AM101638461033

Planning and architecture for the 2007 Office
release
Microsoft Corporation
Published: July 2008
Author: Office IT and Servers User Assistance (o12ITdx@microsoft.com)
Abstract
This book provides a detailed description of how Setup for the 2007 Microsoft Office system
works and helps you manage a smooth transition to the new version. Planning for a Microsoft
Office Outlook 2007 is also included in this book. The audiences for this book are IT professionals
who plan, implement, and maintain Office installations in their organizations.
The content in this book is a copy of selected content in the 2007 Office release technical library
(http://go.microsoft.com/fwlink/?LinkId=84741) as of the date above. For the most current content,
see the technical library on the Web.
2
The information contained in this document represents the current view of Microsoft Corporation
on the issues discussed as of the date of publication. Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a commitment on the part of
Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the
date of publication.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the
rights under copyright, no part of this document may be reproduced, stored in or introduced into a
retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written
permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail
addresses, logos, people, places and events depicted herein are fictitious, and no association
with any real company, organization, product, domain name, e-mail address, logo, person, place
or event is intended or should be inferred.
© 2008 Microsoft Corporation. All rights reserved.
Microsoft, Access, Active Directory, Excel, Groove, InfoPath, Internet Explorer, OneNote, Outlook,
PowerPoint, SharePoint, SQL Server, Visio, Windows, Windows Server, and Windows Vista are
either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
ii
Contents
Planning and architecture for the 2007 Office release....................................................................1
Abstract....................................................................................................................................1
Contents.........................................................................................................................................iii
I Evaluating the new Setup architecture.........................................................................................1
Setup sequence of events in the 2007 Office system.....................................................................2

Setup chain of events..................................................................................................................2
Run Setup................................................................................................................................3
Check prerequisites..................................................................................................................3
Read XML data........................................................................................................................3
Setup.xml and Package.xml..................................................................................................3
Setup customization file........................................................................................................4
Config.xml.............................................................................................................................4
Build the feature tree................................................................................................................4
Create a local installation source..............................................................................................5
Install Office..............................................................................................................................5
Apply the customization file......................................................................................................5
Apply software updates............................................................................................................6
Including more than one product on the installation point............................................................6
Running Setup interactively.........................................................................................................7
Language-neutral architecture in the 2007 Office system...............................................................7

Multiple MSI files.........................................................................................................................8
Streamlined customization model for the 2007 Office system.......................................................10

Using the Office Customization Tool..........................................................................................10
Customizing a new installation..................................................................................................10
Making changes to an existing Office installation.......................................................................11
Using the Config.xml file to customize Office.............................................................................11
Required local installation source for the 2007 Office system.......................................................13

Creating a local installation source on users' computers...........................................................13
Deploying the local installation source by itself..........................................................................14
Consolidated update process for the 2007 Office system.............................................................15

Applying Office updates during new installations.......................................................................15
Updating existing Office installations.........................................................................................15
Simplified design for multiple languages in the 2007 Office system..............................................17

New multilanguage framework..................................................................................................17
Language versions of Office...................................................................................................17
iii
Language packs for Office......................................................................................................18
Installing multiple languages of Office.......................................................................................19
Installing a default language on each user's computer...........................................................20
Specifying one or more languages to install on users' computers..........................................20
Installing language packs separately......................................................................................21
Installing Proofing Tools..........................................................................................................21
Adding languages after Office is installed...............................................................................21
II Planning for migration...............................................................................................................23
Preparing for migration to the 2007 Office system........................................................................24
Plan and prepare for migration to the 2007 Office system............................................................25
Collaborating with previous versions of Office and other programs..............................................26

Using the Microsoft Office Compatibility Pack for backward compatibility.................................26
Features that are not supported in the Microsoft Office Compatibility Pack...........................26
OMPM Office File Converter..................................................................................................26
Viewers......................................................................................................................................26
Setting default save options.......................................................................................................27
Using compatibility mode...........................................................................................................27
Compatibility checker.............................................................................................................27
Considerations for printing and viewing files..............................................................................28
Printer hardware and configuration........................................................................................28
Backward compatibility...........................................................................................................28
Compatibility with other programs..............................................................................................29
FAQ: File format............................................................................................................................30

What is the new file format?......................................................................................................30
Why is there a new file format?.................................................................................................30
How are users being prepared for the new file format?.............................................................30
How can users collaborate on files when they use different versions of Office?........................31
Can previous versions of Office recognize the new file format?................................................31
How can I tell whether a file is from the 2007 Office release or from a previous version of
Office?....................................................................................................................................31
File sizes have increased with each new version of Office. Will this happen again with the 2007
Office system?........................................................................................................................32
Review migration issues for the 2007 Office system.....................................................................33
Determining the best migration strategy........................................................................................34

Single rollout..............................................................................................................................34
Phased rollout............................................................................................................................35
As-needed rollout.......................................................................................................................36
Assessing your environment with the Office Migration Planning Manager....................................37
Introduction to OMPM...................................................................................................................38
iv
OMPM contents.........................................................................................................................38
Installing OMPM........................................................................................................................39
OMPM requirements..................................................................................................................39
Client system requirements....................................................................................................39
Administrator system requirements........................................................................................40
How the OMPM File Scanner works..........................................................................................41
Log and CAB files generated by the OMPM File Scanner.........................................................42
Files scanned by the OMPM File Scanner.................................................................................43
Install and configure OMPM File Scanner.....................................................................................45

Offscan.ini settings....................................................................................................................45
Distribute OMPM File Scanner......................................................................................................53

Files to Distribute.......................................................................................................................53
Distributing the OMPM File Scanner with SMS......................................................................53
Other ways to distribute the OMPM File Scanner......................................................................53
Collecting OMPM File Scanner log files.....................................................................................54
Prepare a SQL database for OMPM.............................................................................................55
Import OMPM log files into the database......................................................................................56

Fixing import failures..................................................................................................................57
Analyze reports from OMPM.........................................................................................................59

Starting OMPM Reports.............................................................................................................59
Review Scan Coverage and Errors............................................................................................59
Review Office 2007 Compatibility..............................................................................................60
Review Access Compatibility.....................................................................................................61
Migration considerations by application........................................................................................63
Migration considerations for Access 2007.....................................................................................64

Migration considerations for Access 2000, Access 2002, and Access 2003..............................64
Features available only in the new file format in Office Access 2007.....................................64
Features available only in MDB file format.............................................................................65
Features no longer available in Office Access 2007...............................................................65
Migration considerations for Access 97 and earlier....................................................................66
Enabling a database...............................................................................................................66
Converting a database...........................................................................................................66
MDE file limitations.................................................................................................................66
Access 2007 in mixed environments.........................................................................................66
Handling VBA references.......................................................................................................68
Access 2007 and SQL Server................................................................................................69
Linking to SQL Server.........................................................................................................69
Access Data Projects (ADPs).............................................................................................69
Access 2003 Conversion Toolkit.............................................................................................70
v
Migration considerations for Excel 2007.......................................................................................71
Changes in Office Excel 2007....................................................................................................71
New file formats..................................................................................................................71
Larger grid size...................................................................................................................72
New user interface..............................................................................................................72
Opening Excel 97–2003 workbooks in Office Excel 2007..........................................................72
Compatibility Tools.................................................................................................................73
Compatibility Mode.............................................................................................................73
Compatibility Checker.........................................................................................................73
Format changes.....................................................................................................................74
New and renamed file names and file name extensions.....................................................74
Support is removed for some file formats............................................................................74
HTML file format for publishing only....................................................................................75
Microsoft Script Editor.........................................................................................................75
Visualization and design.........................................................................................................75
AutoFormat.........................................................................................................................75
Charting..............................................................................................................................76
Shapes................................................................................................................................77
Lists and PivotTables..............................................................................................................77
AutoFilter.............................................................................................................................78
AutoFilterMode property.....................................................................................................78
Lists are now called tables..................................................................................................78
Adding new records to a table.............................................................................................78
Table name.........................................................................................................................78
Office SharePoint Server 2007 lists and write-back............................................................79
PivotTables..........................................................................................................................79
Tracking customizations......................................................................................................81
References and names..............................................................................................................81
Full row or column references.............................................................................................81
Names and column header labels.......................................................................................82
Opening Office Excel 2007 workbooks in earlier versions of Office Excel.................................82
Conditional formatting............................................................................................................82
Formatting is retained.............................................................................................................83
Designing formats for use in multiple versions.......................................................................83
Incompatible grid size.............................................................................................................84
Incompatible tables and lists..................................................................................................84
External data queries.............................................................................................................85
New security features................................................................................................................85
Trust Center and the Message Bar.........................................................................................85
Trusted Locations...................................................................................................................86
Empty macros........................................................................................................................86
Change in security levels.......................................................................................................86
Programmability issues..........................................................................................................86
Interaction between Office Excel 2007 and Internet Explorer.................................................87
vi
Migration considerations for Word 2007........................................................................................88
Migrating files to the new file format..........................................................................................88
Migrating AutoText entries.........................................................................................................88
Migrating customizations...........................................................................................................89
Migrating Add-ins.......................................................................................................................90
Migrating AutoCorrect entries....................................................................................................90
Migrating the data key...............................................................................................................90
III Planning for Outlook 2007........................................................................................................91
Planning for installing and upgrading Outlook 2007 (Office Resource Kit)....................................92
Outlook 2007 deployment overview..............................................................................................93

Determining your organization's needs......................................................................................93
Upgrade or initial installation..................................................................................................93
Migrating data.........................................................................................................................93
Remote and roaming users....................................................................................................93
Multilingual requirements.......................................................................................................94
Client and messaging server platforms..................................................................................94
Choosing when and how to install Outlook................................................................................94
Customizing Outlook settings and profiles.............................................................................95
Configuring subscriptions and other sharing features............................................................95
Using Outlook with Terminal Services....................................................................................95
Collaboration Data Objects dependencies.............................................................................96
Security and privacy considerations..........................................................................................96
The new Trust Center for Office.............................................................................................96
Limiting viruses and junk e-mail messages for your users.....................................................96
Configuring cryptographic features.........................................................................................97
Restricting permission on e-mail messages...........................................................................97
Outlook 2007 and e-mail protocols and servers........................................................................97
Determine when to install Outlook 2007........................................................................................99

Installing Outlook with Office......................................................................................................99
Installing Outlook before Office..................................................................................................99
Advantages of installing Outlook before Office.....................................................................100
Disadvantages of installing Outlook before Office................................................................100
Installing Outlook after Office...................................................................................................100
Advantages of installing Outlook after Office........................................................................100
Disadvantages of installing Outlook after Office...................................................................101
Staging an Outlook deployment...............................................................................................101
Advantages of staging a deployment...................................................................................101
Disadvantages of staging a deployment...............................................................................101
Install Outlook 2007 by using the Office Customization Tool.......................................................102

Customizing Outlook by using the Office Customization Tool..................................................102
Specifying installation states for Outlook features...................................................................102
vii
Specifying Outlook user settings.............................................................................................102
Customizing Outlook profiles...................................................................................................103
Configure Outlook Send/Receive settings...............................................................................103
Plan an upgrade to Outlook 2007...............................................................................................104

Issues to consider when planning an upgrade.........................................................................104
Upgrading from an earlier version of Outlook..........................................................................105
Configuring user profiles in Office Outlook 2007..................................................................105
Upgrading with Cached Exchange Mode enabled................................................................106
Upgrading from Outlook 2000 IMO.......................................................................................106
Address book might need to be imported manually..........................................................106
Rules might not work properly...........................................................................................107
Error for unsupported fax software might not appear........................................................107
Choosing fax support in Office Outlook 2007.......................................................................107
Supporting forms in Office Outlook 2007..............................................................................108
Upgrading from other mail and scheduling programs..............................................................108
How Outlook 2007 works with different Exchange Server versions............................................109

Features supported with Exchange Server 2007 and Exchange Server 2003.........................109
Features supported only with Exchange Server 2003 or later..................................................111
Enhancements that work better with Exchange Server 2003 or later.......................................111
Additional resources................................................................................................................113
Plan a Cached Exchange Mode deployment in Outlook 2007....................................................114

How Cached Exchange Mode can help improve the Outlook user experience........................114
Outlook features that can reduce the effectiveness of Cached Exchange Mode..................115
Synchronization, disk space, and performance considerations............................................117
Send/Receive synchronization considerations..................................................................117
Offline Address Book considerations.................................................................................117
Offline File Folders (OSTs) considerations........................................................................118
Managing performance issues..........................................................................................118
Managing Outlook folder sharing......................................................................................119
Public Folder Favorites considerations..............................................................................119
Managing Outlook behavior for perceived slow connections................................................119
Options for staging a Cached Exchange Mode deployment.................................................120
Upgrading current Cached Exchange Mode users to Office Outlook 2007..........................122
Deploying Cached Exchange Mode to users who already have OST files...........................123
Using Group Policy to enforce Cached Exchange Mode settings........................................123
Additional resources.............................................................................................................123
Plan Outlook 2007 Offline Address Book deployment.................................................................125
Considerations when installing Outlook 2007 in a Terminal Services environment.....................126

Outlook features that are disabled with Terminal Services......................................................126
Enabling remote sound............................................................................................................127
Unlocking registry settings.......................................................................................................127
viii
Planning for security and protection in Outlook 2007 (Office Resource Kit)................................128
Use Outlook 2007 to help protect messages..............................................................................129
Plan for e-mail messaging cryptography.....................................................................................130

Cryptographic messaging features in Outlook.........................................................................130
How Outlook implements cryptographic messaging.............................................................130
Digital IDs: A combination of public/private keys and certificates.........................................131
Security labels and signed receipts.........................................................................................131
Classes of encryption strengths...............................................................................................132
Additional resources................................................................................................................132
How users manage cryptographic digital IDs in Outlook 2007....................................................133

Places to store digital IDs........................................................................................................133
Microsoft Exchange Global Address Book...........................................................................133
Internet directory service (LDAP).........................................................................................134
Windows file.........................................................................................................................134
Providing digital IDs to others..................................................................................................134
Provide a certificate in a digitally signed e-mail message....................................................134
Obtain a certificate from a directory service.........................................................................134
Importing digital IDs.................................................................................................................134
Renewing keys and certificates...............................................................................................135
Plan for configuring security settings in Outlook 2007................................................................136

Specifying how security settings are enforced in Outlook........................................................136
Choosing between the Exchange Server security form and Group Policy security settings....136
Scenario for using the security form.....................................................................................136
Scenarios for using Group Policy security settings...............................................................137
Scenarios for using security form or Group Policy security settings.....................................137
Caveats to consider when customizing security settings.........................................................137
Customizing options for junk e-mail and ActiveX controls........................................................137
Updated Object Model Guard..................................................................................................138
How administrator and user security settings interact in Outlook 2007.......................................139
Plan for Outlook 2007 security in special environments..............................................................140

Users with a hosted Exchange Server environment................................................................140
Users with administrative rights...............................................................................................140
Users with an Outlook Web Access environment....................................................................141
Plan for limiting junk e-mail in Outlook 2007...............................................................................142

Overview: the Outlook Junk E-mail Filter.................................................................................142
Supported account types.........................................................................................................143
Support in different versions of Exchange Server....................................................................143
Upgrading from a previous installation of Outlook before Outlook 2003..................................144
Configuring the Junk E-mail Filter user interface.....................................................................144
Providing default Junk E-mail Filter lists..................................................................................144
ix
IV Planning for Group Policy for the 2007 Office system...........................................................146
Group Policy overview (2007 Office)...........................................................................................147

