TechEd 2007: Office 2007 security tool

TechEd 2007: Office 2007 security tool

Software offers automatic security settings through Active Directory

Microsoft is scheduled to release a software tool and documentation that helps businesses to better tweak the security settings of Office 2007.

The Office 2007 Security Guide was launched on 13 November at the Microsoft TechEd 2007 conference in Barcelona.

The programme offers detailed documentation of the security settings in Office 2007, as well as a free Group Policy Object Accelerator that allows administrators to change and set security policies across users through Active Directory.

While previous versions of Microsoft Office allowed users to apply broad ranging security settings, Office 2007 introduced features that can be controlled at a granular level. The application offers 1,500 settings, 300 of which relate to security.
In previous versions of Office, administrators could enable or disable macros. Macros are considered a potential security risk, but many firms rely on them to automate tasks.

Office 2007 therefore supports trusted folders, where administrators can place documents that are pre-approved to be used by macros. Another option is to allow macros in Excel only, or for employees in a certain group.

Administrators or security architects can also block access to certain web services. Office 2007 offers an automated translation tool that relies on internet access, for example, and could be perceived as privacy risk.

"The idea is to make security approachable to everyone," Joshua Edwards, technical product manager for Microsoft Office, said.

"It is hard to configure what you are not aware of. It's about understanding what your options are and how you can implement those together."

The Group Policy Object Accelerator offers two choices of basic settings based on common security situations.

The Enterprise Client settings will appeal to most businesses, while highly secure operations are expected to go for the so-called Specialized Security Limited Functionality settings.

Users seeking even more granular control can dive deeper and adjust each of the 300 security settings to fit their needs. The documentation that accompanies the tool will point out any interdependencies between settings.

Microsoft offers similar tools for Windows Vista and Windows XP. Edwards said that the firm has been approached by client management software vendors.

Companies like Altiris or LANdesk would be interested in automating the security settings through their management software as well.