This article is also available as a PDF download.
In our previous article on Office 2007 security, we discussed three of the mechanisms built into Office 2007: document encryption, formatting and editing restrictions, and digital signatures. In this article, we'll take a look at three more: Information Rights Management (IRM), checking documents for personal information (metadata), and using the Trust Center.
Information Rights Management (IRM)
Office 2007 has the Information Rights Management (IRM) component built into Word, Excel, PowerPoint, and Outlook. IRM works with a Windows Rights Management Services (RMS) server to allow you to control what happens to documents and messages after you send them. The purpose is to prevent the recipient from forwarding or copying sensitive e-mail messages or from editing, copying, printing, or saving the information in sensitive documents, spreadsheets, or presentations. You can even set an expiration date on IRM-protected files so the recipient can't view or use them after they expire.
Under the hood
RMS is based on digital certificates and public key cryptography. If your organization has deployed RMS, you get an RMS user account certificate from the RMS server. In addition, a machine certificate must be issued to the computer(s) on which you create or open protected content. Then, when you or another user sends a protected file, the server issues a publishing license that contains information about who can access the file and what they can do with it. When you or another user tries to open a protected file you've received, the server issues a use license. For more details about how IRM and RMS work, see the RMS Technical Reference on the Microsoft TechNet Web site.
What you can and can't do with IRM
IRM/RMS allows you to set permissions on a per-document, per-user, or per-group basis. Active Directory is required for assigning rights management permissions to groups. Rights management permissions can prevent other users from accessing the files at all, but there are other ways to accomplish that (NTFS permissions, EFS encryption). The real value of IRM/RMS is that you can set permissions that allow others to view the files but prevent them from:
- Copying the file or any part of it.
- Saving the file to their hard disk or other media.
- Editing the file.
- Printing the file.
- Forwarding (Outlook e-mail messages).
- Faxing the content.
- Cutting and pasting to or from the file.
- Making a graphical copy of the content with the Print Screen (PRTSC) key.
This makes it difficult for recipients of your content to casually share it with others. However, it doesn't make it impossible. A determined person can find ways around IRM protection. For example, someone could still install a third-party screen capture utility, such as SnagIt, and make a graphical capture of the content or even take a photo of the screen with a digital or traditional camera. In addition, IRM doesn't prevent keystroke loggers from capturing the content of a protected document as it's being created.
Using IRM in Office 2007
To create a protected file, you need the following:
- An RMS-enabled application. Microsoft Word, Excel, PowerPoint, and Outlook in Office 2007 Professional Plus and Enterprise editions are fully RMS-enabled.
- The RMS client software. If you're running Office 2007 on Windows Vista, the rights management client is built in. If you're running Windows XP or Windows 2000, you must install the RMS client software. You can download the RMS client Service Pack 2 for x86 computers from the Microsoft Download Center. If you have a previous version of the Windows RMS client installed, the old version will be replaced. For Itanium-based computers running Windows Server 2003 64-bit (Itanium) or Windows XP Professional 64-bit (Itanium), download the IA64 Edition RMS client.
To view a protected file, you can use the RMS-enabled applications discussed above or you can use:
- Microsoft Office 2007 Standard Edition applications.
- Microsoft Internet Explorer version 5.01, 5.5, or 6.0 with the rights management add-on installed.
- Internet Explorer 7.0's XPS Viewer.
- Mobile Office applications in Windows Mobile 6.
You can also create and view protected content in applications that were developed using the Microsoft Windows Rights Management Services Software Developer's Kit (SDK).
How to protect an Outlook e-mail message with IRM
To apply IRM permissions to an Outlook 2007 e-mail message, perform the following steps:
- Create the message in Outlook.
- In the top-left corner of the message window, click the Microsoft Office button.
- Select Permission, then select Do Not Forward, as shown in Figure A.
- Send the message as usual.
|You can set permissions on an e-mail message in Outlook 2007.|
After you set permissions, a notice appears in the information bar at the top of the message noting that recipients can't forward, print, or copy the content of the message, as shown in Figure B.
|When permissions are applied, a notice appears in the info bar at the top of the message.|
If you attach a Word, Excel, or PowerPoint 2007 file to the message, it will have the same permissions you assigned to the message itself, unless the file was given IRM permissions in the Office program that created it. In that case, it retains its original permissions.
How to protect a Word, Excel, or PowerPoint file with IRM
To protect a Word document, Excel spreadsheet, or PowerPoint file with IRM, perform the following steps:
- Save the file.
- Click the Microsoft Office button.
- Click Prepare, then Restrict Permission, then Restricted Access, as shown in Figure C.
|You can assign IRM permissions to a Word document using the Prepare menu.|
- In the Permission dialog box, select the Restrict Permission To This Document check box, as shown in Figure D.
- In the Read and Change boxes, enter the e-mail addresses of the users you want to be able to read and/or make changes to the document.
