Updated: 2009-02-12
You can configure document protection settings by using the Office Customization Tool (OCT) or by using the Group Policy Object Editor.
Before you begin
Before you begin configuring settings, be sure you meet the planning requirements, administrative requirements, and tool requirements that are described in this section.
-
Planning requirements You must complete the following steps in the security planning process before you can effectively configure document protection settings:
-
Administrative requirements The following table lists the administrative credentials that are required to perform settings configuration actions.
To perform these actions You must be a member of these groups Run the OCT
Administrators group on the local computer
Configure local Group Policy settings with the Group Policy Object Editor
Administrators group on the local computer
Configure domain-based Group Policy settings with the Group Policy Object Editor
Domain Admins, Enterprise Admins, or Group Policy Creator Owners
-
Tool requirements It is assumed that you:
-
Understand how to use the OCT to customize the 2007 Microsoft Office system. For more information about the OCT, see Office Customization Tool in the 2007 Office system.
-
Have created a network installation point from which you can run the OCT.
-
Understand what Administrative Templates (that is, .adm files) are.
-
Have loaded the Office 2007 Administrative Templates into the Group Policy Object Editor.
-
Configure document protection settings by using the OCT
Use the following procedure to configure encryption settings for Office Open XML Formats files. Before you perform this procedure, you must know the cryptographic service provide (CSP), the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider
Configure encryption settings for Office Open XML Formats files
-
In the left pane of the OCT, under Features, click Modify user settings.
-
In the tree view of the OCT, open Microsoft Office 2007 system, and click Security Settings.
-
In the details pane, double-click Encryption type for password protected Office Open XML files.
-
Click Enabled, and in Encryption type type the following information, separated by commas:
CSP
Cryptographic algorithm
Key length
-
Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):
Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128
-
Click OK to save your settings.
Use the following procedure to configure encryption settings for Office 97-2003 format files. Before you perform this procedure, you must know the CSP, the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider
Configure encryption settings for Office 97-2003 format files
-
In the left pane of the OCT, under Features, click Modify user settings.
-
In the tree view of the OCT, open Microsoft Office 2007 system, and click Security Settings.
-
In the details pane, double-click Encryption type for password protected Office 97-2003 files.
-
Click Enabled, and in Encryption type type the following information, separated by commas:
CSP
Cryptographic algorithm
Key length
-
Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):
Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128
-
Click OK to save your settings.
Use the following procedure to configure Microsoft Office OneNote 2007 encryption settings.
Configure Office OneNote 2007 encryption settings
-
In the left pane of the OCT, under Features, click Modify user settings.
-
In the tree view of the OCT, open Microsoft Office OneNote 2007, open Tools|Options, and click Password.
-
In the details pane, double-click the encryption setting that you want to configure.
-
Click Enabled to enable a setting, or click Disabled to disable a setting.
-
Click OK to save your settings.
You can deploy document protection settings by using the Setup program or by using the Windows Installer program. For more information, see Run Setup for the 2007 Office system on users' computers and Change users' configurations after installing the 2007 Office system.
Configure document protection settings by using Group Policy
Use the following procedure to configure encryption settings for Office Open XML Formats files. Before you perform this procedure, you must know the CSP, the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider
Configure encryption settings for Office Open XML Formats files
-
In the Group Policy Object Editor tree, navigate to the following:
User Configuration/Administrative Templates/Microsoft Office 2007 system/Security Settings
-
In the details pane, double-click Encryption type for password protected Office Open XML files.
-
Click Enabled, and in Encryption type type the following information, separated by commas:
CSP
Cryptographic algorithm
Key length
-
Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):
Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128
-
Click OK to save your settings.
Use the following procedure to configure encryption settings for Office 97-2003 format files. Before you perform this procedure, you must know the CSP, the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider
Configure encryption settings for Office 97-2003 format files
-
In the Group Policy Object Editor tree, navigate to the following:
User Configuration/Administrative Templates/Microsoft Office System 2007/Security Settings
-
In the details pane, double-click Encryption type for password protected Office 97-2003 files.
-
Click Enabled, and in Encryption type type the following information, separated by commas:
CSP
Cryptographic algorithm
Key length
-
Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):
Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128
-
Click OK to save your settings.
Use the following procedure to configure Office OneNote 2007 encryption settings.
Configure Office OneNote 2007 encryption settings
-
In the Group Policy Object Editor tree, navigate to the following:
User Configuration/Administrative Templates/Microsoft Office OneNote 2007/Tools|Options/Security Settings/Password
-
In the details pane, double-click the encryption setting that you want to configure.
-
Click Enabled to enable a setting, or click Disabled to disable a setting.
-
Click OK to save your settings.
Download this book
This topic is included in the following downloadable book for easier reading and printing:
See the full list of available books at Downloadable content for the 2007 Office Resource Kit .