Configure security for Office 2010
Applies to: Office 2010
Topic Last Modified: 2011-11-15
You can use the Office Customization Tool (OCT) and Group Policy to configure security settings in Microsoft Office 2010.
This article contains the required information and procedures for configuring security settings in Office 2010.
In this article:
Process overview
Before you begin
Configure security settings by using the OCT
Configure security settings by using Group Policy
Process overview
You can configure security settings by using the Office Customization Tool (OCT), and by using the Office 2010 Administrative Templates (.adm or admx files) with Group Policy. You can also configure some security settings in the Trust Center, which can be accessed through the user interface of every Office 2010 application. However, from an administration and deployment standpoint, Trust Center settings are useful only for troubleshooting installation and configuration problems on individual computers. The Trust Center cannot be used to deploy or centrally manage security settings.
When you use the OCT to configure security settings, the settings are not permanent. The OCT establishes the initial value for the setting. After Office 2010 is installed, users can use the Trust Center to configure some, but not all, security settings. If you must enforce and prevent users from changing security settings, use Group Policy.
For information about how to manage security for Office for Mac, see Deploy Office for Mac 2011 security preferences (https://go.microsoft.com/fwlink/?LinkId=212912).
Before you begin
Before you configure security settings, review the following information about planning, permissions, and tool requirements.
Plan security settings
You must complete the following steps in the security planning process before you configure security settings:
Read Security overview for Office 2010. This article describes the new security architecture in Office 2010 and explains how the new security features work together to help provide a layered defense. We recommend that you do not change any security settings until you understand how all of the security features work.
Read Understand security threats and countermeasures for Office 2010. This article describes which security risks and threats are relevant to Office 2010. This article also helps you determine which of those security risks and threats pose a risk to the business assets or processes of your organization.
Read the planning articles in Plan security for Office 2010. These articles describe the various security settings that you can use to customize Office 2010 security features.
Review required permissions
The following table lists the administrative credentials that are required to configure security settings by using various deployment and management tools.
To perform these actions | You must be a member of this group or groups |
---|---|
Run the OCT. |
Administrators group on the local computer |
Configure local Group Policy settings by using the Local Group Policy Editor. |
Administrators group on the local computer |
Configure domain-based Group Policy settings by using the Group Policy Management Console. |
Domain Admins, Enterprise Admins, or Group Policy Creator Owners group |
Tool prerequisites
You can use several different tools to configure security settings. Before you use these tools, make sure that you:
Understand how to use the OCT to customize Office 2010. For more information about the OCT, see Office Customization Tool in Office 2010 and Customization overview for Office 2010.
Have created a network installation point from which you can run the OCT. For more information about network installation points, see Create a network installation point for Office 2010.
Understand what Administrative Templates are (.adm or .admx files). For more information about Administrative Templates, see Group Policy overview for Office 2010.
Have loaded the Group Policy Office 2010 Administrative Templates to the central store, or to the Local Group Policy editor, depending on whether you want to configure just one computer or multiple computers on the domain.
The OCT is available only with volume licensed versions of Office 2010 and the 2007 Microsoft Office system. To determine whether an Office 2010 installation is a volume licensed version, check the Office 2010 installation disk to see whether it contains a folder named Admin. If the Admin folder exists, the disk is a volume license edition. If the Admin folder does not exist, the disk is a retail edition.
Configure security settings by using the OCT
The following procedure shows how to use the OCT to configure security settings.
To use the OCT to configure security settings
Open a command prompt window and navigate to the root of the network installation point that contains the Office 2010 source files.
At the command prompt, type setup.exe /admin, and then press ENTER.
In the navigation pane of the OCT, click Office security settings.
Change the security settings that you want to configure in the right pane.
Configure security settings by using Group Policy
The following procedure shows how to use Group Policy to configure security settings.
To use Group Policy to configure security settings
If you want to configure local Group Policy settings, open the Local Group Policy Editor.
To do this, at the Run command, type gpedit.msc, and then press ENTER.
Or, open the Group Policy Management Editor on a domain controller if you want to configure domain-based Group Policy settings.
To do this, open the Group Policy Management Console snap-in, right-click the Group Policy object (GPO) that you want to configure, and then click Edit.
In the Local Group Policy Editor tree or the Group Policy Management Editor tree, find the security setting that you want to configure in one of the following locations:
User Configuration/Policies/Administrative Templates/Microsoft Access 2010/Application Settings/Security
User Configuration/Policies/Administrative Templates/Microsoft Excel 2010/Excel Options/Security
User Configuration/Policies/Administrative Templates/Microsoft InfoPath 2010/Security
User Configuration/Policies/Administrative Templates/Microsoft Office 2010/Security Settings
User Configuration/Policies/Administrative Templates/Microsoft OneNote 2010/OneNote Options/Security
User Configuration/Policies/Administrative Templates/Microsoft Outlook 2010/Security
User Configuration/Policies/Administrative Templates/Microsoft PowerPoint 2010/PowerPoint Options/Security
User Configuration/Policies/Administrative Templates/Microsoft Project 2010/Security
User Configuration/Policies/Administrative Templates/Microsoft Publisher 2010/Security
User Configuration/Policies/Administrative Templates/Microsoft Visio 2010/Visio Options/Security
User Configuration/Policies/Administrative Templates/Microsoft Word 2010/Word Options/Security
Double-click the security setting and make the changes that you want to make.
Tip
If you cannot find the security setting that you want to configure, try searching in the previously listed locations within the Computer Configuration/Policies/Administrative Templates node.