Local and Active Directory-based Group Policy.......................................................................147
Multiple local GPOs: changes in Windows Vista and Windows Server 2008....................148
Group Policy processing..........................................................................................................149
Policy inheritance..............................................................................................................150
Group Policy application..........................................................................................................150
Synchronous and asynchronous processing.....................................................................150
Fast Logon Optimization feature.......................................................................................150
Slow links processing........................................................................................................151
Group Policy refresh interval.............................................................................................152
Targeting the application of Group Policy Objects................................................................152
Changing the GPO processing order................................................................................153
Security filtering................................................................................................................153
Windows Management Instrumentation filtering...............................................................154
Loopback processing........................................................................................................154
Administrative Templates extension.........................................................................................155
Administrative Template files.............................................................................................155
Administrative Template files for the 2007 Office System.................................................155
Administrative Template Files: Changes in Windows Vista and Windows Server 2008........157
ADMX and ADML file storage in Windows Vista...............................................................157
User preferences and true policies..........................................................................................158
Group Policy Management tools..............................................................................................159
Group Policy Management Console.....................................................................................159
Group Policy Object Editor...................................................................................................160
Office Customization Tool and Group Policy............................................................................161
x
I Evaluating the new Setup architecture
In this section:
Setup sequence of events in the 2007 Office system
Language-neutral architecture in the 2007 Office system
Streamlined customization model for the 2007 Office system
Required local installation source for the 2007 Office system
Consolidated update process for the 2007 Office system
Simplified design for multiple languages in the 2007 Office system
1
Setup sequence of events in the 2007 Office
system
Unlike previous versions, the 2007 Microsoft Office system is not installed as a single Windows
Installer package (MSI file). Instead, a language-neutral core package is combined with one or
more language-specific packages to make a complete product. Setup assembles the individual
packages and orchestrates a seamless installation. Setup also handles customization and
maintenance tasks during and after Office is installed on users' computers.
Typically, the first step in a corporate installation of Office is to create a network installation point
—a task as simple as copying all the files and folders from the Office product CD to a shared
network location. At a minimum, the network installation point contains the language-neutral core
package plus language-specific folders for one language. This installation point serves as the
initial source for all users who install Office.
In the simplest scenario, you deploy an Office product from the network installation point with one
language version and a single set of customizations for all users. Setup handles this scenario
automatically. If you deploy multiple products or languages, you can add them to the same
network installation point and specify exactly which products and languages to include in the
installation. In all of these scenarios, Setup performs the same tasks to assemble the correct set
of MSI files and to complete the installation.
Note
Unlike previous versions of Microsoft Office products, the 2007 Office system does not
allow you to create an administrative installation point by running Setup with the /a
command-line option to extract compressed source files. Instead, all installations occur
from the compressed source.
Setup chain of events

The basic Setup chain of events occurs in the same sequence in every deployment scenario, as
shown in the following list:
1. Run Setup
2. Check prerequisites
3. Read XML data
4. Build the feature tree
5. Create a local installation source on the user's computer
6. Install Office
7. Apply the customization file
8. Apply software updates
2
Run Setup
Setup.exe is the program that initiates all the mechanisms of the installation process; it is located
at the root of the network installation point. You run Setup once for each Office product you install.
When it runs, Setup searches the network installation point for an Office product to install. If the
installation point contains more than one Office product, Setup presents the user with a choice of
products to install.
You can circumvent the selection process and determine which Office product is installed by
pointing Setup.exe to the Config.xml file in a core product folder. For example, if you want to
install Microsoft Office Standard 2007, you can use the following command line:
\\server\share\Office12\setup.exe /config \\server\share\Office12\Standard.WW\Config.xml
where Office12 is the root of the network installation point.
In previous versions of Office, Setup.exe called Windows Installer (Msiexec.exe) to perform the
installation of Office. Although Setup still uses Windows Installer, Setup bypasses the Windows
Installer executable program. The Msiexec.exe command line cannot be used to install the 2007
Office system.
Note
This version of Setup.exe recognizes only a few command-line options. For more
information, see Setup command-line options for the 2007 Office system.
Check prerequisites
When Setup starts, it checks for a number of installation prerequisites, including minimum
operating system requirements and administrative rights. A user must be an administrator of the
client computer in order to install Office, or you must use a tool such as Microsoft Systems
Management Server to run the installation with elevated privileges.
For more information about giving users administrative rights for an Office installation, see Deploy
the 2007 Office system to users who are not administrators.
Read XML data

Setup gathers information about each package on the installation point, collects default settings
for the installation, and incorporates customizations you specify. Setup gathers all this information
in the form of XML data from several sources:
• Setup.xml and Package.xml files for each package
• Setup customization file
• Config.xml file
Setup.xml and Package.xml

Each folder on the installation point—both the folder for the language-neutral core package and
the folder for each language-specific package—contains a Setup.xml and a Package.xml file (for
example, StandardWW.xml for Office Standard 2007). Information in these files allows Setup to
do the following:
3
• Identify a product and the available languages for that product.
• Match language-neutral and language-specific elements to create complete features.
• Build a consolidated feature tree.
• Collect the set of MSI files required for the installation.
Note
The Setup.xml and Package.xml files are signed and cannot be modified. Altering these
files causes Setup to fail.
Setup customization file

Early in the installation process, Setup determines whether you have specified a Setup
customization file (MSP file) for the product that is being installed. The customization file contains
all the modifications for an installation, including customizations that control the installation
process.
If no customization file is specified on the command line or in the Config.xml file, Setup searches
the Updates folder on the installation point for a customization file specific to the product that is
being installed. The Updates folder is included by default on the installation point; in most cases,
it is the recommended location in which to store both customization files and software updates for
all the Office products included on the installation point.
Setup uses XML data appended to the customization file to determine how to install the product—
for example, whether to run quietly or which features to display in the feature tree. Settings in a
customization file overwrite default settings contained in the Setup.xml and Package.xml files.
For more information about Setup customization files, see Streamlined customization model for
the 2007 Office system.
Config.xml
Each core product folder contains a Config.xml file that directs Setup to install that product. You
can edit Config.xml to customize the installation process. For example, you can use elements in
Config.xml to specify which products or languages to include in the installation. Settings in
Config.xml take precedence over settings in a customization file and default settings contained in
the Setup.xml and Package.xml files.
For more information about how and when to edit Config.xml, see Config.xml file in the 2007
Office system.
Build the feature tree

Setup uses the information contained in the XML files to create a single feature tree that includes
all the available applications and features in the product. You view the feature tree and specify
which applications and features to install on users' computers by using the Office Customization
Tool. If you allow users to run Setup interactively, they view the feature tree with your
modifications in the Setup user interface.
For more information about specifying which Office features to install, see Configure feature
installation states of the 2007 Office system.
4
Create a local installation source
Setup calls a program named Office Source Engine (Ose.exe) to create a required local
installation source on the user's computer. To create the local installation source, Setup copies
files from the installation point to a hidden location on the user's computer. The default location
is \MSOCache\All Users at the root of the drive on which Office is installed. Later, Setup uses
Windows Installer to install Office from this local installation source.
The local installation source provides several important benefits:
• After Office is installed, Setup can repair, reinstall, or add Office features by using the
local source.
• Users who are applying software updates are less likely to be prompted for a network or
CD source because an installation source is available locally.
• You can deploy the local installation source in advance and trigger the installation of
Office on users' computers later to reduce the load on the network. In this scenario, you can
even run Setup from the local installation source, allowing users to complete the Office
installation with no network connection.
For more information about the local installation source, see Required local installation source for
Install Office
When the installation begins, Setup checks for required disk space and feature dependencies,
and then calls Windows Installer to install the correct set of packages (MSI files) on the user's
computer from the local installation source. Setup uses the XML data described previously to
determine which set of MSI files to include. The progress bar that Setup displays to users during
the installation takes the entire installation process into account, including applying
customizations and software updates from the Updates folder.
Note
Although Setup uses Windows Installer to install Office, Windows Installer alone cannot
install the individual MSI files independent of Setup.
Apply the customization file

During the installation process, Setup applies the customization file to the user's configuration.
The result is similar to the effect of applying a Windows Installer transform (MST file) in previous
versions of Office: your customizations become the default configuration for users. In addition to
the XML data that customizes the installation process, the customization file may include default
user settings, feature installation states, Microsoft Outlook profiles, and other modifications to the
user's configuration.
Customization files are product-specific; Setup applies only those files that are relevant to the
product being installed. However, if you store more than one customization file for the same
product in the Updates folder, Setup applies all of the files to the user's configuration in
alphabetical order.
5
If you create different configurations for different groups of users, Microsoft recommends that you
store the customization files in another location and then use the /adminfile option on the Setup
command line to specify the file you want. For example:
\\server\share\Office12\setup.exe /adminfile
\\server\share\Office12\MyUpdates\Engineering.msp
Note
When you precache the local installation source, Setup copies the Updates folder from
the network installation point to the local installation source. In this way, your
customizations can be included in offline installation scenarios. This is the only
circumstance in which Setup caches the customization file on the local computer before
the installation. For more information, see Precache the local installation source for the
2007 Office system.
Apply software updates

At the end of the installation process, Setup checks the Updates folder on the installation point for
software updates (MSP files). Unlike Setup customization files that you create by using the Office
Customization Tool, software updates are distributed by Microsoft to enhance the product.
If you are deploying Office to users who also need a set of software updates, Setup can apply the
updates as part of the initial installation process. Costing (estimated required disk space) and
progress bar indicators all take this step of the installation process into account. From a user's
perspective, the entire process is a single event. This model preserves the original installation
point and still allows you to give new users the most up-to-date version of the product.
Note
You cannot use the Updates folder to deploy product updates after the initial installation
of Office.
For more information about the software update process, see Consolidated update process for
Including more than one product on the

installation point
If the network installation point contains more than one 2007 Office system product, Setup
searches all folders and subfolders for Config.xml and Setup.xml files and then prompts the user
to select a product to install.
If you are installing more than one Office product, it is more efficient to store all the products on
the same installation point and then customize Setup to install a specific Office product on users'
computers.
Note
When you copy multiple Office products to the same installation point, you might be
prompted to overwrite shared Setup files. Because these files are duplicated among all
6
2007 Office system products, you do not need to recopy any of the duplicate folders. This
efficient design saves space and ensures consistency when you create and replicate
network installation points.
For more information, see Sequentially install multiple products of the 2007 Office system.
Running Setup interactively

You can choose to run the installation quietly, so that users see little or none of the process;
however, if you allow users to view the Setup user interface, the choices you make affect several
aspects of Setup behavior. For example:
• If more than one Office product is available on the installation point and a user runs
Setup.exe with no command-line options, then Setup presents the user with a choice of
products to install.
• If more than one language is available on the installation point, Setup matches the
language of Office to the Windows user locale on the user's computer by default. However, if
a user chooses the Customize installation option, the Languages tab in the Setup interface
presents the user with a choice of all available languages on the network installation point.
• If you enter a product key and accept the Microsoft Customer License Terms in the
customization file or Config.xml, those Setup screens are not displayed to the user during
Setup.
• If you use a customization file to hide and lock certain features, those features are not
displayed in the feature tree.
To find out more about customizing display settings, see Customize Setup before installing the
2007 Office system.
See Also
• Language-neutral architecture in the 2007 Office system
Language-neutral architecture in the 2007

Office system
If your job is to deploy the 2007 Microsoft Office system in an organization, you probably have
one or more of the following requirements:
• Manage the deployment process so that Office installs in the most efficient way for your
environment.
• Customize Office so that users get the optimal configuration on their computers.
• Give users who are located in offices around the world the language-specific features
they need to do their jobs.
• Deploy Office in a way that makes future maintenance, including software updates, as
efficient as possible.
7
The Setup architecture in the 2007 Office system has been designed to streamline all of these
aspects of the process of installing and maintaining Office. The new Setup program unifies and
manages the entire installation process, including customizing users’ Office configuration,
deploying multiple languages at once, and applying software updates to new installations.
Multiple MSI files

An MSI file, or Windows Installer package, is a relational database that Windows Installer uses to
install a product. In past versions, a single Office product such as Microsoft Office Standard was
contained in a single MSI file. By contrast, all 2007 Office system products consist of multiple MSI
files, and no single MSI file represents a complete product.
In the new design, all language-neutral elements are bundled into one core package, and all
language-specific elements are grouped into separate packages. This arrangement of files makes
international deployments much simpler. The most basic installation of an Office product consists
of the core package plus one language. Adding more languages is as simple as copying
additional Single Language Packs (SLPs) to the network installation point—they all work with the
core product in exactly the same way.
For example, an installation point for Microsoft Office Standard 2007 with both U.S. English and
French language elements includes the following files and folders:
Office 2007 network installation point
• Setup.exe—Setup program
• Standard.WW folder—Language-neutral core product
• Office.en-us folder—U.S. English shared features
• Excel.en-us folder—U.S. English Excel features
• Outlook.en-us folder—U.S. English Outlook features
• PowerPoint.en-us folder—U.S. English PowerPoint features
• Word.en-us folder—U.S. English Word features
• Office.fr-fr folder—French shared features
• Excel.fr-fr folder—French Excel features
• Outlook.fr-fr folder—French Outlook features
• PowerPoint.fr-fr folder—French PowerPoint features
• Word.fr-fr folder—French Word features
Each folder contains a parallel set of installation files:
• Setup.exe
• Standard.WW folder
• StandardWW.msi—Windows Installer package
• StandardWW.cab—Compressed cabinet file
• StandardWW.xml—XML data read by Setup.exe
• Setup.xml—XML data read by Setup.exe
8
• Config.xml—XML data read by Setup.exe
• Word.en-us folder
• WordMUI.msi—Windows Installer package
• WordLR.cab—Compressed cabinet file
• WordMUI.xml—XML data read by Setup.exe
• Word.fr-fr folder
• WordMUI.msi—Windows Installer package
• WordLR.cab—Compressed cabinet file
• WordMUI.xml—XML data read by Setup.exe
The Office Standard 2007 product is spread out among the files in these folders. For example,
elements that are not specific to any language, such as Winword.exe (the executable file for
Microsoft Office Word 2007), reside in the core Standard.WW package. Other elements, such as
Help and the user interface for Office Word 2007, reside in the appropriate language-specific
package for Word or for shared Office features.
Both language-neutral and language-specific elements are needed to make a functionally
complete feature. Winword.exe by itself does not represent a Word application that anyone can
use. Similarly, the core Office Standard 2007 MSI file in the Standard.WW folder does not
represent a complete Office product.
Setup assembles all these parts into a whole product. The Package.xml and Setup.xml files in
each folder contain information that Setup uses to assemble complete features, build a
consolidated feature tree, and collect the correct set of MSI files for the installation. After
collecting the XML data and assembling the required MSI files, Setup uses Windows Installer to
install Office on the user’s computer. From a user’s perspective, this process happens
automatically and seamlessly.
You cannot deploy an individual application in the 2007 Office system by detaching the language-
specific folder that contains the individual MSI file, such as the Word.en-us or Word.fr-fr folder.
You can, however, determine which applications and features are installed on users’ computers
by customizing the installation.
Note
None of the MSI files on an Office installation point can be installed independently by
using Windows Installer or any other method. Nor can the digitally-signed XML files
(Setup.xml and Package.xml) be edited or altered. In the 2007 Office system, Setup is
required to collect the files and installation information and to orchestrate the installation
process.
See Also
• Setup sequence of events in the 2007 Office system
• Streamlined customization model for the 2007 Office system
9
Streamlined customization model for the
2007 Office system
In previous versions of Microsoft Office, several tools were required to customize Setup and to
manage Office after installation. However, the 2007 Microsoft Office system provides a
consistent, streamlined model. Using just Setup, you can install, customize, and manage
Office — no additional tools are needed.
Using the Office Customization Tool

You customize an Office installation by using the Office Customization Tool (OCT), a component
of Setup. Start the OCT by running Setup with the /admin command-line option. Using the OCT,
create a Setup customization file, which you place in the Updates folder in the network
installation point.
A Setup customization file is an expanded form of a Windows Installer MSP file. Each file is
configured for a specific product, such as Microsoft Office Professional 2007 or Microsoft Office
OneNote 2007. When you run Setup to install an Office product, Setup looks in the Updates
folder for a customization file that corresponds to the product you are installing. As Setup installs
the product, it applies the customizations from this file.
You can create more than one Setup customization file to configure Office for different groups of
users. When you run Setup, you specify the appropriate customization file to use for each
installation by using the Setup command-line option /adminfile, or by using Config.xml (see
"Using the Config.xml file to customize Office" later in this topic).
For more information, see Create different configurations of the 2007 Office system for different
groups of users.
For complete details on how to use the OCT to create a Setup customization file, see Office
Customization Tool in the 2007 Office system.
Customizing a new installation

Using a Setup customization file that you create with the OCT, you can modify the way Setup
installs Office on a user's computer the first time. For example, the OCT allows you to customize
Office in the following ways:
• Direct Setup to run without user interaction (quietly).
• Predefine the product key and accept the Microsoft Software License Terms on behalf of
the user.
• Specify where to install Office files on the user's computer.
• Choose whether to remove previous versions of Office before installing the 2007 Office
system.
• Determine which Office features are installed.
10
• Specify the default values for a large number of user options, including Microsoft Outlook
settings.
For information about how to customize Setup in this way, see Customize Setup before installing
the Office 2007 system.
Making changes to an existing Office installation

