.png)
Office Registry Settings
Updated: March 29, 2013
Applies To: Windows Server 2008, Windows Server 2008 R2
The Microsoft Office registry keys can be set to perform several different functions. This allows you to set the path to the AD RMS templates, disable IRM functionality for Office programs, enforce online connection to view a protected document, disable Windows Live ID-based certification, and so on.
The registry entries provided are valid for the Microsoft Office 2010, Office 2007, and Office 2003 suites, although the location of the entries is different. Use the following branch depending on your version.
For Microsoft Office 2003: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\DRM
For Microsoft Office 2007: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM
For Microsoft Office 2010: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM
For 32-bit editions of Office running on 64-bit versions of Microsoft Windows: HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Office\<version>\Common\DRM.
The most frequently used registry overrides are in the following list:
DRMEncryptProperty: Specify whether to encrypt all metadata stored inside a rights-managed file. This is only available in Office 2007.
HKCU\Software\Microsoft\Office\12.0\Common\Security
REG_DWORD: DRMEncryptProperty
Value: 1 = The file metadata is encrypted.
0 = The metadata is stored in clear text. The default value is 0.
AutoExpandDLsEnable : Expand groups in Office when restricting permissions for documents.
HKCU\Software\Microsoft\Office\12.0\Common\DRM\AutoExpandDLs
REG_DWORD: AutoExpandDLsEnable
Value: 0 = Do not expand distribution lists in Permissions dialog
1 = Expand distribution lists in Permissions dialog
LicenseServerRedirection: Redirect to different servers for IRM licensing. Used in the case where Trusted Publishing Domains are used so an AD RMS cluster issues use licenses against publishing licenses issued by another cluster.
HKCU\Software\Microsoft\Office\12.0\Common\DRM\LicenseServerRedirection
REG_SZ: http://url.to.old.licensing.server/_wmcs/licensing
Value: http://url.to.new.licensing.server/_wmcs/licensing
LicenseServers: Preset/reset dialog for acquiring license. This key contains DWORD values. The name of each DWORD should be set to a server URL. If the value of the DWORD is 1, then Office will not prompt the user when it is required to acquire a license. If the value is zero or there is no registry entry for that server, Office will prompt for a license. The dialog box has an option to disable the prompt, which sets this registry entry for the server.
HKCU\Software\Microsoft\Office\12.0\Common\DRM\LicenseServers
REG_DWORD: http://url.to.licensing.server/_wmcs/licensing
Value: 0 = Prompt the user each time Office has to acquire a license
1 = Do not prompt the user each time Office has to acquire a license
|
Name of Registry Entry |
Type |
Values of Registry Entry |
Descriptions |
||
|
AdminTemplatePath |
REG_EXPAND_SZ |
<path of your AD RMS template> (%LocalAppData%\Microsoft\DRM\Templates typically) |
This registry defines the path of the AD RMS template folder. Typically changed to provide access to a local folder where the templates are deployed. |
||
|
Disable |
REG_DWORD |
0 = No functionality affected by this registry key 1 = All IRM functionality is removed; IRM is disabled |
Disable Information Rights Management User Interface. |
||
|
DisableCreation |
REG_DWORD |
1 (or non-zero) = A Professional, Professional Plus, Enterprise or Ultimate install behaves just like a Standard install for IRM. Users cannot create IRM content or modify the rights on a doc, but they can consume previously created content. 0 = IRM content creation is enabled when it is included in the product SKU |
Prevent users from assigning or changing permissions on documents. Only available in Office 2007. |
||
|
IncludeHTML |
REG_DWORD |
1 = Include HTML stream 0 = Do not include HTML stream |
Allow documents protected by this client to be accessed by users who have no Office software or earlier versions of Microsoft Office inside Internet Explorer. |
||
|
DownlevelText |
REG_SZ |
The text that appears in the wrapper e-mail. The default text is: If you are not running an e-mail application that supports messages with restricted permission, such as Microsoft Office Outlook 2003 or 2007, you can view this message by downloading the Rights Management Add-on for Microsoft Internet Explorer from http://r.office.microsoft.com/r/rlidRestrictedPermissionViewer?clid=1033. The CLID in the hyperlink is localized to the default language of the sender.
|
Message displayed to users who cannot view a rights-managed e-mail message. Typically used to give users an alternative location for downloading the RMA Add-On or the RMS client. |
||
|
DownlevelTemplatePath |
REG_SZ |
The path of a directory that stores templates. Templates are Office document templates. |
URL for location of document templates displayed when applications do not recognize rights-managed documents. |
||
|
CorpCertificationServer |
REG_SZ |
http://url.to.rms/_wmcs/Certification |
Typically Active Directory is used to specify the RMS Certification server that is used for bootstrapping. This setting lets you override the location of the AD RMS cluster specified in Active Directory for certification. Can be used when autodiscovery is not available, such as when users do not work inside a LAN with connectivity to Active Directory. If present, takes precedence over the settings under MSDRM registry branch for Office applications. |
||
|
CorpLicenseServer |
REG_SZ |
http://url.to.rms/_wmcs/Licensing |
Typically Active Directory is used to specify the RMS Licensing server that is used for issuing use licenses. This setting lets you override the location of the AD RMS cluster specified in Active Directory for publishing (for protecting content). Can be used when autodiscovery is not available, such as when users do not work inside a LAN with connectivity to Active Directory or when using with Licensing-only servers for particular groups of users. If present, takes precedence over the settings under MSDRM registry branch for Office applications. |
||
|
DisablePassportCertification |
REG_DWORD |
0 = Maintain ordinary functionality and enable Windows Live ID service 1 = Disable Windows Live ID |
Disable Windows Live ID service for content with restricted permission. |
||
|
RequestPermissionURL |
REG_SZ |
The URL of the person who can grant additional permissions. For example: mailto:someone@contoso.com |
URL used to request additional permissions for documents protected in this client. Typically an e-mail address. |
||
|
RequireConnection |
REG_DWORD |
1 = The box is checked by default and a connection is required. 0 = The box is cleared; users do not need a connection. |
Always require users to connect to verify permissions |
||
|
RequestPermission |
REG_DWORD |
1 = The box is checked. 0 = The box is cleared. |
This registry key toggles the default value of the "Users can request additional permissions from" check box in Office IRM user interface. |
||
|
DoNotAcquireDRMLicenseOnSync |
REG_DWORD |
1 = Outlook will not try to acquire licenses during the message synchronization. 0 = The license is automatically acquired. |
When Outlook downloads an IRM e-mail message, the license to view IRM content is automatically acquired. |
||
|
NeverAllowDLs |
REG_DWORD |
0 = Allow distribution lists. 1 = Disable distribution lists. |
Never let users specify groups when restricting permission for documents. |
||
|
CloudCertificationServer |
REG_SZ |
URL to custom cloud certification server |
If Windows Live ID service is used, can override the default URL for the service. |
||
|
CloudLicenseServer |
REG_SZ |
URL of the licensing server |
If Windows Live ID service is used, can override the default URL for the service. |
||
|
DRMPostSetupURL |
REG_SZ |
URL of RMS client |
URL where users can download the Windows Rights Management Services client. |
||
|
DoNotUseOutlookByDefault |
REG_DWORD |
0 = Outlook is used 1 = Outlook is not used |
The permissions dialog uses Outlook to validate e-mail addresses entered in that dialog box. This causes an instance of Outlook to be started when restricting permissions. Disable the option by using this key. |
||
|
DisableRepair |
REG_DWORD |
0 = Repair works ordinarily. 1 = Repair is disabled. |
Do not let users upgrade Information Rights Management configuration. |
Note