- Click the More Options button.
- To apply your settings, click OK. Once you've set permissions, a notification will appear in the information bar at the top of the document specifying that access is restricted, as shown in Figure F.
|Select the check box to restrict permission, then enter e-mail addresses of users who should be able to read and/or change the document.|
As shown in Figure E, you can select check boxes to specify additional permissions, including an expiration date for the document, permission to print content, and permission for users with read access to copy content and allow programmatic access to the document. In addition, you can provide your e-mail address so that users can request additional permissions or require a connection to verify a user's permission. You can set these permissions as the default for all documents, workbooks, forms, and presentations that have restricted permissions. You can also give different permissions to different users by clicking in the Access Level column next to a user's name and selecting Read, Change, or Full Control from the drop-down box.
|You can select more options, such as setting an expiration date or allowing users to copy or print content.|
|After permissions are applied, a notification appears in the information bar.|
Checking documents for personal information
The hidden information in documents can present a security risk. Office documents contain metadata in the document properties that can reveal details about the author, your organization, or the document itself, as well as other information that isn't visible in the content of the document. You may not want to share all this information with everyone who gets a copy of the document.
Types of hidden information
The types of hidden information that can be in an Office 2007 document include:
- Metadata. This consists of document properties, such as the author, subject, person who most recently saved a copy of the document, and date the document was created. It can also include e-mail addresses, routing slips, and file path information.
- Hidden text, rows, columns, worksheets, and invisible content. Text that is formatted as hidden text won't show up in the document, but you can view it with the Document Inspector (and so can the recipient). In Excel, rows, columns, and even entire worksheets can be hidden. Objects formatted as invisible in PowerPoint presentations and Excel workbooks won't be immediately apparent.
- Comments, tracked changes, and annotations. If you used the collaboration features in Word, revision marks from tracked changes and comments made by reviewers can be viewed.
- Headers, footers, watermarks, off-slide content, and presentation notes. In Word documents and Excel workbooks, you may have headers and footers, or watermarks in Word documents. In PowerPoint, objects that were dragged off the slide may not be visible, and the Notes section may contain information you don't want to share.
- Custom XML data. Some XML data may not be visible in the document itself. The Document Inspector can find and remove many types of hidden information. It differs depending on the Office program.
The Document Inspector can find and remove many types of hidden information. It differs depending on the Office program.
Using the Document Inspector
To find and remove hidden information in Office 2007 files with the Document Inspector, perform the following steps:
- Save the document.
- Click the Microsoft Office button, select Prepare, and then choose Inspect Document, as shown in Figure G.
|Use the Document Inspector to find and remove hidden information.|
- Select the check boxes for the types of hidden information you want to find, as shown in Figure H.
|Select the type of hidden information you want to find.|
- Click the Inspect button. The types of hidden information that were found will be displayed, as shown in Figure I.
|The Document Inspector displays the types of hidden information that were found.|
- You can select the option to remove the hidden information, if you want. Click Close after you're finished with the inspection.
Using the Trust Center
You can view and configure security and privacy settings in the Trust Center in Word, Excel, PowerPoint, and Access 2007. To access the Trust Center, perform the following steps:
- Click the Microsoft Office button.
- Click the <application name> Options button at the bottom, as shown in Figure J.
|Click the Options button at the bottom of the Office menu to access the Trust Center.|
- Click Trust Center in the left pane of the Options dialog box, as shown in Figure K.
|Select Trust Center from the left pane of the Options dialog box.|
In the Trust Center, you can view or remove trusted publishers, set trusted locations for your files, enable or disable add-ins, enable or disable ActiveX controls, enable or disable macros, configure security alerts on the Message Bar, and set privacy options.
By default, to run a macro, ActiveX control, or add-in, it must be signed by a trusted publisher. This is a developer with a valid digital signature associated with a certificate issued by a reputable certification authority. You can add developers to your trusted publishers list by selecting Trust All Documents From This Publisher when the security alert dialog box appears asking if you want to run a macro, control, or add-in.
To view the publishers you've trusted and/or to remove a publisher from the list, perform the following steps:
- Click Trusted Publishers in the left pane, as shown in Figure L. By default, no publishers are trusted.
|You can view and remove trusted publishers via the Trust Center.|
- To view a publisher's certificate, highlight its name in the right pane and click the View button.
- To remove a publisher from the list, highlight its name in the right pane and click the Remove button.
You can designate trusted locations on your local hard disk or on the network. Files in trusted locations don't have to be checked by the Trust Center before you can open them. For example, if you have a document with a macro that you know is safe, and you don't want the Trust Center to disable it, instead of changing macro security settings you can put the document in a trusted location.
Some locations are trusted by default, including the Program Files\Microsoft Office\Templates folder. Microsoft recommends that you not specify public folders on network shares as trusted locations.
To add a trusted location, perform the following steps:
- In the Trust Center, click Trusted Locations in the left pane.
