Securing Office Desktops Resource Guide

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
On This Page

Ongoing Security Maintenance
Additional Security Resources


  1. Verify that your server operating system, systems architecture, and network infrastructure are secure. Refer to Securing Windows XP Resource Guide, Securing Window 9X, SE, ME Desktops Resource Guide, or Securing Windows NT 4.0 Desktops Resource Guide for more information. The remainder of this document will provide only information relating directly to Office Desktops. However, it is critical to follow the guidelines in these documents to create a secure environment for Office Desktop to operate.

  2. Keep your system updated automatically with the Office Update site. For System Administrators, the Office Download Center allows you to select which updates you need to download and get distributable versions for enterprise rollout.

  3. Keep up with the latest security hotfixes by using the Security Bulletins Search.

  4. Use access controls to enforce security on macros that are allowed to execute. Use Trusted Sources and digital certificates to automatically allow approved macros. Refer to the Office XP Resource Kit for more information.

  5. Use digital signatures and encryption to secure private documents.

  6. Restrict security on the desktop to ensure Office XP security configurations are sustained.

  7. Understand and implement secure messaging using Outlook.

  8. Follow the Office Security Checklist.

  9. Educate users on how to prevent unwanted e-mail.

  10. Update your anti-virus tools and signature files from viruses. Check out the Virus Alerts regularly.

  11. Read the Microsoft Office XP Security White Paper.

  12. Use the Baseline Security Analyzer to scan and evaluate the security of your office configuration.

Ongoing Security Maintenance

Without ongoing maintenance your system can become vulnerable to new forms of attacks. Further, the security of your system will degrade over time due to human error of administrators managing the system. Follow these recommended steps on a regular basis:

  1. Use the Baseline Security Analyzer regularly to scan and evaluate the security of your system.

  2. Subscribe to the Microsoft Security Notification Service. This is a free e-mail notification service that Microsoft uses to send information to subscribers about the security of Microsoft products.

  3. Use the Microsoft Update Web site to check for the latest Recommended and Critical updates.

  4. Configure Automatic Updates to automatically notify you of the availability of new security fixes. If possible, configure Automatic Updates to automatically download updates and install them without manual intervention. For more control over updates, use Microsoft Software Update Services, Microsoft Systems Management Server, or a similar solution to reduce the labor associated with deploying patches.

  5. As new security fixes become available, it is important to apply these new fixes. Microsoft has created the Qchain tool to chain hotfixes together in order for only one reboot to be required when installing several fixes.

Additional Security Resources