Configure document protection settings in the 2007 Office system

Before you begin

Before you begin configuring settings, be sure you meet the planning requirements, administrative requirements, and tool requirements that are described in this section.

• Planning requirements   You must complete the following steps in the security planning process before you can effectively configure document protection settings:

  • Choose a deployment tool for security settings and privacy options in the 2007 Office system

  • Evaluate default security settings and privacy options for the 2007 Office system

  • Plan document protection settings in the 2007 Office system

• Administrative requirements   The following table lists the administrative credentials that are required to perform settings configuration actions.

  To perform these actions	You must be a member of these groups
  Run the OCT	Administrators group on the local computer
  Configure local Group Policy settings with the Group Policy Object Editor	Administrators group on the local computer
  Configure domain-based Group Policy settings with the Group Policy Object Editor	Domain Admins, Enterprise Admins, or Group Policy Creator Owners

• Tool requirements   It is assumed that you:

  • Understand how to use the OCT to customize the 2007 Microsoft Office system. For more information about the OCT, see Office Customization Tool in the 2007 Office system.

  • Have created a network installation point from which you can run the OCT.

  • Understand what Administrative Templates (that is, .adm files) are.

  • Have loaded the Office 2007 Administrative Templates into the Group Policy Object Editor.

Configure document protection settings by using the OCT

Use the following procedure to configure encryption settings for Office Open XML Formats files. Before you perform this procedure, you must know the cryptographic service provide (CSP), the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider

Configure encryption settings for Office Open XML Formats files

1. In the left pane of the OCT, under Features, click Modify user settings.

2. In the tree view of the OCT, open Microsoft Office 2007 system, and click Security Settings.

3. In the details pane, double-click Encryption type for password protected Office Open XML files.

4. Click Enabled, and in Encryption type type the following information, separated by commas:

   CSP

   Cryptographic algorithm

   Key length

5. Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):

   Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128

6. Click OK to save your settings.

Use the following procedure to configure encryption settings for Office 97-2003 format files. Before you perform this procedure, you must know the CSP, the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider

Configure encryption settings for Office 97-2003 format files

1. In the left pane of the OCT, under Features, click Modify user settings.

2. In the tree view of the OCT, open Microsoft Office 2007 system, and click Security Settings.

3. In the details pane, double-click Encryption type for password protected Office 97-2003 files.

4. Click Enabled, and in Encryption type type the following information, separated by commas:

   CSP

   Cryptographic algorithm

   Key length

5. Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):

   Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128

6. Click OK to save your settings.

Use the following procedure to configure Microsoft Office OneNote 2007 encryption settings.

Configure Office OneNote 2007 encryption settings

1. In the left pane of the OCT, under Features, click Modify user settings.

2. In the tree view of the OCT, open Microsoft Office OneNote 2007, open Tools|Options, and click Password.

3. In the details pane, double-click the encryption setting that you want to configure.

4. Click Enabled to enable a setting, or click Disabled to disable a setting.

5. Click OK to save your settings.

You can deploy document protection settings by using the Setup program or by using the Windows Installer program. For more information, see Run Setup for the 2007 Office system on users' computers and Change users' configurations after installing the 2007 Office system.

Configure document protection settings by using Group Policy

Use the following procedure to configure encryption settings for Office Open XML Formats files. Before you perform this procedure, you must know the CSP, the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider

Configure encryption settings for Office Open XML Formats files

1. In the Group Policy Object Editor tree, navigate to the following:

   User Configuration/Administrative Templates/Microsoft Office 2007 system/Security Settings

2. In the details pane, double-click Encryption type for password protected Office Open XML files.

3. Click Enabled, and in Encryption type type the following information, separated by commas:

   CSP

   Cryptographic algorithm

   Key length

4. Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):

   Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128

5. Click OK to save your settings.

Use the following procedure to configure encryption settings for Office 97-2003 format files. Before you perform this procedure, you must know the CSP, the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider

Configure encryption settings for Office 97-2003 format files

1. In the Group Policy Object Editor tree, navigate to the following:

   User Configuration/Administrative Templates/Microsoft Office System 2007/Security Settings

2. In the details pane, double-click Encryption type for password protected Office 97-2003 files.

3. Click Enabled, and in Encryption type type the following information, separated by commas:

   CSP

   Cryptographic algorithm

   Key length

4. Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):

   Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128

5. Click OK to save your settings.

Use the following procedure to configure Office OneNote 2007 encryption settings.

Configure Office OneNote 2007 encryption settings

1. In the Group Policy Object Editor tree, navigate to the following:

   User Configuration/Administrative Templates/Microsoft Office OneNote 2007/Tools|Options/Security Settings/Password

2. In the details pane, double-click the encryption setting that you want to configure.

3. Click Enabled to enable a setting, or click Disabled to disable a setting.

4. Click OK to save your settings.

Download this book

This topic is included in the following downloadable book for easier reading and printing:

• Security for the 2007 Office release

See the full list of available books at Downloadable content for the 2007 Office Resource Kit.

See Also

Concepts

Plan document protection settings in the 2007 Office system
Evaluate default security settings and privacy options for the 2007 Office system