Export (0) Print
Expand All
0 out of 3 rated this helpful - Rate this topic

Plan block file format settings in the 2007 Office system

Updated: February 12, 2009

Applies To: Office Resource Kit

Updated: 2009-02-12

Block file format settings prevent users from opening or saving specific file types and file formats in Microsoft Office Excel 2007, Microsoft Office PowerPoint 2007, and Microsoft Office Word 2007. The only block file format setting that is configured by default is the Block opening of files before version setting. This setting prevents users from opening Office Word 2007 files that have been saved in a format that is earlier than the Word 6.0 format. Files that have been saved using a beta version of Word 6.0 are considered to be earlier than the Word 6.0 format and cannot be opened by default. You can use block file format settings to help:

  • Enforce file type and file format requirements in your organization.

  • Manage file usage during and after a migration.

  • Mitigate security threats that target specific file types and formats.

There are two types of block file format settings: block open settings and block save settings. Block open settings prevent users from opening various file types and formats; block save settings prevent users from saving files in various file types and formats.

The following table lists file types and file formats that are blocked by each block open setting. The file name extensions that are listed are not a complete list of the file types and formats that are blocked by a specific setting. The table lists file name extensions for the most common examples of the file types and formats that are blocked.

Setting name File types blocked in Office Excel 2007 File types blocked in Office PowerPoint 2007 File types blocked in Office Word 2007

Block opening of pre-release versions of the file formats that are new to Office 2007

.xlsb

.xlsx

.xlsm

.xltx

.xltm

.xlam

.pptx

.pptm

.potx

.potm

.ppsx

.ppsm

.docx

.docm

.dotx

.dotm

Block opening of Open XML file types

.xlsx

.xlsx

.xlsm

.xltx

.xltm

.xlam

.pptx

.pptm

.potx

.potm

.ppsx

.ppsm

.ppam

.thmx

.xml

.docx

.dotx

.docm

.dotm

.xml

Block opening of Binary 12 file types

.xlsb

N/A

N/A

Block opening of Binary file types

.xls

.xla

.xlt

.xlm

.xlw

.xlb

.ppt

.pot

.pps

.ppa

.doc

.dot

Block opening of HTML and XMLSS file types

.mht

.mhtml

.htm

.html

.xml

.xmlss

N/A

N/A

Block opening of HTML file types

N/A

.htm

.html

.mht

.mhtml

.htm

.html

.mht

.mhtml

Block opening of Outlines

N/A

.rtf

.txt

.doc

.wpd

.docx

.docm

.wps

N/A

Block opening of Converters

N/A

.ppt

.pot

.pps

.ppa

N/A

Block open Converters

N/A

N/A

Prevents converters from opening all document types and formats.

Block opening of Word 2003 XML file types

N/A

N/A

.xml

Block opening of RTF file types

N/A

N/A

.rtf

Block opening of XML file types

.xml

N/A

N/A

Block opening of DIF and SYLK file types

.dif

.slk

N/A

N/A

Block opening of Text file types

.txt

.csv

.prn

N/A

.txt

Block opening of XLL file type

.xll

N/A

N/A

Block opening of Internal file types

N/A

N/A

Prevents opening of Word files that have been saved in pre-release (beta) binary formats, including Word 2003 and earlier.

Block opening of files before version

N/A

N/A

Prevents opening of files with formats earlier than a specified version of Word.

For a detailed description of each block open setting, see "Block file format settings" in Security policies and settings in the 2007 Office system.

The following table lists the file types and file formats that are blocked for each block save setting. The file name extensions listed are not a complete list of the file types and formats that are blocked by a specific setting. The table lists file name extensions for the most common examples of the file types and formats that are blocked.

