click the XLSM file to open in Excel
- If from the internet, a yellow Protected View bar appears — click Enable Editing only if needed to read the data (this still doesn't enable macros)
- A second yellow bar: "Macros have been disabled" — this is normal; just dismiss it
- Read the file normally. Macros will NOT run.
Method 2 — Open Read-Only (Prevents Accidental Saves)
If you want to ensure you can't accidentally save the file (and trigger a macro-state save event):
- File → Open → Browse
- Select the file, click the dropdown arrow next to Open
- Select Open as Read-Only
Or hold Shift while double-clicking the file — this bypasses Auto_Open macros entirely and opens in a state where Workbook_Open events are suppressed.
Method 3 — Read Data Without Excel (Python)
If you need to extract data programmatically without Excel at all, openpyxl reads XLSM files and completely ignores all VBA:
# pip install openpyxl
import openpyxl
# keep_vba=True preserves the file structure if you re-save
# keep_vba=False (default) strips VBA on save — useful for creating clean XLSX
wb = openpyxl.load_workbook('report.xlsm', keep_vba=False)
for sheet_name in wb.sheetnames:
ws = wb[sheet_name]
print(f"\n=== {sheet_name} ===")
for row in ws.iter_rows(values_only=True):
if any(cell is not None for cell in row):
print(row)This extracts all data values. Note that formulas will return their cached values (the last calculated result stored in the file), not recalculate live.
Method 4 — Audit the VBA Code Before Deciding
Not sure whether to enable macros? Read the code first. Two approaches:
Option A — Excel VBA Editor (no macros run)
- Open the XLSM file (macros disabled)
- Press Alt + F11 to open the VBA Editor
- Browse all modules in the Project Explorer
- Read each module's code — you can see exactly what it does before enabling anything
Option B — Automated audit with oletools (command line)
# pip install oletools
# Run from terminal — no Excel required
olevba report.xlsm
# Output includes:
# - All VBA source code
# - Suspicious keywords (Shell, CreateObject, WScript, etc.)
# - Auto-execute triggers (Auto_Open, Workbook_Open)
# - Obfuscation indicatorsOletools flags known suspicious patterns like Shell(), CreateObject("WScript.Shell"), network requests, and obfuscated strings — a 30-second audit that tells you whether a macro is dangerous before you run it.
Shell, CreateObject, Environ, GetObject, WScript, hardcoded URLs, or long strings of encoded characters. These are common in malware — not automatically malicious, but worth scrutiny.
Comparing Your Access Options
| Method | Requires Excel | Macros run? | See all data? | Best for |
|---|---|---|---|---|
| Open normally (macros disabled) | Yes | No | Yes | Quick data review |
| Open as Read-Only | Yes | No | Yes | Safe browsing without save risk |
| Open in Protected View | Yes | No | Yes (view only) | Untrusted internet files |
| openpyxl (Python) | No | No | Yes (cached values) | Automated data extraction |
| Google Sheets import | No | No | Yes (formulas may break) | Quick cloud view |
| Macro Inspector tool | No | No | Macro list only | See what macros exist |
When You Need to Enable Macros Safely
If you do need the macros to run, here's the safe sequence:
- Read all the VBA code first (Alt+F11 or oletools)
- If satisfied it's safe: close and reopen from a Trusted Location (File → Options → Trust Center → Trusted Locations)
- Files opened from Trusted Locations have macros enabled without the yellow bar prompt
- Alternatively: right-click the file → Properties → Unblock (removes internet zone mark, so macros run normally)
Opening XLSM Files in Google Sheets
Google Sheets can open XLSM files but completely ignores all VBA:
- Upload the .xlsm file to Google Drive
- Right-click → Open with Google Sheets
- All data, formulas, and formatting import correctly
- VBA macros are ignored entirely — no execution, no errors
- Custom VBA functions will show formula errors (the formulas are there but can't execute)
This is the fastest zero-risk way to view XLSM data when you don't have Excel available.
Need to convert an XLSM safely?
MacroKit gives you the complete workflow for converting macro-enabled Excel files — with full macro archiving, safe export scripts, and validation checklists.
Get MacroKit — $9Or check what macros are in a file: Free Macro Inspector →