Updated: 2009-02-12

The 2007 Microsoft Office system contains settings and options that can help you mitigate privacy threats and control the disclosure of private and personal information. These settings and options can be categorized into four main groups as shown in the following table.

Use these To do this

Document Inspector settings

Disable the Inspector modules that are included with the new Document Inspector tool.

Metadata protection settings

Protect metadata that is contained in rights-managed and encrypted Office Open XML Formats files.

Office privacy options

  • Control whether users participate in the Customer Experience Improvement Program (CEIP).

  • Control whether users are allowed to automatically receive reliability updates.

  • Control how the Help system handles updated content on the Web.

  • Suppress the Privacy Options dialog box that appears the first time users start an application.

Application-specific privacy options

Customize privacy-related behavior in Microsoft Office PowerPoint 2007 and Microsoft Office Word 2007.

For detailed explanations, see "Privacy options" in Security policies and settings in the 2007 Office system. As you plan your privacy options, keep the following guidelines in mind:

Although you can configure these settings and options for a wide variety of privacy scenarios, these settings and options are most commonly used to:

For more information about how to configure privacy options and settings, see Configure privacy options in the 2007 Office system.

Maximize the protection of personal and private information in documents

The recommended guidelines in the following sections are based on the Enterprise Client (EC) environment rather than the Specialized Security Limited Functionality (SSLF) environment. The EC environment represents an organization that has typical security needs. It is suitable for midsize and large organizations that seek to balance security and functionality. The SSLF environment represents a less typical organization, one in which security is paramount. It is suitable only for midsize and large organizations that have stringent security standards, for which security is more important than application functionality.

For a list of all configurations, see the 2007 Microsoft Office Security Guide (Threats and Countermeasures: Security Settings in the 2007 Office System) (http://go.microsoft.com/?linkId=7711534).

Use the following guidelines to help maximize the protection of personal and private information that is contained in Office Excel 2007, Office PowerPoint 2007, and Office Word 2007 documents.

  • Do not disable the Inspector modules that are included in Document Inspector. By default, documents are scanned with all Inspector modules when users run Document Inspector.

  • Educate users about Document Inspector. There are no administrative settings that enable you to force users to run Document Inspector. Formal training and awareness about Document Inspector can help mitigate privacy threats.

  • Create custom Inspector modules that address your organization's specific privacy concerns. Document Inspector is extensible and can be programmatically modified to suit the privacy needs of your organization. For more information, see Customizing the 2007 Office System Document Inspector (http://go.microsoft.com/fwlink/?LinkId=78577&clcid=0x409).

  • Enable the metadata protection settings that are listed in the following table.

    Metadata protection setting name Recommended configuration Description

    Protect document metadata for rights-managed Office Open XML Files

    Select this option: Enabled

    By default, document metadata is not protected in Office Open XML Formats files that are restricted using IRM. Selecting this option protects (encrypts) metadata, such as author name, hyperlink references, and number of words, in Office Open XML Formats files that are restricted using IRM.

    Protect document metadata for password-protected files

    Select this option: Enabled

    By default, document metadata is protected (encrypted) in Office Open XML Formats files that are encrypted with the password protection feature. Selecting this option protects (encrypts) metadata, such as author name, hyperlink references, and number of words, in Office Open XML Formats files that are encrypted with the password protection feature.

  • Configure the Office privacy options as recommended in the following table.

    Privacy option name Recommended configuration Description

    Enable Customer Experience Improvement Program

    Not configured

    By default, users are not enrolled in the Customer Experience Improvement Program (CEIP) and you do not need to select this option. However, choosing to disable this option will not cause usability issues for 2007 Office users. Selecting this option blocks participation in the CEIP, which can reveal the IP address of a user's computer to Microsoft.

    Automatically receive small updates to improve reliability

    Not configured

    By default, users do not automatically receive small updates to improve reliability and you do not need to select this option. However, disabling this setting will prevent users from receiving information and advice from Microsoft about fixing and preventing 2007 Office application errors, which could cause your support department to experience an increase in desktop support requests. Blocking this prevents the IP address of a user's computer from being revealed to Microsoft.

    Online content options

    Select this option: Enabled

    Select this configuration: Search online content whenever available

    By default, the Help system automatically searches Microsoft Office Online for Help content when a computer is connected to the Internet. Selecting this option and selecting Never show online content or entry points prevents the Help system from accessing Office Online. It also prevents the Help system from displaying links to content that is on Office Online and it prevents the Help system from downloading updated Help content.

    NoteNote:

    By default, in the French, German, and Italian versions of the 2007 Office system, the Help system does not access Office online and it does not display links to content that is on Office online.

  • Configure the application-specific privacy options as recommended in the following table.

    Application-specific privacy option name Recommended configuration Description

    Warn before printing, saving, or sending a file that contains tracked changes or comments

    Select this option: Enabled

    By default, users are not warned before printing, saving, or sending a file that contains tracked changes or comments. Selecting this option warns about tracked changes (revisions) and comments before users print, send, or save a document. This setting can be configured only for Office Word 2007.

    Make hidden markup visible

    Select this option: Enabled

    By default, hidden markup is invisible. Selecting this option displays all tracked changes before users open or save documents. This setting can be configured only for Office PowerPoint 2007 and Office Word 2007.

