Plan privacy options for Office 2010
Applies to: Office 2010
Topic Last Modified: 2011-07-08
Microsoft Office 2010 provides several privacy-related settings that let you control the disclosure of private information.
The Welcome to Microsoft Office 2010 dialog box, also known as the Opt-in wizard or the Recommended Settings dialog box, lets users enable or disable several Internet-based services that help protect and improve Office 2010 applications.
In this article:
About planning privacy options
Suppress the Welcome to Microsoft Office 2010 dialog box
Configure privacy options
Related privacy options
About planning privacy options
The first time that a user starts Office 2010, the following dialog box appears:
If users select Use Recommended Settings, the following security settings and privacy options are enabled:
Recommended and important updates are automatically installed for the Windows Vista and newer operating systems and Office 2010 applications. Users are notified about new optional software. For Windows XP, high priority updates are installed.
Applications are able to connect to Office.com for updated Help content and can receive targeted Help content for Office 2010 applications that are installed.
Applications are able to periodically download small files that help determine system problems and prompt users to send error reports to Microsoft.
Users are signed up for the Customer Experience Improvement Program.
If users select Install Updates Only, recommended and important updates are automatically installed for the Windows Vista operating systems and newer Windows operating systems and Office 2010 applications. Users are notified about new optional software. For Windows XP, only high priority updates are installed. However, privacy options are not changed in Office 2010 applications, which means that the default privacy options take effect. If users select Don’t Make Changes, automatic updating is not changed in the Windows Security Center and privacy options are not changed in Office 2010, which means that the default privacy options take effect.
The default privacy options for Office 2010 applications are as follows:
Office 2010 applications do not connect to Office.com for updated Help content and office applications are not detected on your computer to give users improved search results.
Office 2010 applications do not download small programs that help diagnose problems and error message information is not sent to Microsoft.
Users are not enrolled in the Customer Experience Improvement Program.
Because the Welcome to Microsoft Office 2010 dialog box lets users enable or disable several Internet-based services, you might want to prevent the dialog box from appearing and configure these services individually. If you suppress the dialog box, we recommend that you enable all of the Internet-based services, which you can do by configuring privacy options.
Note
For information about how to configure security settings in the Office Customization Tool (OCT) and the Office 2010 Administrative Templates, see Configure security for Office 2010.
Suppress the Welcome to Microsoft Office 2010 dialog box
You can suppress the Welcome to Microsoft Office 2010 dialog box by enabling the Suppress recommended settings dialog setting. This Group Policy setting is located in the Group Policy Object Editor under User Configuration\Administrative Templates\(ADM\ADMX)\Microsoft Office 2010\Miscellaneous. This setting prevents the Welcome to Microsoft Office 2010 dialog box from appearing the first time that a user starts Office 2010. If you enable this setting, the automatic updating feature remains unchanged and the privacy options that control Internet-based services are not enabled.
If you suppress the Welcome to Microsoft Office 2010 dialog box without enabling certain privacy options, you disable several features that improve Office 2010 applications and you could expose a computer to security threats. Therefore, if you enable this setting we recommend that you also enable all of the privacy options that are discussed in Configure privacy options.
Most organizations enable this setting, including organizations that have a highly restrictive security environment or a security environment that restricts Internet access.
Configure privacy options
Office 2010 provides several settings that let you control the disclosure of private information. These settings are often known as privacy options. You can enable or disable each of these settings to suit your organization’s security requirements. However, if you suppress the Welcome to Microsoft Office 2010 dialog box, we recommend that you enable all these settings.
Setting name: Online content options. This Group Policy setting is located in the Group Policy Object Editor under User Configuration\Administrative Templates\(ADM\ADMX)\Microsoft Office 2010\ Tools | Options | General | Service Options… \ Online Content.
Description: This setting controls whether the Office 2010 Help system can download Help content from Office.com. You can select one of three possible options for this setting:
Never show online content or entry points. The Help system does not connect to Office.com to download content. This is the default setting if you suppress the Welcome to Microsoft Office 2010 dialog box or if users select Don’t make changes or Install Updates Only on the Welcome to Microsoft Office 2010 dialog box.
Search only offline content whenever available. The Help system does not connect to Office.com to download content.
Search online content whenever available. The Help system connects to Office.com for content when the computer is connected to the Internet.
Impact: If you enable this setting and select Never show online content or entry points or Search only offline content whenever available, users cannot access updated Help topics through the Help system and you cannot get templates from Office.com.