Setting name File types blocked in Office Excel 2007 File types blocked in Office PowerPoint 2007 File types blocked in Office Word 2007

Block saving of Open XML file types

.xlsx

.xlsm

.xltx

.xltm

.xlam

.pptx

.pptm

.potx

.potm

.ppsx

.ppsm

.ppam

.thmx

.xml

.docx

.dotx

.docm

.dotm

.xml

Block saving of Binary 12 file types

.xlsb

N/A

N/A

Block saving of Binary file types

.xls

.xla

.xlt

.xlm

.xlw

.xlb

.ppt

.pot

.pps

.ppa

.doc

.dot

Block saving of HTML and XMLSS file types

.mht

.mhtml

.htm

.html

.xml

.xmlss

N/A

N/A

Block saving of HTML file types

N/A

.htm

.html

.mht

.mhtml

.htm

.html

.mht

.mhtml

Block saving of outlines

N/A

.rtf

.txt

.doc

.wpd

.docx

.docm

.wps

N/A

Block saving of converters

N/A

N/A

Prevents converters from saving all file types and formats.

Block saving of GraphicFilters

N/A

.jpg

.png

.tif

.bmp

.wmf

.emf

N/A

Block saving of Word 2003 XML file types

N/A

N/A

.xml

Block saving of RTF file types

N/A

N/A

.rtf

Block saving of XML file types

.xml

N/A

N/A

Block saving of DIF and SYLK file types

.dif

.slk

N/A

N/A

Block saving of Text file types

.txt

.csv

.prn

N/A

.txt

For a detailed description of each block save setting, see Security policies and settings in the 2007 Office system.

When a user attempts to open a file type or file format that is blocked, the block file format mechanism evaluates the file at the parser level (when the file is loading), which provides a more thorough determination of file type and format than simple file-name extension checking. Because of this, changing the file name extension on a file will not affect the blocking mechanism. For example, if a file is saved in the Word 2003 binary format with a .doc extension, and you rename the file so that the extension is .rtf, any setting that blocks the opening of Word 2003 binary files will prevent users from opening the file even though it has an .rtf extension.

When a user attempts to save a file by using a file type or file format that is blocked, an error message appears. The error message explains that you are attempting to save a file that has been blocked by a system administrator. The error message also provides a link to the following Microsoft Knowledge Base article: You receive an error message when you try to open or save a file in one of the 2007 Office programs or in one of the Office 2003 programs (http://go.microsoft.com/fwlink/?LinkId=79656&clcid=0x409).

Keep the following overall considerations in mind as you plan your block file format settings. These considerations apply any time you use block file format settings.

  • You can configure block file format settings only for Office Excel 2007, Office PowerPoint 2007, and Office Word 2007 files.

  • Block save settings can be configured only through Group Policy. You cannot use the Office Customization Tool (OCT) to configure block save settings.

  • Most block open settings can be configured only through Group Policy. There is one block open setting that can be configured by using the OCT.

  • Block open settings do not apply to files that are opened from trusted locations.

  • Block file format settings are application-specific. You cannot prevent users from using other applications to open or save file types or formats that are blocked. For example, you can enable block file format settings that prevent users from opening .dot files in Office Word 2007, but users will still be able to open .dot files with Microsoft Office Publisher 2007, which uses a converter to read the .dot file.

  • Disabling notifications in the Message Bar has no effect on block file format settings. The block file format warning dialog box appears before any notification appears in the Message Bar.

Although you can use block file format settings to manage file usage in many scenarios, these settings are most commonly used to:

  • Force an organization to use the new file formats that are included in the 2007 Office system.

  • Mitigate zero-day security attacks by temporarily preventing users from opening specific types of files.

  • Prevent an organization from opening files that have been saved in earlier Office Word formats.

  • Prevent an organization from using pre-release (that is, beta) file formats.

Force an organization to use the new 2007 Office file format

The 2007 Office system introduces new file formats called Office Open XML Formats. Office Open XML Formats enhance functionality, security, and programmability, and are recommended for files that are created with the 2007 Office system.

To enforce Office Open XML Formats throughout your organization, use the settings that are listed in the following table.

Setting name Recommended configuration Description

Block saving of Binary file types

Select this option: Enabled

By default, this setting is disabled and does not prevent users from saving binary format files. Selecting this option prevents users from saving files in the binary formats that are used by earlier versions of the Office system. This setting must be configured for Office Excel 2007, Office PowerPoint 2007, and Office Word 2007, unless you do not want to enforce the new file format across all applications.

