Office Registry Settings

Applies To: Windows Server 2008, Windows Server 2008 R2

The Microsoft Office registry keys can be set to perform several different functions. This allows you to set the path to the AD RMS templates, disable IRM functionality for Office programs, enforce online connection to view a protected document, disable Windows Live ID-based certification, and so on.

The registry entries provided are valid for the Microsoft Office 2010, Office 2007, and Office 2003 suites, although the location of the entries is different. Use the following branch depending on your version.

For Microsoft Office 2003: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\DRM

For Microsoft Office 2007: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM

For Microsoft Office 2010: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM

For 32-bit editions of Office running on 64-bit versions of Microsoft Windows: HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Office\<version>\Common\DRM.

The most frequently used registry overrides are in the following list:

DRMEncryptProperty: Specify whether to encrypt all metadata stored inside a rights-managed file. This is only available in Office 2007.

HKCU\Software\Microsoft\Office\12.0\Common\Security
      REG_DWORD:  DRMEncryptProperty
      Value: 1 = The file metadata is encrypted.
             0 = The metadata is stored in clear text. The default value is 0.

AutoExpandDLsEnable : Expand groups in Office when restricting permissions for documents.

HKCU\Software\Microsoft\Office\12.0\Common\DRM\AutoExpandDLs
      REG_DWORD:  AutoExpandDLsEnable
      Value: 0 = Do not expand distribution lists in Permissions dialog 
             1 = Expand distribution lists in Permissions dialog

LicenseServerRedirection: Redirect to different servers for IRM licensing. Used in the case where Trusted Publishing Domains are used so an AD RMS cluster issues use licenses against publishing licenses issued by another cluster.

HKCU\Software\Microsoft\Office\12.0\Common\DRM\LicenseServerRedirection
      REG_SZ:  https://url.to.old.licensing.server/_wmcs/licensing
      Value: https://url.to.new.licensing.server/_wmcs/licensing

LicenseServers: Preset/reset dialog for acquiring license. This key contains DWORD values. The name of each DWORD should be set to a server URL. If the value of the DWORD is 1, then Office will not prompt the user when it is required to acquire a license. If the value is zero or there is no registry entry for that server, Office will prompt for a license. The dialog box has an option to disable the prompt, which sets this registry entry for the server.

HKCU\Software\Microsoft\Office\12.0\Common\DRM\LicenseServers
      REG_DWORD:  https://url.to.licensing.server/_wmcs/licensing
      Value: 0 = Prompt the user each time Office has to acquire a license
             1 = Do not prompt the user each time Office has to acquire a license

List of Office Registry Settings

Note

Name of Registry Entry

Message displayed to users who cannot view a rights-managed e-mail message. Typically used to give users an alternative location for downloading the RMA Add-On or the RMS client.

DownlevelTemplatePath

REG_SZ

The path of a directory that stores templates. Templates are Office document templates.

URL for location of document templates displayed when applications do not recognize rights-managed documents.

CorpCertificationServer

REG_SZ

https://url.to.rms/_wmcs/Certification

Typically Active Directory is used to specify the RMS Certification server that is used for bootstrapping. This setting lets you override the location of the AD RMS cluster specified in Active Directory for certification. Can be used when autodiscovery is not available, such as when users do not work inside a LAN with connectivity to Active Directory. If present, takes precedence over the settings under MSDRM registry branch for Office applications.

CorpLicenseServer

REG_SZ

https://url.to.rms/_wmcs/Licensing

Typically Active Directory is used to specify the RMS Licensing server that is used for issuing use licenses. This setting lets you override the location of the AD RMS cluster specified in Active Directory for publishing (for protecting content). Can be used when autodiscovery is not available, such as when users do not work inside a LAN with connectivity to Active Directory or when using with Licensing-only servers for particular groups of users. If present, takes precedence over the settings under MSDRM registry branch for Office applications.

DisablePassportCertification

REG_DWORD

0 = Maintain ordinary functionality and enable Windows Live ID service

1 = Disable Windows Live ID

Disable Windows Live ID service for content with restricted permission.

RequestPermissionURL

REG_SZ

The URL of the person who can grant additional permissions. For example: mailto:someone@contoso.com

URL used to request additional permissions for documents protected in this client. Typically an e-mail address.

RequireConnection

REG_DWORD

1 = The box is checked by default and a connection is required.

0 = The box is cleared; users do not need a connection.

Always require users to connect to verify permissions

RequestPermission

REG_DWORD

1 = The box is checked.

0 = The box is cleared.

This registry key toggles the default value of the "Users can request additional permissions from" check box in Office IRM user interface.

DoNotAcquireDRMLicenseOnSync

REG_DWORD

1 = Outlook will not try to acquire licenses during the message synchronization.

0 = The license is automatically acquired.

When Outlook downloads an IRM e-mail message, the license to view IRM content is automatically acquired.

NeverAllowDLs

REG_DWORD

0 = Allow distribution lists.

1 = Disable distribution lists.

Never let users specify groups when restricting permission for documents.

CloudCertificationServer

REG_SZ

URL to custom cloud certification server

If Windows Live ID service is used, can override the default URL for the service.

CloudLicenseServer

REG_SZ

URL of the licensing server

If Windows Live ID service is used, can override the default URL for the service.

DRMPostSetupURL

REG_SZ

URL of RMS client

URL where users can download the Windows Rights Management Services client.

DoNotUseOutlookByDefault

REG_DWORD

0 = Outlook is used

1 = Outlook is not used

The permissions dialog uses Outlook to validate e-mail addresses entered in that dialog box. This causes an instance of Outlook to be started when restricting permissions. Disable the option by using this key.

DisableRepair

REG_DWORD

0 = Repair works ordinarily.

1 = Repair is disabled.

Do not let users upgrade Information Rights Management configuration.