If you need to make changes to an existing Office installation, use the same tool you used to
customize the original installation: Run the OCT to update a Setup customization file or to create
a new one. Then apply the customization file to the user's computer just as you would a software
update, and the user's existing Office installation is updated with your customizations. This means
that the customizations available when you install Office are also available when you modify
Office after installation.
Note
There are some customizations that Setup applies only when you are installing Office for
the first time. These include specifying where to install Office on the user's computer,
defining the product key, and removing previous versions of Office applications. The OCT
identifies which customizations apply only to a new installation.
For more information about updating an existing Office installation, see Change users'
configurations after installing the 2007 Office system.
Using the Config.xml file to customize Office

You can use the Config.xml file to make changes to your Office installation. You can customize
most of the same options that you can with the Office Customization Tool, including a few
additional ones not available in the OCT.
Using the Config.xml file is the recommended method for performing the following installation
tasks:
• Instructing Setup to copy the local installation source to the user's computer without
installing Office.
• Specifying the path to the network installation point.
• Selecting which product or language to install.
• Changing where Setup looks for Setup customization files and updates.
• Making last-minute or one-off customizations that do not warrant running the OCT to
create a new customization file.
If you put the Config.xml file in the same folder as Setup.exe, Setup finds and uses the file. You
can also specify the location of the file by using the /config Setup command-line option.
Note
If you specify both a Setup customization file and the Config.xml file, the customizations
you define in Config.xml take precedence over the same customizations in the
customization file.
11
For a complete description of the contents and format of the Config.xml file, see Config.xml file in
See Also
• Office Customization Tool in the 2007 Office system
• Config.xml file in the 2007 Office system
12
Required local installation source for the
2007 Office system
In the 2007 Microsoft Office system, Setup creates a local installation source on the user's
computer as part of the default installation process. Setup installs all 2007 Office system products
in a two-step process: first, Setup copies compressed installation source files to the user's
computer; second, Setup calls Windows Installer to perform the actual installation from the local
installation source. After the installation is complete, the local installation source remains
available for any Setup operations that require access to an original source. Minimum disk space
requirements include the local installation source.
Note
In Microsoft Office 2003, large organizations typically installed the product from an
administrative installation point; installing from a local installation source was optional. In
the 2007 Office system, however, the administrative installation option no longer exists,
and the local installation source is a required part of the design.
The local installation source makes the process of distributing software updates more efficient
and reliable. Neither the network installation point nor the user's local installation source is ever
updated directly. Users' installations remain synchronized when they apply the client version of
software updates.
Additional benefits of having a complete installation source always available on the local
computer include the following:
• You can deploy the local installation source to users before they install Office. This
minimizes the impact on the network and ensures that all users install the product and begin
using 2007 Office system applications at exactly the same time.
• Users can perform maintenance tasks, such as applying software updates, without being
prompted for their Office CD or a network source.
• Traveling users, or users with slow or intermittent network connections, can run Setup
without access to the network if they have a local installation source installed in advance.
These benefits come at minimal cost. Although the local installation source does use some hard
disk space, creating the local installation source and installing Office takes approximately the
same amount of time as installing Office by itself.
Creating a local installation source on users'

computers
When users install Office from the CD or from a network installation point, Setup creates the local
installation source by using a program called the Office Source Engine (Ose.exe) to copy
required installation files to a hidden folder on the local computer. The default location is
\MSOCache\All Users at the root of the drive on which Office is installed.
13
Each package that comprises an Office product—both the language-neutral core package and
one or more language-specific packages—has a separate download code and is cached in the
subfolder under MSOCache\All Users. Setup always caches a complete local installation source,
which includes all the files associated with the product that is being installed. If the installation
point includes multiple languages, Setup caches only the packages for the languages that are
installed on the user's computer.
When additional Office products are installed on the user's computer, those products are cached
in the same local installation source.
Note
If a user installs a second Office product on a different drive, Setup creates a second
local installation source at the root of that drive. In this scenario, shared files may be
duplicated between the two local installation sources; however, this design ensures that
each local installation source is complete and functions correctly.
Users cannot inadvertently delete the local installation source or remove it by using the Setup
user interface or the Windows Disk Cleanup Wizard. If the MSOCache folder is deleted or
corrupted, Setup automatically re-creates or repairs the folder the next time a source is required.
If users do not have sufficient disk space, they are prompted to free some space. You can rely on
the fact that every user has access to a source when you distribute new updates or
customizations.
Note
Once the local installation source is created, its location on the user's computer is fixed.
Unless the user specifies a different drive, additional Office products installed later are
always added to the existing MSOCache\All Users folder.
Deploying the local installation source by itself

Because Setup performs the installation of Office from the local installation source, you can
minimize the demand on the network by deploying the installation source ahead of time. For
example, using your usual method for running Setup on users' computers, you can distribute the
local installation source to one group of users at a time. Once all users have a precached source,
you can have everyone run Setup to install Office at the same time. In this scenario, most of the
installation activity takes place on the local computer instead of over the network.
For more information, see Precache the local installation source for the 2007 Office system.
You can also run Setup directly from the local installation source on the local computer. Running
Setup locally means that no activity, including loading Setup files and reading metadata, takes
place over the network. In this scenario, you must identify the subfolder in MSOCache\All Users
that contains the core product that you want to install. Each core product subfolder contains a
copy of the Setup program, and running Setup from a specific folder installs that product. This
method allows users to install Office without relying on a network connection.
For more information, see Run Setup from the local installation source to install the 2007 Office
system.
14
Consolidated update process for the 2007
Office system
In previous versions of Microsoft Office, you made a number of choices to ensure that client
computers received the latest Office software updates and that client computers did not become
out of sync with the administrative installation point. You might have configured Setup to chain
software updates with new installations of Office, or you might have applied updates to the
administrative installation point and reinstalled Office on all your client computers.
The new architecture of the 2007 Microsoft Office system makes this process much simpler. In
the 2007 Office system, you create a network installation point that you never have to update.
Instead, a simple copy operation makes software updates available for new installations. You
update existing installations independent of the network installation point so you do not have to
worry about keeping client computers synchronized with the installation source.
Applying Office updates during new installations

When you obtain Office software updates from Microsoft, copy the updates into the Updates
folder in the root of your network installation point. The existing files in the network installation
point remain the same as when you first copied them from the Office CD.
Note
You can use the Updates folder to incorporate the installation of updates with an initial
installation of the 2007 Office system products. Only Windows Installer update files
contained in this folder are installed with the initial installation, so you must extract the
updates from Microsoft Self-Extractor packages. You can also install customization
updates by using this method. For detailed information, see Deploying software updates
with an initial 2007 Office system installation.
When you run Setup to install Office on a client computer, Setup looks in the Updates folder for
software updates and incorporates the updates automatically as it installs Office. If there are
multiple updates in the folder, Setup applies only those updates that are targeted at the Office
product being installed. Setup also applies the updates in the correct sequential order. The result
is that the user receives the latest updates with the new installation of Office.
Tip
To direct Setup to look for software updates in a folder other than Updates, use the
SetupUpdates element in the Config.xml file. For more information, see SetupUpdates in
Config.xml file in the 2007 Office system.
Updating existing Office installations

Once Office is installed, you apply software updates directly to the client computer without
returning to the network installation point. You do this through a deployment management
program such as Microsoft Systems Management Server, by using Microsoft Windows Server
Update Services, or by updating computers directly from the Internet using Microsoft Update. For
15
information about deploying software updates after an initial installation of the 2007 Office release
by using Microsoft Self-Extractor files, see Deploying all Microsoft Self-Extractor packages in a
folder. For details on keeping existing Office installations up to date, see Distribute product
updates for the 2007 Office system.
Note
After Office is installed on a client computer, reinstalling Office reapplies only those
software updates that were applied with the original installation. If you copied new
software updates in the Updates folder, they are not applied during the reinstallation.
See Also
• Language-neutral architecture in the 2007 Office system
• Distribute product updates for the 2007 Office system
16
Simplified design for multiple languages in
the 2007 Office system
In an international environment, corporate language requirements are often complex. For
example, offices around the world might need to use Office in multiple languages, or one user
might need to work with more than one language. The 2007 Microsoft Office system
accommodates these multilanguage scenarios efficiently and consistently.
New multilanguage framework

In the 2007 Office system, all language-neutral elements are grouped in one core package (MSI
file). Language-specific elements are organized in separate packages by application. An Office
product, such as Microsoft Office Standard 2007 or Microsoft Office Outlook 2007, consists of the
core package plus one or more language-specific packages.
All language versions of Office, including the English language version, are deployed in exactly
the same way. Setup combines the language-neutral core package with the language-specific
packages in a seamless installation process.
Language versions of Office

You cannot deploy the core package (MSI file) by itself. Every Office product must include at least
one set of language-specific packages. On the Office product CD and the network installation
point, these packages are contained in folders. Each folder name includes a language tag, in the
form ll-cc, that identifies the language.
For example, an installation point for Microsoft Office Standard 2007 with both U.S. English and
French language elements includes the following files and folders:
• Setup.exe —Setup program
• Office.en-us folder—U.S. English shared features
• Excel.en-us folder—U.S. English Excel features
• Outlook.en-us folder—U.S. English Outlook features
• PowerPoint.en-us folder—U.S. English PowerPoint features
• Word.en-us folder—U.S. English Word features
The French version of Office Standard 2007 has a parallel set of folders:
• Office.fr-fr folder —French shared features
17
• Excel.fr-fr folder—French Excel features
• Outlook.fr-fr folder—French Outlook features
• PowerPoint.fr-fr folder—French PowerPoint features
• Word.fr-fr folder—French Word features
In both cases, the core package (StandardWW.msi in the Standard.WW folder) is identical, and it
accommodates both English and French language packages in the same way.
Note
These examples show only a portion of the network installation point. You may see
additional folders, all of which follow the same naming conventions show here.
Language packs for Office

Language-specific packages are used in two contexts: in the language version of an Office
product, and in the Single Language Pack (SLP) for that language. The French version of Office
Standard 2007 has a language-specific folder for each application and for shared features in
Office Standard 2007. The same folders are included in the French SLP, which also includes
language-specific folders for other products in the 2007 Office system.
For example, the Japanese language pack contains the following files and folders:
• Access.ja-jp folder—Japanese Access features
• Excel.ja-jp folder—Japanese Excel features
• Groove.ja-jp folder—Japanese Groove features
• InfoPath.ja-jp folder—Japanese InfoPath features
• Office.ja-jp folder—Japanese Shared Office features
• OneNote.ja-jp folder—Japanese OneNote features
• Outlook.ja-jp folder—Japanese Outlook features
• PowerPoint.ja-jp folder—Japanese PowerPoint features
• Publisher.ja-jp folder—Japanese Publisher features
• SharePointDesigner.ja-jp folder—Japanese SharePoint Designer features
• Word.ja-jp folder—Japanese Word features
• OMUI.ja-jp folder—Defines the language pack as a separate product
• XMUI.ja-jp folder—Identifies the particular culture for the language pack
Language-specific features for Microsoft Office Project 2007 are included in each SLP, but are
deployed separately. For example, the Japanese SLP also includes the following folders for Office
Project 2007:
• Project.ja-jp folder—Japanese Project features
• PMUI.ja-jp folder—Defines the Project language pack as a separate product
18
Language-specific features for Microsoft Office Visio 2007 are handled in a similar way. For
example, the Japanese SLP includes the following folders for Office Visio 2007:
• Visio.ja-jp folder—Japanese Visio features
• VMUI.ja-jp folder—Defines the Visio language pack as a separate product
All three language packs on a specific SLP share some common folders—the Office.ll-cc folder
(for shared Office features) and the XMUI.ll-cc folder (for culture definition). In the preceding
example, the Office.ja-jp and the XMUI.ja-jp folders are shared by Office, Visio, and Project
language packs.
Language packs can be deployed as separate products, or they can be used to deploy an Office
product in multiple languages. You are not required to enter a unique product key for language
packs, whether you are deploying them separately or as part of the installation of another
product.
Note
In previous versions of Office, enterprise customers added languages by deploying
Multilanguage User Interface (MUI) packs after a U.S. English version of Office was
installed. Localized versions, such as the Japanese version of Office Standard Edition,
were not identical to the core version with a Japanese MUI pack. This design has been
simplified and improved in the 2007 Office system.
Installing multiple languages of Office

After you create a network installation point for Office, you can make any number of languages
available to users by copying language packs directly to the network installation point. Instead of
creating a series of installations, you can allow Setup to coordinate a single installation with
multiple languages.
For example, if your network installation point contains the U.S. English version of Office
Standard 2007, the French language pack, and the Japanese language pack, then Setup detects
that there is more than one language available for Office Standard 2007. During the installation,
Setup may combine the language-neutral core package with language-specific packages for
English, French, or Japanese, or for a combination of those languages. Only one product key is
required for the entire process; only one entry appears in Add or Remove Programs in the
user's Control Panel. When Setup creates the local installation source on the user's computer,
only the languages actually being installed are cached.
When you run the Office Customization Tool to customize the installation, the majority of your
customizations apply to the core product. This design allows Setup to apply the same
customization file (MSP file) to every installation, regardless of the language. The feature tree
displayed in the tool includes common features and a smaller number of language-specific
features for each language on the installation point. For more information, see Office
Customization Tool in the 2007 Office system.
19
Note
Before it installs a language version of an Office product, Setup determines whether the
user has the required operating system support for that language. Setup stops the
installation if there is no support. For example, if a user has not enabled support for East
Asian languages, Setup does not install the Japanese version of Office.
Installing a default language on each user's computer

When you install an Office product, Setup searches the installation point for all the possible
languages for that product. By default, Setup installs Office in the language that matches the
language specified by the user's Windows user locale. Without your having to control the process,
every user gets the most likely language of Office for his or her needs. A user in Paris might get
the Office Standard 2007 in French, while a user in London gets Office Standard 2007 in English,
and a user with a Japanese user locale gets Office Standard 2007 in Japanese.
If there is no exact match between the user locale and the set of available languages on the
installation point, Setup uses the closest match. If there is no acceptable match, Setup prompts
the user to select an available language. If you are running Setup in quiet mode (without user
interaction) and there is no acceptable language match, the installation fails.
If users run Setup interactively and choose the Install Now option, Setup follows the same
default pattern and installs the language version of Office that matches the user’s user locale
setting.
For step-by-step instructions about how to deploy multiple languages of Office, see Deploy
multiple languages of the 2007 Office system.
Note
Language packs cannot be deployed as products independent of an 2007 Office system
product. If the user has already installed at least one 2007 Office system product,
however, then Setup treats the language packs as products and includes them in the list
of products that the user can choose to install.
Specifying one or more languages to install on users' computers

You can override default behavior and specify exactly which languages Setup installs on users’
computers. In the Config.xml file located in the core product folder (Standard.WW for Office
Standard 2007), you can specify that Setup install a specific language or set of languages. Then
you use the /config command line option to point to your custom Config.xml file. For example:
\\server\share\Office12\setup.exe /config
\\server\share\Office12\Standard.WW\MyConfig.xml
If users run Setup interactively and choose the Customize installation option, they can select one
or more languages to install on the Languages tab.
Important
When you edit the Config.xml file to install more than language, you must also specify
which of those languages Setup uses for the shell user interface (Shell UI). The Shell UI
20
includes core elements of Office that register with the operating system, such file
extensions, Tool Tips, and right-click menu items. Failure to specify a Shell UI language in
this scenario causes the installation to fail. For more information about managing the
deployment of multiple languages, see Customize a multilanguage deployment of the
2007 Office system.
Installing language packs separately

Because a language pack is also defined as a unique product, you can install language packs
separately from Office. If you have already deployed a number of Office products in your
organization—for example, standalone versions of Microsoft Office Outlook 2007, Microsoft Office
Word 2007, and Microsoft Office OneNote 2007 — you can install the Japanese language pack
as a separate product and distribute Japanese components for all those products at once. In this
case, a separate entry appears in Add or Remove Programs for the Japanese language pack.
Note
To install a language pack, users must first have an Office product installed. Although
Setup can install the language pack as a separate product, a language pack by itself
does not function as a complete 2007 Office system product. A core product is always
required.
Installing Proofing Tools

Proofing Tools allow users to enable additional languages for editing and to work with documents
in multiple languages. Each language pack (and each language version) includes Proofing Tools
for a set of companion languages. The enterprise edition of the Japanese language pack, for
example, includes Proofing Tools for English. Proofing Tools for each language are located in the
Proof.ll-cc folder at the root of the network installation point.
• Proofing.ja-jp
• Proof.ar—Japanese Proofing Tools
• Proof.en—English Proofing Tools
You can distribute additional Proofing Tools in your organization. Proofing Tools for each
language are installed as separate packages (MSI files). The entire set of Proofing Tools is
included with the Microsoft Multi-language Pack. For more information about deploying Proofing
Tools in your organization, see Deploy Proofing Tools for the 2007 Office system.
Adding languages after Office is installed