    Store random number to improve merge accuracy

    Select this option: Enabled

    By default, a random number is not stored to improve merge accuracy. Selecting this option improves the accuracy of merging tracked changes by multiple authors. This setting can be configured only for Office Word 2007.

Suppress the first-run Privacy Options dialog box

The Privacy Options dialog box appears the first time users start an application in the 2007 Office system. Users can select the following three privacy options in the Privacy Options dialog box:

  • Get online Help   This corresponds to the Online content options privacy option, which enables you to control how a computer searches Help content on the Microsoft Office Online Web site and choose whether updated Help content is downloaded to users' computers.

  • Keep your system running   This corresponds to the Automatically receive small updates to improve reliability privacy option, which enables you to control whether a computer automatically receives updates that help track and solve crashes, hangs, and system failures.

  • Make Office better   This corresponds to the Enable Customer Experience Improvement Program (CEIP) privacy option, which controls whether users participate in the CEIP program.

You can prevent the first-run Privacy Options dialog box from appearing by configuring Office Customization Tool (OCT) settings or Group Policy settings. You can also prevent the first-run Privacy Options dialog box from appearing by configuring the ShowOptIn registry entry. To learn more about using the ShowOptIn registry entry, see the following article in the Microsoft Knowledge Base: How to prevent the "Welcome to the 2007 Microsoft Office system" dialog box from opening when a 2007 Office suite is started for the first time (http://go.microsoft.com/fwlink/?LinkId=85502&clcid=0x409).

To use only the OCT to suppress the first-run Privacy Options dialog box, configure the options that are recommended in the following table.

Privacy option name Recommended configuration Description

Online content options

Not configured

Select this configuration: Search online content whenever available

Selecting this option and selecting Search online content whenever available allows the Help system to access Office Online. It also allows the Help system to display links to content that is on Office Online and it allows the Help system to download updated Help content.

Note   By default, in the French, German, and Italian versions of the 2007 Office system, the Help system does not access Office online and it does not display links to content that is on Office online.

Automatically receive small updates to improve reliability

Not configured

Selecting this option allows the downloading of a small file that enables Microsoft to provide users with help if they are experiencing an abnormal number of program errors. Selecting this option also allows the IP address of a user's computer to be revealed to Microsoft.

Enable Customer Experience Improvement Program

Select this option: Enabled

Selecting this option allows participation in the Customer Experience Improvement Program, which can reveal the IP address of a user's computer to Microsoft.

To use only Group Policy to suppress the first-run Privacy Options dialog box, configure the settings that are recommended in the following table.

Privacy option name Recommended configuration Description

Online content options

Not configured

Select this option: Search online content whenever available

To suppress the first-run Privacy Options dialog box, you can select either the Enabled or the Disabled option. Doing so prevents users from configuring the setting in the graphical user interface, which prevents the first-run Privacy Options dialog box from appearing.

NoteNote:

By default, in the French, German, and Italian versions of the 2007 Office system, the Help system does not access Office online and it does not display links to content that is on Office online.

Automatically receive small updates to improve reliability

Not configured

To suppress the first-run Privacy Options dialog box, you can select either the Enabled or the Disabled option. Doing so prevents users from configuring the setting in the graphical user interface, which prevents the first-run Privacy Options dialog box from appearing.

Enable Customer Experience Improvement Program

Not configured

To suppress the first-run Privacy Options dialog box, you can select either the Enabled or the Disabled option. Doing so prevents users from configuring the setting in the graphical user interface, which prevents the first-run Privacy Options dialog box from appearing.

NoteNote:

You can also suppress the first-run Privacy Options dialog box by using a combination of OCT and Group Policy settings. However, the combination of settings must follow the recommendations described in the previous tables.

Suppress the first-run Sign up for Microsoft Update dialog box

The Sign up for Microsoft Update dialog box appears the first time users start an application in the 2007 Office system. Users can select the following two options on the Sign up for Microsoft Update dialog box:

  • Download and install updates from Microsoft Update when available (recommended)   This option corresponds to the Turn on automatic updating setting in the Windows Vista operating system and the Automatic (recommended) setting in the Microsoft Windows XP Professional operating system. This setting enables a computer to automatically access Microsoft Update and download and install any available updates for the 2007 Office system.

  • I don't want to use Microsoft Update   This option corresponds to the Turn off automatic updating setting in the Windows Vista operating system and the Turn off Automatic Updates setting in the Windows XP operating system. This setting prevents a computer from accessing Microsoft Update.

To prevent the Sign up for Microsoft Update dialog box from appearing, you must enable one of the following Group Policy settings:

  • Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings/Turn off access to all Windows update features

  • User Configuration/Administrative Templates/Windows Components/Windows Update/Remove access to use all Windows Update features

  • User Configuration/Administrative Templates/Start Menu and Taskbar/Remove links and access to Windows Update

NoteNote:

You can suppress the first-run Sign up for Microsoft Update dialog box only by configuring Group Policy settings. There are no settings in the OCT that enable you to suppress the first-run Sign up for Microsoft Update dialog box.

Download this book

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Downloadable content for the 2007 Office Resource Kit .

See Also