Guidelines: Most organizations enable this setting and select Search online content whenever available. This is the recommended configuration for this setting. However, organizations that have a highly restrictive security environment, or a security environment that restricts Internet access, typically enable this setting and select Never show online content or entry points.
Setting name: Automatically receive small updates to improve reliability. This Group Policy setting is located in the Group Policy Object Editor under User Configuration\Administrative Templates\(ADM\ADMX)\Microsoft Office 2010\ Privacy\Trust Center.
Description: This setting controls whether client computers periodically download small files that enable Microsoft to diagnose system problems.
Impact: If you enable this setting, Microsoft collects information about specific errors and the IP address of the computer. No personally identifiable information is transmitted to Microsoft other than the IP address of the computer requesting the update.
Guidelines: Most organizations enable this setting, which is the recommended configuration. Organizations that have a highly restrictive security environment, or a security environment that restricts Internet access, typically disable this setting.
Setting name: Enable Customer Experience Improvement Program. This Group Policy setting is located in the Group Policy Object Editor under User Configuration\Administrative Templates\(ADM\ADMX)\Microsoft Office 2010\Privacy\Trust Center.
Description: This setting controls whether users participate in the CEIP to help improve Office 2010. When users participate in the CEIP, Office 2010 applications automatically send information to Microsoft about how the applications are used. This information is combined with other CEIP data to help Microsoft solve problems and improve the products and features customers use most often. Participating in the CEIP does not collect users’ names, addresses, or any other identifying information except the IP address of the computer that is used to send the data.
Impact: If you enable this setting, users participate in the CEIP.
Guidelines: Most organizations enable this setting, which is the recommended configuration. Organizations that have a highly restrictive security environment, or a security environment that restricts Internet access, typically do not enable this setting.
Setting name: Improve Proofing Tools. This Group Policy setting is located in the Group Policy Object Editor under User Configuration\Administrative Templates\(ADM\ADMX)\Microsoft Office 2010\Tools\Options\Spelling.
Description: This setting controls whether the Help Improve Proofing Tools feature sends usage data to Microsoft. The Help Improve Proofing Tools feature collects data about the use of the proofing tools, such as additions to the custom dictionary, and sends the data to Microsoft. After about six months, the feature stops sending data to Microsoft and deletes the data collection file from the user's computer. By default, this feature is enabled if users choose to participate in the Customer Experience Improvement Program (CEIP). If your organization has policies that govern the use of external resources such as the CEIP, allowing the use of the Help Improve Proofing Tools feature might cause them to violate these policies. If you disable this policy setting, the Help Improve Proofing Tools feature does not collect proofing tool usage information and transmit it to Microsoft. If you do not configure this policy setting, the behavior is the equivalent of setting the policy to "Enabled."
Impact: If you enable this setting, users participate in the CEIP. Although this feature does not intentionally collect personal information, some of the content that is sent could include items that were marked as spelling or grammar errors, such as proper names and account numbers. However, any numbers such as account numbers, street addresses, and telephone numbers are converted to zeros when the data is collected. Microsoft uses this information solely to improve the effectiveness of the Office Proofing Tools, not to identify users.
Guidelines: Most organizations enable this setting, which is the recommended configuration. Organizations that have a highly restrictive security environment, or a security environment that restricts Internet access, typically do not enable this setting.
Related privacy options
Several other settings are related to privacy disclosure in Office 2010 applications. If you are changing privacy options because you have a special security environment, you might want to evaluate the following settings:
Protect document metadata for password protected files This setting determines whether metadata is encrypted when you use the Encrypt with Password feature.
Protect document metadata for rights managed Office Open XML files This setting determines whether metadata is encrypted when you use the Restrict Permission by People feature.
Warn before printing, saving, or sending a file that contains tracked changes or comments This setting determines whether users are warned about comments and tracked changes before they print, save, or send a document.
Make hidden markup visible This setting determines whether all tracked changes are visible when you open a document.
Prevent document inspectors from running This setting lets you disable Document Inspector modules.
Note
For the latest information about policy settings, refer to the Microsoft Excel 2010 workbook Office2010GroupPolicyAndOCTSettings_Reference.xls, which is available in the Files in this Download section on the Office 2010 Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool (https://go.microsoft.com/fwlink/p/?LinkID=189316&clcid=0x409) download page.
See Also
Concepts
Security overview for Office 2010
Configure security for Office 2010