If you deploy Office first and then acquire additional language packs, you can add languages in
much the same way that you deploy multiple languages during the initial installation.
To add languages after you install Office, you rerun Setup from the network installation point. By
editing Config.xml for that product, you can specify that Setup add languages or that Setup match
the language to the user's operating system language. In this case, Setup modifies the existing
installation; it does not add the new language as a separate product.
21
For more information, see Add languages after deploying the 2007 Office system.
See Also
• Customize language settings for the 2007 Office system
22
II Planning for migration
In this section:
Preparing for Migration to the 2007 Office system
Assessing your environment with the Office Migration Planning Manager
Migration considerations by application
23
Preparing for migration to the 2007 Office
system
In this chapter:
Plan and prepare for migration to the 2007 Office system
Review migration issues for the 2007 Office system
Determining the best migration strategy
Collaborating with previous versions of Office and other programs
FAQ: File format
See Also
• Assessing your environment with the Office Migration Planning Manager
• Migration considerations by application
• Migration reference
• Migrating to the 2007 Office system
24
Plan and prepare for migration to the 2007
Office system
The 2007 Microsoft Office system is a major release that offers many improvements and new
features in response to customer needs. Changes such as the new file format and new Setup
architecture require careful planning and preparation before upgrading. Your migration planning
will include evaluating the files in your environment, identifying potential conversion issues, and
reviewing migration considerations for each program within 2007 Office system.
The Office Migration Planning Manager (OMPM) enables you to examine the files in your
environment and decide whether to archive them, convert them in bulk with the Office File
Converter available in OMPM, or convert them manually. You will also determine the approach to
upgrade and migration within your organization.
Planning a migration to the 2007 Office system includes the following:
1. Review top migration issues. For more information, see Review migration issues for the
2007 Office system.
2. Review differences between the 2007 Office system and Office 2003. For more
information, see Differences in the 2007 Office system. Many of these issues are detected by
the OMPM Office File Scanner. Others might require a difference in user behavior, or might
require changes in custom solutions.
3. Review file format changes. For quick information about file format changes, see FAQ:
File format. For more in-depth information about the new file formats, see File format
reference.
4. Review collaboration issues for the 2007 Office system. For more information, see
Collaborating with previous versions of Office and other programs.
5. Assess your environment with OMPM. This involves the following steps:
a. Install and configure OMPM File Scanner.
b. Distribute OMPM File Scanner.
c. Prepare a SQL database for OMPM.
d. Import OMPM log files into the database.
e. Analyze reports from OMPM.
6. Plan an approach to migration. For more information, see Determining the best migration
strategy.
25
Collaborating with previous versions of
Office and other programs
While the best way to minimize compatibility issues is to standardize your environment on a
single file format, many organizations will need to deploy the 2007 Microsoft Office system in a
phased rollout, or will need to collaborate with other companies. For this reason, Microsoft Office
Excel 2007, Microsoft Office Word 2007, and Microsoft Office PowerPoint 2007 contain features
to ensure compatibility with previous versions of Office. You can use the Microsoft Office
Compatibility Pack to allow backward compatibility, so that previous versions of Office can open
and save files in the new file format. In addition, the openness of the new file format makes it
more compatible with non-Office programs.
Using the Microsoft Office Compatibility Pack for

backward compatibility
To meet the needs of users upgrading to the 2007 Microsoft Office system, Microsoft offers
updates and a compatibility pack for Office XP and Office 2003 that enable a user to open and
save 2007 Office release XML files. (Conversion tools for Office 2000 are not available for the
2007 Office system Beta 2). For more information, see Microsoft Office Compatibility Pack for
Word, Excel, and PowerPoint 2007 File Formats (http://go.microsoft.com/fwlink?LinkID=77512).
Features that are not supported in the Microsoft Office

Compatibility Pack
Some features in the 2007 Office system are not supported in previous versions of Office. Some
data might be lost when a user opens a converted file in a previous Office application. Users are
informed of this when they modify and save files that were created using the new file formats.
OMPM Office File Converter

You can use the Office Migration Planning Manager (OMPM) Office File Converter in conjunction
with the Microsoft Office Compatibility Pack to perform bulk file conversion tasks. For more
information, see Migrate Word, Excel, and PowerPoint files to the 2007 Office system.
Viewers
The 2007 Office system viewers enable sharing 2007 Office release files with users who do not
have the 2007 Office system or the Microsoft Office Compatibility Pack installed on their
computers. The viewers allow users to view and print, but do not allow edit operations. You can
find these downloadable files on the Office Resource Kit Web site.
Each viewer (one each for Office Word 2007, Office Excel 2007, and Office PowerPoint 2007) is a
separate MSI package and must be installed separately.
26
The viewers coexist with previous versions of Office applications.
Setting default save options

You can change the default file save options for Microsoft Office Word 2007, Microsoft Office
Excel 2007, and Microsoft Office PowerPoint 2007 with Group Policy. For more information, see
Use Group Policy to set default file save options.
Using compatibility mode

The 2007 Office system offers a new feature, compatibility mode, to provide backward
compatibility with previous versions of Office. Compatibility mode disables all features in the 2007
Office system that cannot be displayed by previous versions of Office programs. Compatibility
mode also disables features that do not convert well when saved in the file formats used by
previous versions of Office. The list of disabled features is dependent on the application and the
content that is selected.
Compatibility mode does the following:
• Optimizes the user experience in mixed environments for easier collaboration.
• Limits feature data loss due to limitations of the previous file formats.
Compatibility mode is document-specific. For example, if a user opens two files at the same time,
a PowerPoint 2003 file, which has compatibility mode on, and a Office PowerPoint 2007 file with
compatibility mode off, compatibility mode is enabled for the first and disabled for the second.
Note
By default, compatibility mode is on when a file from a previous version of Office is in use.
For more information about compatibility mode, see Compatibility mode in the 2007 Office
system.
Compatibility checker
Compatibility checker is a dialog box that appears when there are features in a document that
would be lost or degraded, either when a document is saved in an previous format or switched
into compatibility mode. The dialog box lists all the features that are affected, and enables the
user to cancel the operation, continue with the save, or switch into compatibility mode.
Compatibility checker does not appear when:
• There are no identifiable issues in the document.
• The user has disabled compatibility checking in the document.
If a user has chosen not to run the compatibility checker tool when a file is saved, it can be turned
back on by running the compatibility checker manually from the File menu.
The list of compatibility issues in the compatibility checker dialog box are grouped by:
• Minor issues. Changes in the visual appearance of content are small or there is a minor
change in how a legacy Office application edits the content.
27
• Major issues. Feature data is lost or severely degraded when it is saved to the binary
format. Users of the 2007 Office system can run the compatibility checker on a file at any time
to see what issues might exist.
Considerations for printing and viewing files

Applications in the 2007 Office system retain the layout and sizing of documents that were
created with previous versions of Office. This reduces the possibility of page-break issues,
alignment issues for text and images, and sizing problems with charts and objects. However,
potential issues remain that depend on the following:
• Printer hardware and configuration.
• Backward compatibility when printing or viewing files with the new file formats in previous
versions of Office.
Printer hardware and configuration

Printer hardware and configuration can affect the appearance of document output both to the
screen and to the printer. The print layout of a file depends on the fonts, graphics, images, and
configuration of the printer hardware. Printing between different brands or models of printers
commonly results in slightly different output, which can cause different page breaks, margin
changes, and color differences. When you format a large document with default printer settings
set to a specific printer, you should use that same printer so that you reduce the possibility of
unwanted page breaks or margin changes.
The 2007 Office system offers improved text and graphic printing capabilities. Files in both the
previous and new file formats benefit from these improvements when they are printed in the 2007
Office system. However, print quality depends on the features and resolutions supported by the
printer.
Backward compatibility
When a user creates a file in the 2007 Office system and opens it in a previous version of Office,
some of the graphic content is converted to images instead of autoshapes (ready-made shapes
that are included in Office applications). This happens because a previous version of Office
cannot render the new graphic effects in the 2007 Office system. When opened, the file is
converted to the binary file format supported by the application. The print quality of a new file in a
previous version of Office is affected by the limitations of that version.
In addition, backward compatibility can affect the view of a Office PowerPoint 2007 presentation.
Some animations are changed or removed during the conversion if they are not supported in the
previous version of PowerPoint. For example, a shape can have a color effect in the 2007 Office
system that is removed during the conversion, because this effect is not supported in previous
versions. Presentations with few or subtle animations are most likely not affected.
28
Compatibility with other programs
You can perform the following actions with files in the new file formats without using an Office
application:
• View content.
• Delete content.
• Edit content.
• Replace content.
• Copy content from one file to another.
• Identify the degree of security a file will have by examining the file name extension.
• Use search tools to examine the contents of a file.
• Programmatically find and manipulate content in a file without using Visual Basic for
Applications (VBA) or the object model.
The new file formats are not proprietary; they are available on a royalty-free basis to any user.
Third-party developers can create programs that manipulate the XML files without using Office
applications or the related Office object models. You can get free downloads of XML schema
definitions on the Internet.
See Also
• File format reference
29
FAQ: File format
The 2007 Microsoft Office system introduces a new file format based on open extensible markup
language (XML) standards. The new file format enhances functionality, security, and
programmability. This FAQ addresses questions you might have about the new file format.
What is the new file format?

For an overview of the new XML file formats in the 2007 Office system, see File format reference.
For a detailed, developer-oriented reference, see 2007 Microsoft Office System on MSDN
(http://go.microsoft.com/fwlink/?LinkId=76286).
Why is there a new file format?

The change in file formats is a direct result of customer feedback. External MVPs, developers,
and IT administrators provided crucial feedback about their requirements, as follows:
• Provide a file format based on open standards.
• Make files easier to manipulate programmatically.
• Make files easier to search.
• Help make files more secure.
• Provide a way to identify whether a file has been tampered with or contains a virus.
• Make files less sensitive to corruption.
• Find a way to address data bloat.
How are users being prepared for the new file

format?
The design and development teams for 2007 Office system did the following:
• Worked closely with users to discuss their needs and gather requirements for the new file
format.
• Announced the file format early in the development cycle.
• Supplied information about the upcoming changes, and provided more detailed
documentation and support.
• Provided tools to help assess the impact of the file format change on IT environments.
• Created as seamless a transition as possible for users, both in migrating to the new file
format and in collaborating with previous versions of Office.
30
How can users collaborate on files when they use
different versions of Office?
There are several ways that people using different versions of Office can collaborate. Users need
to share files without encountering any issues with formatting, styles, printing, or feature
incompatibility. Users should be able open files received from others, make changes, and send
the updated file back regardless of the version of Office they are using.
A set of tools is available for Office 2000, Office XP, and Office 2003 to allow these versions to
recognize, open, modify, and save files that are in the new XML format. For more information
about the updates and converters available for previous versions of Office, see Collaborating with
previous versions of Office and other programs.
In addition, the 2007 Office system minimizes file compatibility issues by including the following
features:
• The ability to save files in 2007 Office system to the previous file formats.
• The ability for features that are only available in the 2007 Office system to successfully
roundtrip, or go from the 2007 Office system to a previous version of Office, and then back
again.
• Group Policy settings that allow you to control the default file formats for each Office
application.
• Compatibility mode, which disables features that are not compatible with previous
versions.
• A compatibility checker, which informs the user about any features in the document that
might not be compatible with previous versions of Office.
Can previous versions of Office recognize the

new file format?
Yes. Updates and file converters for Office 2000, Office XP, and Office 2003 are available at
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
(http://go.microsoft.com/fwlink?LinkID=77512).
Also, applications in the 2007 Office system can save files to the previous file format. Feature
incompatibility will still be an issue, however. Where possible, features available in the 2007
Office system will be emulated in previous versions, but if the previous version of Office cannot
support a new feature, the new feature will be ignored.
How can I tell whether a file is from the 2007

Office release or from a previous version of
Office?
So that you can identify files in the new XML file format, files have different file extensions than
their counterparts in previous versions of Office. Files that are saved in the 2007 Office system to
the older format use the old extensions.
31
File sizes have increased with each new version
of Office. Will this happen again with the 2007
Office system?
Files created in the new XML formats are up to 75 percent smaller than those in previous
versions of Office. For example, a 100-KB file with no graphics that is created by using Office
2003 is reduced to about 25 KB in size when saved in the 2007 Office system. These files take up
less server space and consume less network bandwidth.
See Also
• Preparing for migration to the 2007 Office system
32
Review migration issues for the 2007 Office
system
As part of your migration planning, review the following topics for migration issues that are
relevant to your environment:
• Top migration issues in Office 2007
• Differences in the 2007 Office system
• Collaborating with previous versions of Office and other programs
• Migration considerations for Access 2007
• Migration considerations for Excel 2007
• Migration considerations for Word 2007
• Migration considerations for Outlook 2007
33
Determining the best migration strategy
The timing and method of your migration to the new XML file formats in the 2007 Microsoft Office
system depends on the following factors:
• When do you expect to deploy the 2007 Office system, and how long will it take to deploy
the 2007 Office system to all users and all departments? If you need a rapid deployment,
consider a single rollout. For more information, see Single rollout in this topic. If you plan to
deploy the 2007 Office system over a long period of time, consider a phased rollout, so that
you can plan your hardware, software, support, and training resources evenly over the time
that the deployment takes. For more information, see Phased rollout in this topic.
• Do you plan to have long-term coexistence between the 2007 Office system and previous
versions of Office, and how much collaboration do you expect to occur between different
departments that continue to use previous versions of Office? If your organization requires
long-term coexistence, or if you expect long-term collaboration on Office documents for users
of the 2007 Office system and previous versions of Office, see Phased rollout in this topic.
• How many active Office documents are in use in your organization? If you have many
files that require conversion or modification before they can be used with the 2007 Office
system (for example, a custom Excel solution might require some changes before users can
use it reliably with Microsoft Office Excel 2007), it might be a good idea to plan your
deployment in stages. For more information, see Phased rollout in this topic.
If you have many files and need to assess the impact of migrating them, you can use the Office
Migration Planning Manager (OMPM). You can also use OMPM to convert files in bulk, if you
determine that this method is best for your environment. For more information, see Assessing
your environment with the Office Migration Planning Manager.
If you expect long-term coexistence, where users need to collaborate on documents by using
different versions of Office, plan on using Group Policy settings and educating your users about
compatibility mode and compatibility checker. For more information, see Compatibility mode in
There are two recommended methods for preparing your organization to use the new file format:
• Single rollout
• Phased rollout
In addition, some organizations might prefer to roll out the 2007 Office system on an as-needed
basis, as new computers are added to the environment.
Single rollout
A single rollout is recommended, if possible. If you distribute the 2007 Office system to all users
at the same time, there are no special considerations for when users can start creating and using
files with the new XML file formats. If your organization shares files with external users who are
using previous versions of Office, you can either continue using the older file formats in the 2007
Office system or recommend that external customers apply the Microsoft Office Compatibility
34
Pack for Word, Excel, and PowerPoint 2007 File Formats, available at Microsoft Office
Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
(http://go.microsoft.com/fwlink?LinkID=77512).
If you perform a single rollout, documents generated after installation of the 2007 Office system
will be in the new file format unless you use a Group Policy setting to specify using earlier file
formats.
If you plan a rapid deployment, and not all of your users are ready to migrate their files or
applications to the new file formats, you might want to set default File Save options to the file
formats in Office 2003 until all users are ready to use the new file formats. If you want your users
to begin using the new file formats right away, you might consider converting their Word, Excel,
and PowerPoint files with the Office File Converter that is available with the Office Migration
Planning Manager. For more information, see Migrate Word, Excel, and PowerPoint files to the
2007 Office system.
Phased rollout
A phased rollout is the next best option. If the 2007 Office system will be installed on a significant
number of clients or will be phased into various departments, the key date that determines when
you should install the 2007 Office system is linked to when you want to adopt the new file
formats. To avoid this installation limitation, you can use Group Policy to decouple the deployment
of the 2007 Office system from the enabling of the new file formats.
If you are using a phased rollout, you need to determine:
• When your organization wants to begin using the new file formats.
• Whether users are willing to work in a mixed environment, with more than one version of
Office in use.
If users are willing to work in a mixed environment of old and new file formats, you need to make
sure that everyone who is using previous versions of Office has the appropriate updates and
converters, available at Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats (http://go.microsoft.com/fwlink?LinkID=77512).
If users are unwilling to work in a mixed environment, and your organization is targeting a specific
date when all users must convert to the new file formats, use Group Policy to set the default file
format as the binary format used in previous versions of Office. This allows you to set default file
types created by users but does not block users from creating 2007 files with the new file formats.
After the 2007 Office system is installed, and when you are ready to enable the new file format
across the entire company, change the Group Policy setting to enable the new file formats as the
default file types. This allows you to avoid updating and applying converters to computers running
previous versions of Office. This can lower costs and allow continued collaboration throughout the
deployment cycle. It is recommended, however, that you notify all users that they should not use
the new file formats until instructed to do so.
You can use the Office Migration Planning Manager to identify users' files and to determine issues
that might arise during conversion. For more information, see Assessing your environment with
the Office Migration Planning Manager. You can also convert Word, Excel, and PowerPoint files in
35
bulk with the Office File Converter that is available with the Office Migration Planning Manager.
For more information, see Migrate Word, Excel, and PowerPoint files to the 2007 Office system.
As-needed rollout
An as-needed rollout is not recommended but might be necessary in some environments. For
example, an organization might deploy the 2007 Office system on an as-needed basis when it
cannot plan for a major upgrade but is willing to purchase replacement computers that are pre-
installed with the 2007 Office system. This approach is difficult to control, especially in an
environment that does not have Active Directory directory service, which is required in order to
set default options for saving files via Group Policy.
See Also
• Collaborating with previous versions of Office and other programs
36
Assessing your environment with the Office
Migration Planning Manager
In this chapter:
Introduction to OMPM
Install and configure OMPM File Scanner
Distribute OMPM File Scanner
Prepare a SQL database for OMPM
Import OMPM log files into the database
Analyze reports from OMPM
See Also
37
Introduction to OMPM
The Office Migration Planning Manager (OMPM) is a collection of tools that enables you to
prepare for migration to the Microsoft 2007 Office system. OMPM checks for, and reports on, file
properties to help you analyze your environment. You can download OMPM from 2007 Microsoft
Office System Migration Guidance: Microsoft Office Migration Planning Manager
(http://go.microsoft.com/fwlink?linkid=75727).
For the most part, documents created in Office 2003 and earlier open and behave the same way
in the 2007 Office release. However, there might be instances where files require manual
intervention or analysis to ensure consistent behavior. For example, a custom solution built in
Microsoft Excel 2003 might require modification because it relies on legacy Office features that
are no longer supported in Excel 2007.
OMPM includes the following features:
• The OMPM File Scanner (offscan.exe), a command-line tool that scans files for
conversion issues. You can easily deploy this tool using an automated software deployment
technology, such as SMS, or a login script. The OMPM File Scanner stores the scan results
in XML log files on each computer that it scans. The OMPM File Scanner performs two types
of scans:
• A light scan that quickly identifies the Office documents on a user’s computer or
network file system.
• A deep scan that you can perform on Office documents to gather document
properties that provide indicators of potential conversion issues.
• A set of utilities that automate the creation of a new database (either SQL Server 2000,
SQL Server 2005, or SQL Express) and import the XML log files generated by the OMPM File
Scanner.
• A Microsoft Access 2007–based reporting solution that provides different reports for your
analysis and enables you to define file sets for automated processing.
• The Office File Converter (OFC) that allows you to convert specific files to the new 2007
Office release file formats in bulk.
• The Version Extraction Tool (VET) that allows you to extract saved versions of a file in
Word 2003 (or earlier) to different files.
OMPM contents
OMPM is contained in a self-extracting executable file, MigrationPlanningManager.exe. OMPM
Components are contained in redistributable subfolders:
• Scan: The folder containing the OMPM File Scanner.
• Report: The folder containing OMPM Reports. To export file lists from OMPM Reports,
the database folder and related components must also be available.
• Database: The folder containing scripts to provision and populate the OMPM database.
38
• Tools: The folder containing tools such as the Office File Converter and Version
Extraction Tool.
Installing OMPM
To install OMPM, type the following at a command prompt:
MigrationPlanningManager /extract:c:\ompm
For help with OMPM, type the following at a command prompt:
MigrationPlanningManager /?
OMPM requirements
The following lists the requirements for running OMPM, both for the client systems that it scans
and the administrator system from which it runs.
Client system requirements