- Click the Add New Location button, shown in Figure M.
|You can add trusted locations for files so they won't be checked by the Trust Center before you can open them.|
In the Microsoft Office Trusted Locations dialog box, shown in Figure N, type the path to the location you want to trust. You can also specify that subfolders be trusted.
|Type the path to the location you want to trust.|
- Click OK.
You can also remove or modify trusted locations and specify whether trusted locations on the network are allowed. If you disable all trusted locations, only files signed by trusted publishers will be allowed to run.
Add-ins include things like smart tags, XML style sheets, COM and automation add-ins, and other code that adds new functionality to the Office 2007 program. You can use the Trust Center to view, enable, and disable add-ins that have been installed.
Add-ins are categorized as:
- Active application add-ins are those that are currently running in the Office 2007 program.
- Inactive application add-ins are those that are installed but not currently running.
- Document related add-ins are template files referenced by open documents.
- Disabled application add-ins are add-ins that have been disabled because they caused the Office program to crash.
You can configure settings for add-ins to require that they be signed by a trusted publisher, to disable notification for unsigned add-ins, or to disable all application add-ins, as shown in Figure O.
|You can configure setting for add-ins via the Trust Center.|
ActiveX controls are COM objects that can access your local file system, make changes to the registry, and otherwise pose a security threat. The Trust Center checks ActiveX controls before loading them to make sure they are marked Safe for Initialization (SFI) by the developer and don't have a kill bit set in the registry.
Potentially unsafe controls are disabled by default. A notice appears in the Message Bar. You can click the Options button in the notification if you want to enable the control.
You can configure the security settings for ActiveX controls in the Trust Center. Here's how:
- Click ActiveX Settings in the left pane of the Trust Center.
- You can select from the following choices: disable all controls without notification, have Office prompt you before enabling Unsafe for Initialization (UFI) controls with additional restrictions and Safe for Initialization (SFI) controls with minimal restrictions, have Office prompt before enabling any control with minimal restrictions, or enable all controls without restrictions and with prompting (this is not recommended because it will allow potentially dangerous controls to run).
By default, you are prompted before enabling all controls with minimal restrictions, and safe mode is enabled.
Safe mode applies only to SFI controls. A control has more restrictions in safe mode; for example, the control may be able to read and write to files in unsafe mode but can only read files in safe mode.
Macros can be simple keystroke recordings or more powerful code written in Visual Basic for Applications (VBA). Macros can present a security risk because they automatically run commands on your computer. The Trust Center checks macros before running them and by default allows only those that have a valid, current digital signature associated with a certificate issued by a reputable CA and whose developer is a trusted publisher.
If the macro doesn't meet these criteria, the Message Bar appears and notifies you that the Macro has been disabled. You can click the Options button to enable it if you know that it is trustworthy.
You can configure setting settings for macros via the Trust Center. Here's how:
- Click Macro Settings in the left pane of the Trust Center.
- You can select from the following options for macros in documents that are not in a trusted location: disable all macros without notification, disable all macros with notification, disable all except digitally signed macros, or enable all macros (this is not recommended because it could allow potentially dangerous macros to run).
- You can also specify whether to trust access to the VBA project object model (for developers).
The purpose of the Message Bar is to display alerts if the document you're opening has potentially dangerous content (macros, add-ins, etc.). You can control the behavior of the Message Bar via the Trust Center. Here's how:
- Click Message Bar in the left pane of the Trust Center.
- You can specify whether to show the Message Bar in all applications when content has been blocked or to never show information about blocked content.
- You can also select an option to enable Trust Center logging, as shown in Figure P.
|You can control whether the Message Bar appears via the Trust Center.|
Finally, you can set privacy options through the Trust Center (Figure Q). These include:
- Whether to search Microsoft Office Online for Help content when you're connected to the Internet.
- Whether to automatically update featured links from Microsoft Office Online.
- Whether to periodically download a file that helps determine system problems.
- Whether to sign up for the Customer Experience Improvement program.
- Whether to check Microsoft Office documents that are from or that link to suspicious Web sites.
You can configure several other document-specific settings, including:
- Whether to warn before printing, saving, or sending a file that contains tracked changes or comments.
- Whether to store a random number to improve Combine accuracy.
- Whether to make hidden markup visible when opening or saving a file.
- Whether to remove personal information from file properties when you save a file.
You can also set Translation and Research options here.
|The Trust Center offers privacy options and access to translation and research settings.|
Microsoft Office 2007 programs have a number of built-in security and privacy features that make it easier for you to maintain confidentiality of information that needs to remain secure, while still getting the most out of the Office 2007 programs' advanced features. In this two-part series, we discussed how to use security features in Microsoft Word, Excel, PowerPoint, and Outlook 2007.
Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 additional books on subjects such as the Windows 2000 and Windows 2003 MCSE exams, CompTIA Security+ exam, and TruSecure's ICSA certification.