Configure security by using OCT or Group Policy for Office 2013

 

Applies to: Office 2013, Office 365 ProPlus

Summary: Configure Office security by using the Office Customization Tool (OCT), Administrative Templates and Group Policy, or the Trust Center.

Audience: IT Professionals

You can configure security settings for enterprise .MSI deployment by using the Office Customization Tool (OCT), and by using the Office 2013 Administrative Template files together with Group Policy. You can also configure some security settings in the Trust Center, which can be accessed through the user interface of every Office 2013 application. However, from an administration and deployment standpoint, Trust Center settings are useful only for troubleshooting installation and configuration problems on individual computers. You can't use the Trust Center to deploy or centrally manage security settings.

Roadmap arrow for guide to Office security.

This article is part of the Guide to Office 2013 security. Use the roadmap as a starting point for articles, downloads, posters, and videos that help you assess Office 2013 security.

Are you looking for security information about individual Office 2013 applications? You can find this information by searching for “2013 security” on Office.com.

In this article:

  • Office 2013 security process overview

  • Before you begin the Office 2013 security process

  • Configure security settings by using the OCT

  • Configure security settings by using Group Policy

Office 2013 security process overview

When you use the OCT to configure security settings, the settings are not permanent. The OCT establishes the initial value for the setting. After Office 2013 is installed, users can use the Trust Center to configure some, but not all, security settings. If you must enforce and prevent users from changing security settings, use Group Policy.

For information about how to manage security for Office for Mac, see Deploy Office for Mac 2011 security preferences.

Before you begin the Office 2013 security process

Before you configure security settings, review the following information about planning, permissions, and tool requirements.

Plan security settings for Office 2013

You must follow these steps in the security planning process before you configure security settings:

  • Read Overview of security in Office 2013. This article describes the new security architecture in Office 2013 and explains how the new security features work together to help provide a layered defense. We recommend that you do not change any security settings until you understand how all of the security features work.

  • Read Understand security threats and countermeasures for Office 2013. This article describes the security risks and threats that are relevant to Office 2013. This article also helps you determine which of those security risks and threats poses a risk to the business assets or processes of your organization.

Review the required permissions to configure security

The following table lists the administrative credentials that are required to configure security settings by using various deployment and administration tools.

Required security settings administrative credentials

To perform these actions… You must be a member of these groups

Run the OCT.

Administrators group on the local computer

Configure local Group Policy settings by using the Local Group Policy Editor.

Administrators group on the local computer

Configure domain-based Group Policy settings by using the Group Policy Management Console.

Domain Admins, Enterprise Admins, or Group Policy Creator Owners group

Security configuration tool prerequisites

You can use several different tools to configure security settings. Before you use these tools, make sure that you have met the following prerequisites:

The OCT is available only with volume licensed versions of Office 2013 and the 2007 Microsoft Office system. To determine whether an Office 2013 installation is a volume licensed version, check the Office 2013 installation disk to see whether it contains a folder named Admin. If the Admin folder exists, the disk is a volume license edition. If the Admin folder does not exist, the disk is a retail edition.

Configure Office 2013 security settings by using the OCT

Note

You can complete tasks in all Office 2013 suites by using a mouse, keyboard shortcuts, or touch. For information about how to use keyboard shortcuts and touch with Office products and services, see Keyboard shortcuts and Office Touch Guide.

The following procedure shows how to use the OCT to configure security settings.

To use the OCT to configure Office 2013 security settings

  1. Open a Command Prompt window and navigate to the root of the network installation point that contains the Office 2013 source files.

  2. At the command prompt, type setup.exe /admin, and then choose ENTER.

  3. In the navigation pane of the OCT, choose Office security settings.

  4. In the details pane, change the security settings that you want to configure.

Configure Office 2013 security settings by using Group Policy

The following procedure shows how to use Group Policy to configure security settings.

To use Group Policy to configure Office 2013 security settings

  1. If you want to configure local Group Policy settings, open the Local Group Policy Editor.

    To do this, at the Run command, type gpedit.msc, and then choose ENTER.

  2. Or, open the Group Policy Management Editor on a domain controller if you want to configure domain-based Group Policy settings.

    To do this, open the Group Policy Management Console snap-in, choose (right-click) the Group Policy object (GPO) that you want to configure, and then choose Edit.

  3. In the Local Group Policy Editor tree or the Group Policy Management Editor tree, find the security setting that you want to configure in one of the following locations:

    • User Configuration/Policies/Administrative Templates/Microsoft Access 2013/Application Settings/Security

    • User Configuration/Policies/Administrative Templates/Microsoft Excel 2013/Excel Options/Security

    • User Configuration/Policies/Administrative Templates/Microsoft InfoPath 2013/Security

    • User Configuration/Policies/Administrative Templates/Microsoft Office 2013/Security Settings

    • User Configuration/Policies/Administrative Templates/Microsoft OneNote 2013/OneNote Options/Security

    • User Configuration/Policies/Administrative Templates/Microsoft Outlook 2013/Security

    • User Configuration/Policies/Administrative Templates/Microsoft PowerPoint 2013/PowerPoint Options/Security

    • User Configuration/Policies/Administrative Templates/Microsoft Project 2013/Security

    • User Configuration/Policies/Administrative Templates/Microsoft Publisher 2013/Security

    • User Configuration/Policies/Administrative Templates/Microsoft Visio 2013/Visio Options/Security

    • User Configuration/Policies/Administrative Templates/Microsoft Word 2013/Word Options/Security

  4. From the list, open (double-click) the security setting that you want to configure, and then make your changes.

Tip

If you can't find the security setting that you want to configure, try searching in the previously listed locations within the Computer Configuration/Policies/Administrative Templates node.

See also

Guide to Office 2013 security
Overview of security in Office 2013