The OMPM File Scanner requires the following programs on the computers that it scans:
• Windows NT 4.0, Windows 2000 SP4, Windows XP SP2, or Windows 2003 SP1
• Internet Explorer 5.0 or higher
The following system components must exist on all computers running the OMPM File Scanner. If
these files do not exist, install the files with a separate distribution job before you run the OMPM
File Scanner.
• Data Access Objects 3.5 or higher (dao350.dll/dao360.dll). These files are included in
Microsoft Access 97, Microsoft Windows 98, Microsoft Windows NT® 4.0 Option Pack, and
Windows NT 4.0 Service Pack 4.
• Microsoft Scripting Runtime (sccrun.dll). This file is included in Microsoft Access 2000,
Windows NT 4.0 Option Pack, Windows NT 4.0 Service Pack 5, and Microsoft Windows
Scripting Host.
• Visual C Runtime (msvcrt.dll).
• Kernel32.dll.
• Msjet40.dll.
• Crypt32.dll.
• Ole32.dll.
• Oleaut32.dll.
• User32.dll.
• Advapi.dll.
• Msvcrt.dll.
All computers that contain files to convert are required by the Office File Converter (OFC) to
install the Microsoft Office Compatibility Pack. For more information, see Deploying the Microsoft
Office Compatibility Pack.
39
The Version Extraction Tool (VET) requires installation of Microsoft .NET Framework Version 2.0
Redistributable Package (x86) (http://go.microsoft.com/fwlink/?LinkId=81886) and Microsoft
Word 2003.
Administrator system requirements

The administrator running OMPM requires the following:
Computer and operating system
• A computer running Windows XP SP2 or Windows Server 2003 to use the database
provisioning and data import tools in OMPM.
• Optional: A computer running Windows XP to create a self-extracting package with
IExpress 2.0.
Note
Use IExpress 2.0 to create a self-extracting package. Do not use a self-installing
package.
Database software
• SQL Server 2000 or SQL Server 2005 (recommended). SQL Server 2005 is
recommended for enterprises working with large amounts of data. SQL Server 2005 provides
enhanced database management and reports. The database should have a minimum of 4 GB
available free disk space.
• Microsoft SQL Server 2005 Express Edition. This free, redistributable version of
SQL Server 2005 is ideal for client applications that require an embedded database. You can
use SQL Server 2005 Express Edition, instead of SQL Server 2005, for smaller-scale data
collection. The database should have a minimum of 2 GB available free disk space. SQL
Server 2005 Express Edition is available as a free download at SQL Server 2005 Express
Edition (http://go.microsoft.com/fwlink/?LinkId=95582&clcid=0x409).
Database tools and utilities
• Both SQL Server 2005 and SQL Server 2005 Express Edition include several command
line utilities, such as Osql.exe and Bcp.exe. These must be available on the client computer
from which the provisioning and import tools are run.
• SQLXML 3.0 SP3. SQLXML enables XML support for your SQL Server 2005 database.
This module allows XML files that are collected by the OMPM File Scanner to be imported
efficiently into a database server. SQLXML is a free download available at SQLXML 3.0
Service Pack 3 (SP3) (http://go.microsoft.com/fwlink?linkid=52919).
Note
We recommend using the English editions of SQL Server 2005 or SQL Server 2005
Express Edition to use OMPM. While there are no known issues involving international
editions, only the English edition is supported for these tools at this time.
File share
A file share is required to stage the XML log files collected by the OMPM File Scanner before the
log files are imported into the database. The file share should have a minimum of 1 GB available
40
space. Any account that is operating the import scripts requires read/write/create access to the
file share.
Note
For performance reasons, it is optimal to have the import tools, log file share, and
database on the same server. If this is not possible, the log file share and the database
server should be on the same subnet to reduce network traffic.
Other
• OMPM Reports requires the installation of Microsoft Access 2007 on the client computer
from which the data will be examined. To export file lists from OMPM Reports, SQL Server
Express or SQL Server and SQLXML 3.0 SP3 must be installed on the computer that runs
OMPM Reports.
• To perform a deep scan with the OMPM File Scanner, Access 2002 or later must also be
installed on the computer that runs the OMPM File Scanner.
Note
Other than the requirement listed above, the OMPM File Scanner does not require
the installation of any version of Office on any computer it scans.
• For scanning document storage systems such as Microsoft SharePoint Services, the
OMPM File Scanner requires the Web-based Distributed Authoring and Versioning (WebDAV)
interface. For more information about WebDAV, see About WebDAV (IIS 6.0)
(http://go.microsoft.com/fwlink/?LinkID=81698). This is the only version of WebDAV that is
supported for OMPM.
Note
Use either the Windows Vista WebDAV client or a third-party WebDAV client for
document libraries that are SSL-enabled. If you use the WebDAV client from previous
versions of Windows, the scan of the document library fails.
How the OMPM File Scanner works

The OMPM File Scanner gathers information about the computer and recursively scans the
designated path for Office files. The OMPM File Scanner then records the results in an XML log
file to the designated destination path.
The OMPM File Scanner performs the following tasks in a single scan:
• Scans the computer for Office files within the folder structure defined by the SourcePath
specified in the configuration file offscan.ini.
• Scans the computer for properties such as operating system, memory, and language ID.
• Scans for file property information such as file name, path, size, format, created date,
modified date, and file owner.
• If this is a deep scan, scans for compatibility issues.
• Writes an XML log file to the destination path for each file that contains compatibility
issues.
41
• Adds the XML log files to a series of CAB files for later transfer to a SQL Server.
• Logs failures to the XML log files.
Note
The OMPM File Scanner does not change file properties, except possibly Last Accessed
Date.
Note
The OMPM File Scanner does not transmit data to Microsoft Corporation.
Log and CAB files generated by the OMPM File

Scanner
On each computer that it scans, the OMPM File Scanner writes an XML log file to the destination
folder that you specified in the accompanying offscan.ini file. This initial log file contains both scan
and computer details. After this, the OMPM File Scanner creates an XML log file for each
additional Office file that it scans. The filename for each log file is in the form of a GUID, with a
prefix indicating the type of log file.
The OMPM File Scanner creates four unique types of log files to record properties about the
computer scanned, file scanned, scan summary, and errors. The following table shows a typical
set of log files.
File Name Description
Scan_{40D1300A-F0BE-4D68-ADBF-36C78EE030A1}.xml Scan log (one per scan)
File_{F575D370-1E7A-486E-9FC6-4BB83C7770DD}.xml File properties log (one per

unique file scanned)
Sum_{75C5A590-A789-4B16-A2EB-E3934BCB01B1}.xml Summary log
Err_{61CF0E6F-71E1-4878-9E9F-C1D35EBA3506}.xml Error log (one per unique error

occurrence)
The individual log files are compressed into CAB files to make transport to the SQL Server
database more efficient. To maximize disk space on the computer that is scanned, after OMPM
File Scanner writes 10,000 log files, adds the log files to a CAB file, and then deletes the log files.
Each CAB file contains up to 10,000 log files. When a CAB file reaches 10,000 log files, OMPM
File Scanner creates a new CAB file for the next 10,000 files.
CAB files use the file name from the ScanID GUID, with an index number appended. Three CAB
files generated on the same computer might generate names such as the following:
• Computer1 {2FA87EDF-4393-4BCF-8829-8776F82DEDD5}00001.cab
42
Creating CAB files can be detrimental to performance if log files are saved across a network. Use
the setting CABlogs=1 in the Offscan.ini file to disable the creation of CAB files.
Files scanned by the OMPM File Scanner

The following table shows the file types that are scanned by the OMPM File Scanner, along with
file types that are included in the light scan only.
Microsoft Office program Light and deep scan file types Light scan only
Access • .mdb
• .mde
• .mdz
• .adp
• .ade
• .mdt
• .mda
• .accda
• .accdb
• .accdr
• .accdu
• .accde
• .accdt
• .accdc
Excel • .xls • .xlc

• .xlt • .wk1
• .xla • .wk3
• .xlm • .wk4
• .xlw • .wj1
• .htm • .wj2
• .html • .wj3
• .mhtml • .fj3
• .mht • .fmt
• .fm3
• .all
• .wks
• .wq1
• .dbf
PowerPoint • .ppt
43
Microsoft Office program Light and deep scan file types Light scan only
• .pot
• .pps
• .ppa
Project • .mpp
• .mpt
Publisher .pub
Visio • .vsd,
• .vss
• .vst
• .vdx
• .vtx
• .vsx
Word • .doc
• .dot
• .wiz
Files from Microsoft Office Outlook, Microsoft Office FrontPage, Microsoft Office OneNote, and
Microsoft Office InfoPath are not included in either the light or deep scan.
Note
The OMPM File Scanner does not scan documents that are password-protected or IRM-
protected. In addition, the OMPM File Scanner does not scan embedded objects within
documents, but does report that the document contains embedded objects.
44
Install and configure OMPM File Scanner
You have two options for distributing and running the OMPM File Scanner:
• Place all of the necessary OMPM File Scanner files on a central share and run the
OMPM File Scanner from that share, scanning local computer hard drives or servers. This
method allows you to change the OMPM File Scanner configuration files in the central
location without having to redistribute them to every computer on the network.
• Create a distribution package that contains all necessary OMPM File Scanner files and
distribute the package to every computer to be scanned.
Before running the OMPM File Scanner, you must first edit the offscan.ini file with the
appropriate parameters. For a list of file types that are scanned by the OMPM File Scanner, see
Introduction to OMPM.
The command to run the OMPM File Scanner is:
offscan.exe
The parameter for this command is as follows:
Parameter Description
-q Run the OMPM File Scanner in quiet mode.

Optional.
Offscan.ini settings
The following table shows the settings and values in offscan.ini.
Setting Description Possible values If value is If value is not valid

missing
RunID= Tracking number Alphanumeric. End scan. End scan.

for the current
scan. Use this to
group scans from
different computers
in the Reports.
Required.
Description= Text used to Free-form text, Ignore

describe the truncated to
current scan. 255 characters.
Optional.
45
missing
DestinationPath= Path where log Physical or End scan and

files are placed. mapped drive display usage
Supports or UNC information to
environment e.g. console
variables (see Note
c:\scan\logs
below). Required.
Environment
variables are
also supported.
ScanMyDocuments Ensures the user's 1 - Scan My No special Ignore.

My Documents Documents handling for
folder is scanned wherever the My
whether My folder is Documents
Documents is 0 - do not scan folder.
within the path My Documents
specified in if the path is not
SourcePath or under that
redirected to indicated by
another hard drive SourcePath.
or network share.
Optional.
ScanDesktop Ensures the user's 1 - Scan No special Ignore.