Block saving of Open XML file types

Select this option: Disabled

By default, users are allowed to save Office Open XML Formats files and you do not need to select this option to enforce the use of the new file format. However, selecting this option is a recommended best practice if you want to help ensure that users save files in the new file formats. This option must be selected for Office Excel 2007, Office PowerPoint 2007, and Office Word 2007, unless you do not want to enforce the new file format across all applications.

Block opening of Open XML file types

Select this option: Disabled

By default, users are allowed to open Office Open XML Formats files and you do not need to select this option to enforce the use of the new file types. However, selecting this option is a recommended best practice if you want to help ensure that users open files that are saved in the new file types. This option must be selected for Office Excel 2007, Office PowerPoint 2007, and Office Word 2007, unless you do not want to enforce the new file format across all applications.

The settings listed in the previous table do not restrict users from saving or opening files in text formats, such as .txt, .rtf, .csv, or .xml. To prevent users from opening or saving files in these formats, configure the block open and block save settings that are listed in the following table.

Configure this block open or block save setting To this state For these applications

Block opening of HTML and XMLSS file types

Enabled

Office Excel 2007

Block opening of HTML file types

Enabled

Office PowerPoint 2007, and Office Word 2007

Block opening of Word 2003 XML file types

Enabled

Office Word 2007

Block opening of RTF file types

Enabled

Office Word 2007

Block opening of XML file types

Enabled

Office Excel 2007

Block opening of DIF and SYLK file types

Enabled

Office Excel 2007

Block opening of Text file types

Enabled

Office Excel 2007

Block opening of XLL file type

Enabled

Office Excel 2007 and Office Word 2007

Block saving of HTML and XMLSS file types

Enabled

Office Excel 2007

Block saving of HTML file types

Enabled

Office PowerPoint 2007, and Office Word 2007

Block saving of Word 2003 XML file types

Enabled

Office Word 2007

Block saving of RTF file types

Enabled

Office Word 2007

Block saving of XML file types

Enabled

Office Excel 2007

Block saving of DIF and SYLK file types

Enabled

Office Excel 2007

Block saving of Text file types

Enabled

Office Excel 2007 and Office Word 2007

Be sure to record each of your settings in your security planning documents. You will need to know the name of the setting and the configuration state to configure block file format settings with the OCT or with Group Policy.

For more information about Office Open XML Formats, see FAQ: File format.

Mitigating zero-day attacks

You can mitigate zero-day attacks by preventing users from opening specific file types or file formats that can exploit a security vulnerability. Zero-day attacks are so named because they exploit security vulnerabilities between the time that a security vulnerability becomes publicly known and the time that you implement a software update to mitigate the potential threat. Software updates for security vulnerabilities are typically distributed in security bulletins or service packs.

Use the following steps to mitigate zero-day attacks.

Mitigate zero-day attacks

  1. Identify the file type or file format that is posing a risk. This is usually discussed in the security bulletin or the service pack documentation that provides a software update for the security vulnerability.

  2. Evaluate the block open and block save settings to determine whether there is a setting that prevents users from opening and saving the high-risk file type or file format.

  3. Enable both the block open and the block save settings for the file type or format that is posing a risk.

  4. Configure the block open and block save settings to Disabled or Not Configured after you deploy a software update for the security vulnerability.

  5. Record your settings in your security planning documents or your security operations documents. Be sure to identify settings that you must configure before you deploy the software update and after you deploy the software update.

Preventing an organization from opening files that have been saved in earlier Word formats

To prevent users from opening files that have been saved in earlier Word formats, you must enable the Block opening of files before version setting. When this setting is enabled, you can specify the earliest Word format that users are allowed to open. For example, if you configure this setting for Word 95 RTM (release to manufacturing), users are not allowed to open files that are saved in Word 95 beta format or earlier Word formats. By default, this setting is enabled and configured for Word 6.0.

The following table lists the 24 versions of Word that you can specify by using the Block opening of files before version setting.

