Updated: 2009-02-12

You can configure document protection settings by using the Office Customization Tool (OCT) or by using the Group Policy Object Editor.

Before you begin

Before you begin configuring settings, be sure you meet the planning requirements, administrative requirements, and tool requirements that are described in this section.

Configure document protection settings by using the OCT

Use the following procedure to configure encryption settings for Office Open XML Formats files. Before you perform this procedure, you must know the cryptographic service provide (CSP), the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider

Configure encryption settings for Office Open XML Formats files

  1. In the left pane of the OCT, under Features, click Modify user settings.

  2. In the tree view of the OCT, open Microsoft Office 2007 system, and click Security Settings.

  3. In the details pane, double-click Encryption type for password protected Office Open XML files.

  4. Click Enabled, and in Encryption type type the following information, separated by commas:

    CSP

    Cryptographic algorithm

    Key length

  5. Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):

    Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128

  6. Click OK to save your settings.

Use the following procedure to configure encryption settings for Office 97-2003 format files. Before you perform this procedure, you must know the CSP, the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider

Configure encryption settings for Office 97-2003 format files

  1. In the left pane of the OCT, under Features, click Modify user settings.

  2. In the tree view of the OCT, open Microsoft Office 2007 system, and click Security Settings.

  3. In the details pane, double-click Encryption type for password protected Office 97-2003 files.

  4. Click Enabled, and in Encryption type type the following information, separated by commas:

    CSP

    Cryptographic algorithm

    Key length

  5. Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):

    Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128

  6. Click OK to save your settings.

Use the following procedure to configure Microsoft Office OneNote 2007 encryption settings.

Configure Office OneNote 2007 encryption settings

  1. In the left pane of the OCT, under Features, click Modify user settings.

  2. In the tree view of the OCT, open Microsoft Office OneNote 2007, open Tools|Options, and click Password.

  3. In the details pane, double-click the encryption setting that you want to configure.

  4. Click Enabled to enable a setting, or click Disabled to disable a setting.

  5. Click OK to save your settings.

You can deploy document protection settings by using the Setup program or by using the Windows Installer program. For more information, see Run Setup for the 2007 Office system on users' computers and Change users' configurations after installing the 2007 Office system.

Configure document protection settings by using Group Policy

Use the following procedure to configure encryption settings for Office Open XML Formats files. Before you perform this procedure, you must know the CSP, the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider

Configure encryption settings for Office Open XML Formats files

  1. In the Group Policy Object Editor tree, navigate to the following:

    User Configuration/Administrative Templates/Microsoft Office 2007 system/Security Settings

  2. In the details pane, double-click Encryption type for password protected Office Open XML files.

  3. Click Enabled, and in Encryption type type the following information, separated by commas:

    CSP

    Cryptographic algorithm

    Key length

  4. Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):

    Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128

  5. Click OK to save your settings.

Use the following procedure to configure encryption settings for Office 97-2003 format files. Before you perform this procedure, you must know the CSP, the cryptographic algorithm, and the key length that you want to use for encryption settings. The following registry key contains a list of the CSPs that are installed on a computer:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider

Configure encryption settings for Office 97-2003 format files

  1. In the Group Policy Object Editor tree, navigate to the following:

    User Configuration/Administrative Templates/Microsoft Office System 2007/Security Settings

  2. In the details pane, double-click Encryption type for password protected Office 97-2003 files.

  3. Click Enabled, and in Encryption type type the following information, separated by commas:

    CSP

    Cryptographic algorithm

    Key length

  4. Verify that your entry looks like the following example (no spaces are allowed on either side of the commas):

    Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128

  5. Click OK to save your settings.

Use the following procedure to configure Office OneNote 2007 encryption settings.

Configure Office OneNote 2007 encryption settings

  1. In the Group Policy Object Editor tree, navigate to the following:

    User Configuration/Administrative Templates/Microsoft Office OneNote 2007/Tools|Options/Security Settings/Password

  2. In the details pane, double-click the encryption setting that you want to configure.

  3. Click Enabled to enable a setting, or click Disabled to disable a setting.

  4. Click OK to save your settings.

Download this book

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Downloadable content for the 2007 Office Resource Kit .

See Also