Desktop folder is Desktop handling for
scanned, whether wherever the Desktop
Desktop is within folder is folder.
the path specified 0 - do not scan
in SourcePath or Desktop if the
redirected to path is not
another hard drive under that
or network share. indicated by
Optional. SourcePath.
DeepScan= Specify whether 0 - perform a Performs a Performs a light

this is a deep scan. light scan light scan. scan.
Optional. 1 - perform a
deep scan
46
missing
CABLogs= Disable creation of 0 – do not allow Will not Will not create
CAB files. creation of CAB create CAB CAB files.
Optional. files files.
1 – allow
creation of CAB
files.
Verbose= Specify whether to 0 - do not print Does not Does not print
print output to the output to the print output to output to the
screen. Optional. screen the screen. screen.
1- print output
to the screen
Recovery= Restart a failed 0 - do not Does not Does not attempt

scan when you run restart failed attempt to to restart failed
the OMPM File scans restart failed scans.
Scanner again. 1 - restart failed scans.
Optional. scans
LogOutput= Specify whether to 0 - do not write Does not Does not write
write output to a output to a file write output output to a file.
file. Optional. 1 - write output to a file.
to a file
[FoldersToScan] Section lists folder Section Head. If missing

trees to scan. Sub- and
folders will also be ScanAllLocal
scanned. Drives<>1,
If only tblScans
ScanAllLocalDrives and
is specified, folders tblComputers
on local drives will information
be ignored (all will be written
folders on all local and the scan
drives will be will end.
scanned unless
excluded by
[FoldersToExclude]
). Supports
environment
variables (see Note
below). Optional.
[FoldersToExclude] Section lists folders Section Head. No folder will If FoldersToScan
47
missing
to exclude from the be excluded and

scan. Sub-folders from the FoldersToExclude
will also be scan. include the same
excluded. If folders an error
[FoldersToExclude] will be written to
contains folders tblErrors and the
that don't exist on scan will end.
the computer, the Error is:
scan will stop.
"The same folder
Supports
is listed in
environment
FoldersToScan
variables (see Note
and
below). Optional.
FoldersToExclude
in OFFSCAN.INI.
Aborting scan."
Folder= Lists a folder to be Valid folder OMPM File OMPM File

included in the path. Scanner Scanner scans all
scan. All files within scans all local physical
this folder and sub- local physical drives.
folders will be drives.
scanned. Optional.
[Application] Sections [Access] If section is If [Application] is

containing specific [Excel] missing, the not a known value,
settings for each application the section is
[PowerPoint]
Office application. document ignored.
[Project]
Optional. files will not
[Publisher] be scanned.
[Visio]
[Word]
RetryCount Number of retries Integer.

per file before
moving to the next
file. Optional.
RetryInterval Number of Integer.

milliseconds to wait
between retries.
Optional.
RetryTimeout The number of Integer.

sequential files to 0 - infinite
48
missing
retry before number of files.

stopping the scan.
Optional.
Ext= List of extensions For example, Store error If extension is not

to be scanned for "doc" or "dot" (a nn0001 to valid, write error
the application. comma- tblErrors 010014 to
Required, if separated list (where nn = tblErrors.
[Application] is without the Module
present. For a list preceding "." Number)
of file types that character). You If there are
are scanned by the can add no values in
OMPM File additional Ext= in any
Scanner, see extension types [Application]
Introduction to if you use other section, the
OMPM. extensions for OMPM File
particular Scanner will
document write
types, such tblScans and
as .LET for tblComputers
Word letter to log file and
documents. end).
ScanDAO= Specify whether to 0 - do not Collect DAO Collect DAO

collect data access collect DAO properties. properties.
object (DAO) properties
properties from the 1 - collect DAO
Access databases properties
that are scanned.
Optional.
49
missing
AccessScan= Specify whether to 0 - do not Do not collect Do not collect

collect Access collect Access Access Access properties.
properties from the properties properties.
Access databases 1 - collect
that are scanned. Access
To collect Access properties
properties, the
OMPM File
Scanner must be
running on a
computer that has
Access 95 or later
installed on it.
Optional.
DisableConvDialog= Specify whether to 0 - do not Do not Do not prevent the

prevent the prevent the prevent the conversion dialog
conversion dialog conversion conversion box from
box from appearing dialog box from dialog box appearing.
the next time a appearing from
user opens a 1 - prevent the appearing.
version of an conversion
Access database dialog box from
that is earlier than appearing
Access 2002 or
Access 2003 in
either Access 2002
or Access 2003. If
you set
DisableConfDialog
=1, the
LastModified date
of the Access
database changes.
Optional.
50
missing
MaxCopyFileSize= Specify the Integer. Defaults to Defaults to 50 MB.

maximum file size 0 - infinite file 50 MB.
in megabytes (MB) size
that the OMPM File
Scanner copies for
the collection of
Access properties.
When collecting
Access properties,
the OMPM File
Scanner makes a
copy of the
database, which it
opens and scans.
This preserves the
LastModified date
for the database.
You can use this
setting to limit the
file size that is
copied. Optional.
TempPath= Specify the folder Drive letter or Use the Use the folder
path where the UNC path. folder path path that is
OMPM File that is specified for the
Scanner copies specified for TEMP variable in
Access databases the TEMP the Microsoft
before scanning variable in Windows
them. Optional. the Microsoft operating system
Windows that is running on
operating your computer.
system that is
running on
your
computer.
Note
The following properties support environment variables: [FoldersToScan],
[FoldersToExclude], and [DestinationPath]. For example, you can specify %temp%,
which resolves as the location to store temporary files. If the environment variable cannot
be resolved due to a misspelling or other reason (for example, if you specified %temps%
51
instead of %temp%), the OMPM File Scanner treats the entry like a folder name and not
an environment variable.
See Also
• Introduction to OMPM
• Distribute OMPM File Scanner
• Analyze reports from OMPM
• Migrate Word, Excel, and PowerPoint files to the 2007 Office system
52
Distribute OMPM File Scanner
You can use Systems Management Software (SMS), another software distribution program, or
script to distribute the OMPM File Scanner.
If you have SMS or other software distribution software currently deployed in your environment,
use SMS to distribute and run the OMPM File Scanner. SMS encrypts the data that it transmits. Iif
you are using another software distribution package, refer to your product documentation for
information regarding whether it encrypts the data. If you are not using SMS, be aware that
scanning files across a network can lead to potential security issues, in the same way that
reading or editing any document across a network can create security issues.
Files to Distribute
Whether you are using SMS or another software distribution system or script, include the
following files that ship with OMPM in the distribution package for the computers that you want to
scan:
• OFFSCAN.EXE – OMPM File Scanner program
• ACCSCAN.DLL – Application library modules
• OFFSCAN.INI – Configuration file
• MSVBVM50.DLL – Visual Basic 5.0 runtime version
• SYSTEM.MDW – Access system database
Your distribution mechanism should copy these files to a folder on the computer to be scanned
(for example C:\OFFSCAN).
Distributing the OMPM File Scanner with SMS

Use SMS to run the OMPM File Scanner so that it scans with one of the following methods:
• Run the OMPM File Scanner from a server to scan workstation hard drives.
• Copy all relevant OMPM File Scanner files to each computer and run the OMPM File
Scanner locally.
• Copy a script to each computer that starts the OMPM File Scanner from a file share.
See Sample SMS deployment script for OMPM for help with packaging the OMPM File Scanner
for SMS distribution.
Other ways to distribute the OMPM File Scanner

For computers that are not always connected to the network, such as laptops and computers in
branch offices, you can distribute all of the appropriate files via CD or user-initiated download.
Use a login script for the OMPM File Scanner to do the following:
53
• Distribute the OMPM File Scanner by using a login script. To accomplish this, use
IExpress 2.0 to create a distribution package. For more information, see Use IExpress 2.0 to
create a distribution package for OMPM.
• Run the OMPM File Scanner from a central share by using a login script. The OMPM File
Scanner scans a set of files once per RunID. To scan the same set of files again, provide a
different RunID in the offscan.ini file.
Collecting OMPM File Scanner log files

When the scan is complete, the XML log files are compressed into CAB files on the local
computer if you specify CABLogs=1 in the offscan.ini file. The default is to create CAB files. Use
an SMS collection job to retrieve the CAB or XML files and store them in a central location. For
optimum network performance, store the CAB or XML files in a folder on the same server on
which your database is located.
For offline computers, you can upload the resulting compressed CAB or XML files to a share
folder, copy the files to a CD, or e-mail the files as an attachment, depending on which method
best suits your environment.
54
Prepare a SQL database for OMPM
You can use SQL Server to create a database for use with OMPM. You can also use SQL Server
2005 Express Edition as your database server. SQL Server 2005 Express Edition is available as
a download from SQL Server 2005 Express Edition (http://go.microsoft.com/fwlink/?
LinkId=95582).
To provision a SQL database

1. At a command prompt, navigate to the folder where OMPM is installed, and navigate to
the Database folder.
2. Type:
CreateDB.bat <ComputerName>\<SQLServerName> <DatabaseName>
The parameters for CreateDB.bat are as follows:
ComputerName The name of the computer that is hosting the SQL Server.
SQLServerName The name of the SQL Server where the new database is
created. Required.
DatabaseName The name of the database created. Required.
For example, if your computer name is COMPUTER1, the database server is SQLEXPRESS,
and your new database name will be OMPM001, type the following at the command prompt:
CreateDB.bat COMPUTER1\SQLEXPRESS OMPM001
Notes:
• You must have Database Operator permissions to run this script.
• To obtain help for this command, at a command prompt, type createdb.bat /?.
• Multiple databases can exist on the same server.
• DeleteDB.bat is an additional command-line utility included with OMPM that allows a
user to delete a database.
55
Import OMPM log files into the database
The import tool automates the process of importing the XML log file data or CAB files directly into
a database server. You can begin importing as soon as you have XML or CAB files generated by
the OMPM File Scanner. You do not have to wait until all the data is collected. However, we
recommend that you wait until all of the data from a specific computer is collected. You can run
the import tool multiple times to add new information to the database when the data is collected.
Note
You must install SQLXML 3.0 Service Pack 3 (SP3) on your computer before you import
XML into your database. You can download SQLXML 3.0 SP3 from SQLXML 3.0 Service
Pack 3 (SP3) (http://go.microsoft.com/fwlink?linkid=52919).
Use the following procedure to import log files that contain scan data obtained by the OMPM File
Scanner.
Import OMPM File Scanner data files into the database

1. At a command prompt, navigate to the folder where OMPM is installed, and navigate
to the Database folder.
2. Type:
ImportScans.bat <ComputerName>\<SQLServerName> <DatabaseName>
<PathToLogFiles>
Use the following procedure to import log files that contain action data obtained by the OMPM
File Scanner, Office File Converter, or Version Extraction Tool.
Import OMPM File Scanner action files into the database

1. At a command prompt, navigate to the folder where OMPM is installed, and navigate
to the Database folder.
2. Type:
ImportActions.bat <ComputerName>\<SQLServerName> <DatabaseName>
<PathToLogFiles>
The parameters for ImportScans.bat and ImportActions.bat are as follows.
ComputerName The name of the computer that is hosting the SQL Server.
SQLServerName The name of the SQL Server where the new database is
created. Required.
DatabaseName The name of the database. Required.
PathToLogFiles The local (or UNC) path to the folder where the log files are
56
stored. The operator must have read/write/create

permissions to this location. Required.
Note: The default path for scan data log files in
offscan.ini is c:\OMPM\SCANDATA. The default path for
action log files is c:\OMPM\ACTIONLOGS.
For example, if your computer name is COMPUTER1, the database server is SQLEXPRESS, the
database name is OMPM001, and your log files are stored in c:\OMPM\SCANDATA, type the
following at the command prompt:
ImportScans.bat COMPUTER1\SQLEXPRESS OMPM001 c:\OMPM\SCANDATA
When the log files are successfully imported, the contents move to the imported subfolder in the
original <PathToLogFiles> folder.
Important
Do not run more than one import at the same time. Always allow one import to complete
before you start the next import. Running more than one import at the same time could
result in data corruption.
Notes:
• You must have Database Operator permissions to run these scripts.
• Because a subfolder is created, you must have read/write privileges to the storage
location.
• To obtain help for this command, type the following at a command prompt:
ImportScans.bat /? or ImportActions.bat /?.
Files that were previously stored in <PathToLogFiles> are moved to the sub-folder
OMPMImported. To run the import with the same set of files to a different database, copy the
files back to <PathToLogFiles>.
Fixing import failures

If you encounter a fatal error when you import your scan data, the OMPM database may be
corrupted. Because the database is populated with information from CAB files, you can use the
CAB files to restore your data. If you still have all of the CAB files, you have not lost any data. The
high-level process for fixing this situation is as follows:
• Delete the existing database.
• Create a new database.
• Move all of the CAB files out of the OMPMImported folder.
• Re-import the scan data and action CAB files.
You can use the following procedure to delete and restore the OMPM database.
57
Delete and restore the OMPM database
1. At a command prompt, navigate to the OMPM\Database folder and type:
DeleteDB.bat <ComputerName>\<SQLServerName> <DatabaseName>
For example, if your computer name is COMPUTER1, the database server is
SQLEXPRESS, and the database name is OMPM001, type the following at the
command prompt:
DeleteDB.bat COMPUTER1\SQLEXPRESS OMPM001
CreateDB.bat <ComputerName>\<SQLServerName> <DatabaseName>
SQLEXPRESS, and your new database name will be OMPM001, type the following at
the command prompt:
CreateDB.bat COMPUTER1\SQLEXPRESS OMPM001
3. Move all of the CAB files that are in the OMPM\SCANDATA\OMPMImported folder
up one level to the OMPM\SCANDATA folder, or to another folder if you prefer. Move all
of the folders that are in the OMPM\ACTIONLOGS\OMPMImported folder up one level
to the OMPM\ACTIONLOGS folder, or to another folder if you prefer.
ImportScans.bat <ComputerName>\<SQLServerName> <DatabaseName>
<PathToLogFiles>
SQLEXPRESS, the database name is OMPM001, and your log files are stored in
c:\OMPM\SCANDATA, type the following at the command prompt:
ImportScans.bat COMPUTER1\SQLEXPRESS OMPM001 c:\OMPM\SCANDATA
ImportActions.bat <ComputerName>\<SQLServerName> <DatabaseName>
<PathToLogFiles>
SQLEXPRESS, the database name is OMPM001, and your log files are stored in
c:\OMPM\ACTIONLOGS, type the following at the command prompt:
ImportActions.bat COMPUTER1\SQLEXPRESS OMPM001 c:\OMPM\ACTIONLOGS
58
Analyze reports from OMPM
You can use OMPM Reports to perform the following actions:
• Review OMPM File Scanner results to identify errors or to view coverage by computer.
• Manage issues.
• Create a list of files to convert and export the list to a file for use by the Office File
Converter (OFC) or the Version Extraction Tool (VET).
• Review data compatibility issues between Access version 1997 or earlier and Access
version 2000 or later.
Starting OMPM Reports

1. In the Reports folder where you installed OMPM, double-click OMPM.accdr. Click Yes at
the security prompt.
2. If this is your first time using OMPM Reports, enter the location of an OMPM database to
connect to.
3. In the Server: drop-down box on the OMPM Welcome page, select the SQL or SQL
Express server that you created earlier. If the server is not the default for a computer, it must
be specified as the named instance in the form <ComputerName>\<ServerName>. By
default, SQL Server installs itself as the default instance on a server, but SQL Express installs
itself using SQLEXPRESS as the named instance.
4. In the Database: drop-down box, select the name of the database. Click Connect. If you
have already connected to a database, OMPM Reports automatically open the database. If
you want to connect to a different database, click Connect.
Review Scan Coverage and Errors

1. On the OMPM Welcome page, select Scan Coverage and Errors. This brings up the
Scan Results page.
2. Select a Run ID at the top of the Scan Results page to view the results for that run of the
OMPM File Scanner.
3. To view the scan results for a specific computer, select the computer in Scan results for
each computer in the run selected above. The scan results appear in Scan errors for the
run and computer selected above.
Note
Only scanner coverage and errors are reported here. Use the Office 2007 Compatibility
report for upgrade issues identified by the scanner.
59
Review Office 2007 Compatibility
1. On the OMPM Welcome page, select Office 2007 Compatibility. This brings up the
Office 2007 Compatibility page.
2. You can load a filter that you previously saved by clicking the Load Filter… button at the
bottom of the page. Otherwise, specify your file filter settings in Select a File Filter, along the
left side of the page.
Note
Filters apply to which files are shown, not which issues or created files are shown.
For example, if you set Select Issues of Specified Type: to select all issues of level
Red, all files with red issues appear. However, if those files also have yellow and
green issues, reports of those issues also appear.
3. To invert the filter for a specific setting, check the box to the right of the setting. For
example, if you select a scanner run, you see all files discovered during that scanner run. If
you invert the filter for that setting, you see all files discovered during other runs, but not
during the selected run.
4. To apply the filter, click the Apply Filter button at the top of the 2007 Office release
Compatibility page. Use the tabs on the right side of the page to perform the following steps.
5. Select the Issue Summary tab to view a summary of the issues identified by the OMPM
File Scanner by severity, type, and frequency. You can bring up the summary in a new
window by clicking New Window at the bottom of the page.
6. To view issues and edit their severity level, click Manage Issues at the bottom of the
Issue Summary page, and review or edit issues on the resulting Manage Issues dialog. If
you review the impact of an issue and the issue is not important for your document set, you
can also change the issue level in this dialog. You can use this to organize your files into
processing groups of red, yellow, and green status.
7. Select the Computer Summary tab to view a summary of the issues for each computer
that was scanned. You can bring up the summary in a new window by clicking New Window
at the bottom of the page. To obtain a printable report, click Report View at the bottom of the
page.
8. Select the Scanned Files tab to view files that match the criteria set by the filter you
applied. You can bring up the summary for all files in a new window by clicking New Window
at the bottom of the page. To obtain a printable report, click Report View at the bottom of the
page.
9. Select the Created Files tab to view files that were created using the Office File
Converter or Version Extraction Tool. You can bring up the summary for all files in a new
window by clicking New Window at the bottom of the page. To obtain a printable report, click
Report View at the bottom of the page.
10. To save the filter, click the Save Filter… button at the bottom of the page.
11. Export the files to an XML file for use by the Office File Converter or Version Extraction
Tool by clicking the Export… button at the bottom of the page.
60
For more information about the filter criteria you can select, see OMPM Reports Filtering
Reference.
Review Access Compatibility