Setting (as it appears in the graphical user interface) Description

Word 1.x for Windows

Prevents the opening of all Word formats that are earlier than the specified version.

Word 4.x for Macintosh

Prevents the opening of all Word formats that are earlier than the specified version.

Word 1.2 for Windows Japan

Prevents the opening of all Word formats that are earlier than the specified version.

Word 1.2 for Windows Korea

Prevents the opening of all Word formats that are earlier than the specified version.

Word 5.x for Macintosh

Prevents the opening of all Word formats that are earlier than the specified version.

Word 1.2 for Windows Taiwan

Prevents the opening of all Word formats that are earlier than the specified version.

Word 2.x for Windows

Prevents the opening of all Word formats that are earlier than the specified version.

Word 2.x for Windows BiDi

Prevents the opening of all Word formats that are earlier than the specified version.

Word 2.x for Windows Japan

Prevents the opening of all Word formats that are earlier than the specified version.

Word 2.x for Windows Korea

Prevents the opening of all Word formats that are earlier than the specified version.

Word 2.x for Windows Taiwan

Prevents the opening of all Word formats that are earlier than the specified version.

Word 6.0 for Windows

Prevents the opening of all Word formats that are earlier than the Word 6.0 format. This is the default setting.

Word 6.0 for Macintosh

Prevents the opening of all Word formats that are earlier than the specified version.

Word 95 RTM

Prevents the opening of all Word formats that are earlier than the Word 95 final (public) release format.

Word 95 Beta

Prevents the opening of all Word formats that are earlier than the Word 95 pre-release (beta) format.

Word 97 for Windows

Prevents the opening of all Word formats that are earlier than the specified version.

Word 98 for Macintosh

Prevents the opening of all Word formats that are earlier than the specified version.

Word 2001 for Macintosh

Prevents the opening of all Word formats that are earlier than the specified version.

Word X for Macintosh

Prevents the opening of all Word formats that are earlier than the specified version.

Word 9 for Windows

Prevents the opening of all Word formats that are earlier than the specified version.

Word 10 for Windows

Prevents the opening of all Word formats that are earlier than the Word XP format.

Word 11 for Windows

Prevents the opening of all Word formats that are earlier than the Word 2003 format.

Word 2004 for Macintosh

Prevents the opening of all Word formats that are earlier than the specified version.

Word 11 saved by Word 12

Prevents the opening of all Word formats that are earlier than the Word 2003 format saved by Office Word 2007.

Be sure to record your settings in your security planning documents. You will need to know the setting name, configuration state, and the version of Word as it appears in the graphical user interface to configure block file format settings with the OCT or with Group Policy.

Preventing an organization from using pre-release (beta) file formats

To prevent an organization from using pre-release (beta) file formats, use the settings that are listed in the following table.

Setting name Recommended configuration Description

Block opening of pre-release versions of the file formats that are new to Office 2007

Select this option: Enabled

By default, users are allowed to open pre-release (beta) versions of Office Open XML Formats files. Selecting this option prevents users from opening Office Open XML Formats files if the files have been saved by using a pre-release (beta) version of the 2007 Office system. This setting must be configured for Office Excel 2007, Office PowerPoint 2007, and Office Word 2007.

Block opening of Internal file types

Select this option: Enabled

By default, users are allowed to open pre-release (beta) Word binary file types. Selecting this option prevents users from opening Word files if the files have been saved in pre-release (beta) binary formats. This includes all pre-release binary formats of Word 2003 and all earlier Word versions. You can configure this setting only for Office Word 2007.

You cannot prevent users from opening binary format files if the files have been saved by using pre-release versions of Office Excel 2007 and Office PowerPoint 2007. However, you can use the Block opening of Binary file types setting to prevent users from opening all files that have been saved in a binary format.

Be sure to record all of your settings in your security planning documents. You will need to know the setting name and configuration state to configure block file format settings with the Office Customization Tool (OCT) or with Group Policy.

Download this book

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Downloadable content for the 2007 Office Resource Kit.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.