1. On the OMPM Welcome page, select Access Compatibility. This brings up the Access
Reporting page.
2. On the Access Reporting page, look at the date of the last analysis (next to Analyze). If
you have run a scan since that date, or if you have never run Analyze, click Analyzer
Settings on the Access Reporting page, specify the settings that you want, and click
Analyze. If you don't need to configure the settings and want to start an analysis of the scan
data, click Analyze on the Access Reporting page.
Note
Clicking Analyze prompts you with the message "Analysis can take quite a long time
and should not be canceled mid-run. Are you sure you want to continue?" If your
scan data covers fewer than 100,000 databases, the analysis usually takes only a
few minutes. If there are more than 100,000 databases, the analysis can take a long
time, and you might prefer to run the analysis overnight.
3. To search the Access scan data by field, select QuickSearch on the Access Reporting
page. This lists files that OMPM has analyzed. Use QuickSearch to find a specific database
file by name, or a list of databases in a specific path or on a specific computer.
4. To view or print interactive reports for Access data, select Reports on the Access
Reporting page. This brings up the View Reports tab. On the left navigation pane, you can
choose from the following reports:
• Database and Issue Details. Use this report to get the list of issues for each
database file.
• Database Issues Grouped by Issue. Use this report to find all the databases that
are identified as having a specific issue.
• Executive Summary. This report provides an overview of issues for all analyzed
databases, without the file-level details.
• Active versus Old Databases. This report lists analyzed databases and shows
whether they are active or inactive, based on their LastModified property.
• Conversion Issue–Database is an MDE file. This report lists .mde files and .mdb
files that have identical names.
• Conversion issue–Replicated database. This report lists databases that use
replication.
• Conversion issue–Reserved name in Form/Report/Macro. This report lists
databases that contain a reserved name in a form, report, or macro.
5. To view interactive charts that facilitate finding databases with certain attributes, select
Charts on the Access Reporting page. This brings up the Database Charts screen, where
you can choose from the following charts:
• Date Last Opened. Database count per year opened.
61
• Database Rating. Database count by level of user intervention required.
• Access Version. Database count by version of Access.
• File Size. Database count by file size.
• Conversion Issues. Database count by conversion issue.
• Warning Level. Database count by warning level.
6. To view databases and database objects on a per-file basis, data, select File Details on
the Access Reporting page.
7. To view database issues on a per-file basis, data, select Conversion Issues on the
Access Reporting page.
62
Migration considerations by application
In this chapter:
• Migration considerations for Access 2007
• Migration considerations for Excel 2007
• Migration considerations for Word 2007
See Also
63
Migration considerations for Access 2007
With Microsoft Office Access 2007, you can open and use databases created in Access 2000,
Access 2002, and Access 2003. Using the changes and improvements in Office Access 2007,
you can also convert databases created with previous versions of Access into the new Office
Access 2007 file format. Databases created with Access 97 or earlier must be enabled or
converted for use with Office Access 2007. This topic discusses database migration
considerations, including:
• Migration considerations for Access 2000, Access 2002, and Access 2003
• Migration considerations for Access 97 and earlier
• Office Access 2007 in mixed environments
• Office Access 2007 and SQL Server
• Tools to help with your conversion project
Migration considerations for Access 2000, Access

2002, and Access 2003
Databases created using Access 2000, Access 2002, and Access 2003 do not need to be
converted for use with Office Access 2007. You can open the databases and modify data and
object design in Office Access 2007. You can convert databases from MDB file format to ACCDB
file format to enable new functionality.
Most functionality in previous versions of Access is available in Office Access 2007, with some
exceptions.
Features available only in the new file format in Office Access

2007
The following features are available only with databases that are in Office Access 2007 ACCDB
file format. To use these features with existing databases, you must first convert the databases to
Office Access 2007 ACCDB file format.
• Complex data (multi-valued data types)
• Attachment Date type
• Append Only Memo fields
• Compressed image storage for any Picture property
• E-mail database as attachment
• Publish database to a Document Library in Microsoft Office SharePoint Server 2007
• Full support for Linked Tables to Office SharePoint Server 2007
• Offline support for Linked Tables to Office SharePoint Server 2007
• Linked Tables to files in ACCDB format
64
• Encrypt with database password
Features available only in MDB file format

The following features are available only with databases that are in Access 2003 or earlier MDB
file format. They are not available with Office Access 2007 ACCDB file format.
• Ability to open the database with previous versions of Access
• Object Level Security (also known as Workgroup Security)
• Database replication
• Encode database (replaced with Encrypt with database password)
Features no longer available in Office Access 2007

The following features are no longer available in Office Access 2007:
• Data Access Pages (DAPs) cannot be opened using Office Access 2007.You must use
Access 2003 or earlier to create or make design changes to DAPs. To browse DAPs, you
must use Internet Explorer. To browse Access 2000 DAPs, you must install Microsoft Office
2000 Web Components, which installs with Access 2000. To browse Access 2002 and Access
2003 DAPs, you must install Microsoft Office XP Web Components, available at Office XP
Tool: Web Components (http://go.microsoft.com/fwlink/?LinkId=36954).
• Microsoft Office XP Web Components is not installed with Office Access 2007. Forms in
PivotTable or PivotChart view still function correctly. Databases with references to
OWC10.DLL point to the new OFFOWC.DLL. The new OFFOWC.DLL does not support all of
the functionality in OWC10.DLL. In some cases, you might need to download and install the
Microsoft Office XP Web Components.
• Toolbars used in previous Access versions are not used by default. They are used only if
the following Startup options are configured:
• The Allow Built-in Toolbars option is disabled
• A default menu bar is specified.
• The user interface for toolbar and menu customizations is removed and replaced by the
new ribbon. The toolbars and menus can be modified in previous versions of Access or by
using the VBA object model or macros.
• The user interface for some early import and export formats is removed. There is no user
interface to export to ASP or IDC/HTX. There is no user interface to import files from Lotus 1-
2-3/DOS (*.wj*) or Exchange. Code and macros created to work with these formats continue
to work.
For more information about features that have changed in Office Access 2007, see Changes in
Access 2007.
65
Migration considerations for Access 97 and earlier
When you upgrade from Access 97 and earlier, you must either enable or convert your database
files (in MDB format) to open in Office Access 2007. When you open an Access 97 format MDB
file for the first time, you can enable or convert the database.
Enabling a database
By enabling a database, you make it compatible with Office Access 2007. You can open objects
and edit data, but all object definitions are read-only. You can open enabled databases in Access
97 or Office Access 2007, but you can only make design changes in Access 97. You can make
data changes in either Access 97 or Office Access 2007. This option is useful in mixed
environments where a database must open in both Access 97 and Office Access 2007.
Converting a database
Access 97 or earlier format databases are converted into Access 2002-2003 format by default. If
a database is converted to Access 2002 or Access 2003, the database can only be opened by
Access 2002 or Access 2003. To convert an Access 97 or earlier database to Office Access 2007
ACCDB file format, you must first convert it to Access 2002, Access 2003, or Access 2000. You
can then convert the database to Office Access 2007.
MDE file limitations

MDE files are MDB files with VBA source code compiled into computer code and VBA source
code removed. Office Access 2007 cannot convert or enable an MDE file. To upgrade an MDE
file, you must find the original MDB file and convert that file.
Access 2007 in mixed environments

You can use Office Access 2007 databases with previous versions of Access if you save the
database in MDB file format. Previous versions of Access cannot open databases in the ACCDB
file format. You can change the default file format for databases created in Office Access 2007.
The new database template feature requires the ACCDB file format.
Previous versions of Access do not recognize new Office Access 2007 features. In general,
previous versions of Access ignore new properties set in Office Access 2007, but these property
values will appear again when the properties re-open in Office Access 2007.
The following table shows new features in Office Access 2007 and how the features behave in
previous versions of Access.
New Feature in Office Access 2007 Behavior in Access 2000 and Access 2003
ACCDB file format Cannot be opened.
Complex data Only available in ACCDB file format.
Attachments Only available in ACCDB file format.
66
Append-only memo fields Only available in ACCDB file format.
Offline support for linked tables to Windows Only available in ACCDB file format.
SharePoint Services
Linked tables to ACCDB database Only available in ACCDB file format.
Encrypt with database password Only available in ACCDB file format.
Linked Tables to Windows SharePoint Services Not all data types are fully supported. Some
V3 columns may be read-only or might not appear.
Rich text Appears as plain text with HTML tags.
Date picker Does not appear.
Gridlines on layouts No gridlines appear.
Control layouts (stacked and tabular) Behave like independent controls.
Linked tables to Excel12 files Linked tables cannot be opened.
Macros embedded in event properties Event properties appear to be blank.
Control auto-resize and anchoring Controls do not automatically resize or move.
Tabbed document mode (SDI) Multiple windows (MDI).
Navigation pane Database container.
Custom groups in the navigation pane Does not appear.
Tables and Views mode Does not appear.
Ribbon Command bars.
Ribbon customizations Does not appear.
Saved imports and exports Does not appear.
Create data collection e-mail Does not appear.
Manage data collection replies Does not appear.
Alternating row color (alternate back color All rows appear the same color as the first row.
property) The Alternate Back Color property is ignored.
Filtering and sorting improvements Previous filtering and sorting user interface.
Report browse mode Print Preview only.
Design in browse mode for forms and reports Only design via the property sheet.
Save Database As Does not appear.
Share database on SharePoint Does not appear.
Upsize database to SharePoint Does not appear.
67
Access security and the Trust Center Prompts with security warnings and does not
have the ability to trust a file based on its
location.
Improved accessibility Datasheet, forms, and reports do not have the

same support for accessibility aides.
New Sorting and Grouping task pane Sorting and grouping dialog box.
Property Sheet task pane Property sheet floating dialog box.
Data Source task pane Field list floating dialog box.
Creating schema in the datasheet Schema must be created in table design.
Getting Started experience Getting Started task pane.
Database templates Cannot be opened.
Office Center for Options Separate dialog boxes for Options, Startup, and
AutoCorrect.
Editable value lists Value Lists do not have a user interface for
editing and are not automatically inherited from
the table.
Edit list items command for combo boxes and Does not appear.
list boxes
SharePoint Site Manager Does not appear.
Slit views Appears as a single item form.
Datasheet user interface enhancements Record selectors and selection.
Search box in record navigation user interface Does not appear.
Customizable caption for the record navigation Always appears as Record.

user interface
Handling VBA references

VBA references are handled the same way in Office Access 2007 as in previous releases.
References to other applications in 2007 Microsoft Office system, such as Microsoft Office Word
2007, Microsoft Office Excel 2007, or Microsoft Office Outlook 2007, reference their new type
libraries in 2007 Office system when you make design changes in Office Access 2007. If you do
not make design changes, the references are not automatically modified by Office Access 2007.
If the references are upgraded and the database opens on a computer that does not have 2007
Office system installed, the database has a broken VBA reference. This can cause error
messages. VBA references are compatible with previous versions of a type library, but they are
68
not guaranteed to work with future versions of a type library. To fix these databases, you must
manually fix VBA references to point to the version of the Office applications installed on that
computer.
In general, when you are working with multiple versions of Office, the best practice is to test the
database on the oldest version of Office and the oldest version of Microsoft Windows that you
plan to support. Make sure all of the references are fixed. When the database is opened using a
newer version of Office or Windows, the references still work.
Access 2007 and SQL Server

Access creates front-end applications that leverage SQL Server as a backend data source.
Access forms and reports can be optimized as efficiently as Visual Basic front-end for SQL
Server. Office Access 2007 offers two ways to connect to SQL Server data: linking to SQL Server
and Access Data Projects (ADPs).
The preferred way to connect to SQL Server is MDB file format or ACCDB file format. This
enables you to use the full flexibility of local tables and local queries, while leveraging the full
power of SQL Server. In addition, MDB and ACCDB files link to multiple SQL Servers and a wide
variety of other data sources. Office Access 2007 contains many new features available in both
MDB and ACCDB file formats, but only a subset of those features are available in ADPs.
Linking to SQL Server

Access leverages the flexibility of the Jet desktop database engine to link to SQL Server. Jet
provides extensibility to connect to a variety of different data sources. Previous versions of
Access used the version of Jet included with Microsoft Windows. Office Access 2007 uses its own
version of Jet.
From MDB or ACCDB files, Office Access 2007 enables you to create read/write Linked Tables to
SQL Server tables or views. Jet also supports SQL Pass-Through Queries, which can send SQL
commands directly to the SQL Server.
This linking ability enables you to:
• Link to multiple SQL Servers or other data sources.
• Include local tables.
• Include ad hoc or local queries instead of putting the queries on the server. Jet optimizes
the local queries to send as much of the query to the SQL Server as possible to minimize
client-side query processing.
You cannot directly modify the design of Linked Tables. You must use an ADP file or Enterprise
Manager included in SQL Server to make schema changes or design changes.
Access Data Projects (ADPs)

An Access Data Project is an OLE document file, like the .xls or.doc file formats. It contains forms,
reports, macros, VBA modules, and a connection string. All tables and queries are stored in SQL
Server. The ADP architecture was designed to create client-server applications. Because of this,
there is a limit to the number of records that Access returns in any recordset. This limit is
69
configurable, but you typically must build enough filtering into your application so that you do not
reach the limit.
Access uses OLEDB to communicate with SQL Server. To provide the Jet-like cursor behavior
desired for desktop applications, Access implements the Client Data Manager (CDM) as an
additional layer between Access and OLEDB.
Because of the layers required to get from Access to SQL Server in the ADP architecture, it is
often easier to optimize MDB/ACCDB file solutions. However, there are some scenarios where a
report might be generated significantly faster in an ADP file. To add these performance
improvements and retain the flexibility of SQL Server, you can build the majority of the application
in an MDB or ACCDB file and have the file load reports from a referenced ADP file.
One advantage that ADP files have over files in MDB or ACCDB format is the ability to make
design changes to SQL Server objects. ADP files include graphical designers for tables, views,
stored procedures, functions, and database diagrams.
Access 2003 Conversion Toolkit

You can use the Access 2003 Conversion Tool, available at Access 2003 Conversion Tool
(http://go.microsoft.com/fwlink/?LinkId=49681), to analyze databases for upgrade and conversion
to Access 2007.
Note
This tool does not convert your databases. It only helps you with scoping and identifying
known issues that have an impact on the conversion process.
70
Migration considerations for Excel 2007
Microsoft Office Excel 2007 provides users with many more robust, advanced features. Before a
migration to Office Excel 2007, users should learn more about these differences to determine how
the differences might affect the scope and pace of migration. The most significant functional
differences and corresponding behaviors are summarized below.
The Microsoft Office Migration Planning Manager (OMPM) helps with migration and migration
planning. OMPM contains file scanning and conversion tools to help organizations take inventory
of their documents, analyze the documents for readiness with the 2007 Microsoft Office system,
and provide notification regarding compatibility issues that may affect migration. For more
information about OMPM, see Assessing your environment with the Office Migration Planning
Manager.
Changes in Office Excel 2007

The three fundamental differences between earlier versions of Office Excel and Office Excel 2007
include:
• New Open XML Formats.
• Significantly expanded grid.
• Results-oriented user interface that provides many single-click commands.
New file formats

Microsoft Office Word 2007, Microsoft Office PowerPoint 2007, and Office Excel 2007 use the
new Open XML Formats. The Open XML Formats are compact and robust file formats that enable
better data integration between documents and back-end systems and that are distinct from the
binary-based file formats of previous versions of Microsoft Office.
The Open XML Formats is an open standard that was developed by Ecma International in
collaboration with many technology vendors. The standard maximizes interoperability in a
heterogeneous environment and enables technology providers to integrate files that are created
in the 2007 Office system into their solutions.
After installation of the 2007 Office system, users can continue to open, edit, and save workbooks
that were generated in the earlier binary file format. These workbooks can be converted to the
Open XML Formats. This enables better interoperability among applications from different
vendors and makes the Open XML Formats a better long-term solution. Users click the Microsoft
Office Button and click Convert to convert a workbook from an earlier format to the Open XML
Formats. See File format reference for more information about the file formats.
Caution
Users should consider existing links between workbooks before your organization
converts existing workbooks to the Open XML Formats. Because earlier versions of
71
Office Excel cannot update links to workbooks that are saved in the Open XML Formats,
all linked workbooks should be simultaneously converted.
Larger grid size

Users can develop more elaborate and detailed workbooks with the larger grid that is available in
Office Excel 2007. The larger grid allows more than 16,000 columns and 1 million rows. However,
the larger grid is incompatible with earlier versions of Office Excel. Data that is entered into cells
that are outside the previous grid boundaries (A1:IV65536) is permanently deleted when the
workbook is saved as an Office Excel 97-2003 workbook. All formulas that reference cells that are
outside the previous grid boundaries are also compromised.
Users of Office Excel 2007 who plan to share workbooks with users who work with an earlier
version of Office Excel should not enter data that is outside the grid boundary of the earlier
version. As an alternative, users can use Compatibility Mode, which helps to mitigate these
issues by regulating the larger grid size to match the grid size of earlier versions of Office Excel.
New user interface

Office Excel 2007 takes advantage of the new Microsoft Office Fluent user interface to offer
powerful productivity tools that are easily accessible. Most menus, toolbars, and task panes are
replaced by the Office Fluent Ribbon, which organizes commands by object or scenario and
groups the commands by tabs. The Office Fluent Ribbon provides access to more features, with
fewer steps. After migration to Office Excel 2007, the new user interface is available even when a
user works with workbooks that were created in earlier versions of Office Excel 2007.
Opening Excel 97–2003 workbooks in Office Excel

2007
Most of the features that are available in earlier versions of Office Excel still exist when a
workbook is opened in Office Excel 2007. There may be times when workbooks perform
differently than what users expect, either because a feature that is employed in the workbook is
removed or changed, or because the formula is associated with the file format or the specific
version of Office Excel that is used to create the workbook.
This topic discusses features in the following areas in earlier versions of Office Excel that are
either not available or are significantly changed in Office Excel 2007:
• Compatibility Tools
• Format Changes
• Visualization and Design
• Lists and PivotTables
• References and Names
72
Compatibility Tools
Office Excel 2007 contains compatibility support for the most common features that were used in
previous versions of Office Excel. Some functions that were seldom used in previous versions of
Office Excel are deprecated or eliminated. Most of the features that users rely on regularly are
still available in Office Excel 2007. Office Excel 2007 also contains compatibility safeguards to
help prevent the loss of data when users move between different versions of Office Excel.
Compatibility Mode
Compatibility Mode is tied to the Office Excel 97-2003 file format, which disables new features in
Office Excel 2007 that are not compatible with earlier versions of Office Excel. For example, when
a workbook that is opened in Office Excel 2007 is running in Compatibility Mode, the larger grid
size is suppressed so that users cannot enter data, formulas, or references that are outside the
smaller grid boundary of earlier versions of Office Excel.
Users that open a workbook that is saved in the Office Excel 97-2003 file format (.xls) see that
the workbook automatically functions in Compatibility Mode. Similarly, when users work with a
new workbook that will be used in earlier versions of Office Excel, they can turn on Compatibility
Mode (by saving the file in the Office Excel 97-2003 file format, and then closing and re-opening
the file) to prevent the accidental use of functions and features that are incompatible with the
earlier versions of Office Excel. This option is critical for users who plan to share workbooks with
other users who have not yet migrated to Office Excel 2007.
When users work in Compatibility Mode, they are still able to work with the Office Fluent user
interface and to have access to most of the new features. Only features that are incompatible—
such as the larger grid size—are turned off for that workbook. Similarly, when a user saves a new
workbook to the Office Excel 97–2003 file format, that workbook is automatically placed into
Compatibility Mode the next time the workbook is opened. To exit Compatibility Mode, users
convert the workbook to one of the new file formats and then re-open the workbook. Users can
accomplish this action in one step by using the Convert command: users click the Microsoft
Office Button and click Convert.
Compatibility Checker
The Compatibility Checker functions automatically by default when users save a workbook to the
Office Excel 97-2003 file format. It scans for features and characteristics that are not supported
by earlier versions of Office Excel. Users also have the option to disable the Compatibility
Checker so that it does not run automatically when the workbook is saved to an earlier file format.
The Compatibility Checker identifies two types of compatibility issues: features that are retained
but that function differently in earlier versions of Office Excel, and functions that are disabled in
Compatibility Mode and that are not functional in earlier versions of Office Excel. These issues
display in a dialog box that enables the user to respond and take action before data or functions
are lost. The Compatibility Checker lists issues that are identified in the workbook, summarizes
the number of occurrences of each issue, identifies tools to help locate the issues, and provides
additional help for the types of issues that are identified.
73
Format changes
The Open XML Formats in Office Excel 2007 accurately mirror and represent the binary data
formats of earlier versions of Office Excel. This means that users can still read and modify most
workbooks that were created in earlier versions of Office Excel in Office Excel 2007.
The more robust Open XML Formats accommodate more file types. Some file types are no longer
in common use. Consequently, changes are made to the names and extensions as follows:
• Support is removed for some legacy file types.
• The names of Office Excel 97-2003 file formats are changed to help users avoid
confusion.
• The new Office Excel 2007 file types are assigned new names and new file name
extensions.
New and renamed file names and file name extensions

New file name extensions are assigned to the new file formats that are available in Office Excel
2007. These new naming conventions help to avoid confusion when users work between versions
of Office Excel. The new file name options are listed in the following table and can be viewed in
the Save As dialog box.
File type File name extension
Office Excel 2007 Workbook .xlsx
Office Excel 2007 Macro-Enabled Workbook .xlsm
Office Excel 2007 Binary Workbook .xlsb
Office Excel 2007 Template .xltx
Office Excel 2007 Macro-Enabled Template .xltm
Office Excel 2007 Add-In .xlam
Support is removed for some file formats

A number of the previous file formats are seldom, if ever, used. Support for these formats is
removed from Office Excel 2007. Users can no longer open or save workbooks based on the
following file formats after a migration to Office Excel 2007:
• WK1 (1-2-3)
• WK4 (1-2-3)
• WJ3 (1-2-3 Japanese) (.wj3)
• WKS (1-2-3)
• WK3 (1-2-3)
• WK1, FMT (1-2-3)
74
• WJ3, FJ3 (1-2-3 Japanese) (.wj3)
• DBF 2 (dBASE II)
• WQ1 (Quattro Pro/DOS)
• WK3, FM3 (1-2-3)
• Microsoft Excel Chart (.xlc)
• WK1, ALL(1-2-3)
• WKS (Works Japanese) (.wks)
HTML file format for publishing only

Due to limited use as a primary file format, Office Excel 2007 no longer stores Excel-only feature
information in HTML file formats. The Save as HTML command is mainly used as a publishing
format, and Microsoft continues to support the command as a way to create a document that is
viewed in a Web browser. HTML files can still be opened in Office Excel 2007. Office Excel-
specific features that are contained in the files and that were created in an earlier version of
Office Excel are preserved. Users should save these files as a primary version of the document in
one of the new file formats. Users should publish the files to HTML.
Microsoft Script Editor

Integration with Microsoft Script Editor is removed from Office Word 2007, Office PowerPoint
2007, and Office Excel 2007 as part of the decision to move away from supporting HTML as a
full-fidelity file format. This change means that script debugging components are no longer
installed by default in Office Excel 2007. Microsoft Script Editor can still be installed with the
Microsoft Office suites so that it can run as a standalone program to edit HTML files.
Visualization and design

2007 Office system provides users with many improvements in visualization and design tools.
The biggest differences in Office Excel 2007 are in the following areas:
• AutoFormat and Style galleries
• Charting
• Shapes
AutoFormat
Office Excel 2007 includes galleries and functions that are now called Table Style and PivotTable
Style. These are significant improvements over the AutoFormat feature that was available in
earlier versions of Office Excel. The AutoFormat feature is not included in the Office Fluent
Ribbon. It can be added to the Quick Access Toolbar, which is an icon-driven tool set that appears
above the Office Fluent Ribbon and that users can customize.
75
Charting
Charting is now part of a shared Microsoft Office drawing layer with the 2007 Office system. This
means that some of the charting features that are specific to earlier versions of Office Excel are
not available in Office Excel 2007. In most cases, these features are replaced with more robust
capabilities.
Although some charting features are removed or changed, Office Excel 2007 users still have the
ability to view charts the way they were created in earlier versions of Office Excel. Issues may
arise if users attempt to make changes to charting features that are no longer available in Office
Excel 2007. The specific charting features that are not available in Office Excel 2007 and ways to
work around these differences are listed below.
• Resize multiple charts. Users no longer change the chart type of multiple charts
simultaneously. Each chart is now changed individually.
• Press F11 to duplicate a populated chart sheet. Users no longer press F11 on a
populated chart sheet to create a chart sheet with the same data. This action produces a
blank chart sheet in Office Excel 2007.
• Direct rotation of 3-D charts. The mouse is used to directly manipulate the 3-D view of
the chart in earlier versions of Office Excel. This is accomplished by using the 3-D Rotation
dialog box in Office Excel 2007.
• Pattern fills. Pattern fills for shape objects are removed in favor of picture and texture
fills. Existing files appear the same when they are loaded. The ability to create new shapes
with the previous pattern fills is removed as part of the new drawing capabilities.
• Size with window. Earlier versions of Office Excel have a Size with Window command
that automatically resizes charts on chart sheets when the window size changes. This feature
is removed. The Zoom to Selection command is used to achieve similar results.
• Automatic text box creation when typing. A text box is no longer automatically created
when a user types on a selected chart. A user can still insert text boxes by using the Insert
Text Box command.
• Default paste behavior in Word and PowerPoint. The default choice for copying and
pasting a chart from Office Excel 2007 to either Office Word or the Office PowerPoint
presentation graphics program is changed to linked. This setting can change to picture or
entire workbook through the Paste Options menu, which immediately displays after the
user pastes the chart.
• Word table as a data source. Unlike in earlier versions of Office Word, a user does not
use a table as data for a new chart in Office Word 2007. The user sees sample data rather
than data in the selected Office Word table. The user copies and pastes the real data into the
new chart to replace the sample data.
• Printed chart size. The Printed Chart Size option is removed from the Chart tab in the
Page Setup dialog box. The behavior matches the Custom setting from Office Excel 2003 in
Office Excel 2007.
• Drag data onto a chart. Users add data to a chart by selecting the data and dragging it
onto the chart in earlier versions of Office Excel. This feature is no longer available in Office
76
Excel 2007. Office Excel 2007 still supports the other, more common methods of adding data
to a chart.
• Direct manipulation of data points on charts. The user can drag data points on a chart
in earlier versions of Office Excel, which changes the data source values on the worksheet.
This seldom-used feature is removed from Office Excel 2007.
Shapes
All programs in the 2007 Office system feature a new version of shapes, with new formatting
capabilities, an upgraded user interface, integration with new Microsoft Office 2007 styles and
themes, and compatibility with other features that do not exist in earlier versions of OfficeArt. With
the 2007 Office system, the name OfficeArt is changed to SmartArt.
Most of the shapes within that workbook automatically convert to the newer version of shapes
when an Excel 97-2003 workbook opens in Office Excel 2007. This enables users to take
advantage of features that are available in the SmartArt Shape galleries in Office Excel 2007.
There are a few exceptions to the automatic upgrade, and in these instances OfficeArt Shapes
remain whole and usable in their previous format. These features include: comments, forms
controls (including dialog sheet backgrounds), Microsoft ActiveX objects, shapes used internally
by Office Excel 2007 for various features (such as filter drop-down lists, auditing and circular
reference arrows, and data validation ovals), OLE objects, camera tool objects, ink annotations,
header pictures, organization charts, and legacy diagrams.
It is important to note that non-upgraded shapes that are drawn in earlier versions of Office Excel
cannot be grouped with shapes that are drawn in Office Excel 2007 or with shapes that are
upgraded. Similarly, users cannot select upgraded and non-upgraded charts at the same time. As
a result, object types are layered when users mix object types. The earlier versions of shapes are
drawn on top of all later versions of shapes. The new version of charts cannot be shown on top of
the previous version of dialog sheets.
Although the charts still exist, users cannot view charts that are layered underneath the dialog
sheets. Users must access the new shapes by using the Select Objects command. Users must
use the Select Multiple Objects command in the Customize window to select shapes from an
earlier version of Office Excel.
Lists and PivotTables

Changes in Office Excel 2007 affect the following aspects of lists and PivotTables:
• AutoFilter.
• AutoFilterMode property.
• Lists are now called tables.
• Adding new records to tables.
• Table names.
• Office SharePoint Server lists and write-back to Office SharePoint Server 2007.
• PivotTables.
77
AutoFilter
Filtering is used to display a subset of the data or a portion of the workbook and to hide the rest of
the data or workbook from view. This feature is modified in Office Excel 2007 to enable easy
access to the most common filtering tasks: filtering by more than two conditions and filtering by
format.
AutoFilterMode property
In Office Excel 2003, users could create macros to check the AutoFilterMode property when the
selection was in a list (referred to as a table in Office Excel 2007) to determine if autofiltering was
turned on in that list. In Office Excel 2007, the AutoFilterMode property works with worksheet
autofilters and not with autofilters that are part of a table. This is due to properties of Office Excel
2007 that give each table its own AutoFilter object, which in turn enables multiple autofilters per
worksheet through the use of tables.
The AutoFilterMode property may not work correctly when users open an Office Excel 2003
workbook that contains macros that are used to check the AutoFilterMode property of a list
(table). This does not affect documents or macros that are created in versions of Office Excel
before Office Excel 2003.
To correct this issue, users enable the AutoFilter task from the List object, instead of at the macro
level.
Lists are now called tables

The list feature was introduced in Office Excel 2003 as a way for users to easily track lists of data,
such as contacts and orders. It is also the mechanism by which lists or data from an Office
SharePoint Server site can display in Office Excel 2003. In Office Excel 2007, the name of this
feature is changed to Table to match this feature in other Microsoft Office programs, such as
Office Word and Office PowerPoint.
Other changes to this feature make it a more robust organizational tool. When users work with
workbooks that contain lists that were created in earlier versions of Office Excel, users will
discover behavioral differences in the table features of Office Excel 2007. These differences are
described below.
Adding new records to a table

A special row that is used to add new records to a list appears at the bottom of a list in Office
Excel 2003. Although this row is removed from tables in Office Excel 2007, it is extremely easy to
add new records. In most cases, typing just below a table triggers Office Excel to add that row to
the table. The user may need to use the Insert Row command in the Table menu when there is
already data or another object just below the table.
Table name
When users create a table, they also create a defined name for the same range in Office Excel
2007. This name is used to reference the table in formulas that use the new structured
referencing feature.
78
Names used for PivotTables and tables in earlier versions of Office Excel may not meet the
requirements for range names in Office Excel 2007. Users must change the names of these
objects when the objects open in Office Excel 2007. This ensures that the objects are appropriate
for use in formulas and elsewhere.
The type of table names that are used for referencing are built on top of the existing Defined
Name feature in Office Excel. Consequently, the table names inherit the same restrictions that
defined names have, such as containing no spaces and having no support for certain characters.
The table name that was previously only available through the object model does not share these
same restrictions, so the two functions are separate.
Office SharePoint Server 2007 lists and write-back

Office Excel 2003 supports a user's ability to connect to (read) and update (write) lists that reside
on an Office SharePoint Server 2007 site. Lists that were created in Office Excel 2003 and that
connect to an Office SharePoint Server 2007 site continue to function as they always have, even
when the lists are opened in Office Excel 2007. Users can continue to update the Office
SharePoint Server 2007 site. However, the update feature is removed from Office Excel 2007.
This means that new tables that connect to an Office SharePoint Server 2007 site do not support
the ability to write back.
Users can still publish a table to an Office SharePoint Server 2007 site through a one-time write
option. Links to the list are read-only after they are published. Users can update the Office
SharePoint Server 2007 list by refreshing the table data in Office Excel, but users cannot update
the data directly on the Office SharePoint Server 2007 site.
In addition to these new behaviors, read/write connections to an Office SharePoint Server 2007
site are converted to a read-only connection when the workbook is saved to the new Office Excel
2007 file format. Users receive an alert message during the Save function. The message lets
them cancel out of the operation and process uncommitted changes.
Read-only connections to an Office SharePoint Server 2007 site behave the same as other
external data queries. For example, users no longer view the ID column. The column only
appears if it is part of the view for that list. Users can delete the ID column or any other column.
Users can also insert columns in the middle or add them to the end. This enables users to build
calculated columns by using existing columns. Users can also rename headers, change data
values for ad-hoc analysis, insert or delete worksheet rows, and apply custom data validation
rules.
These exercises do not affect data on the Office SharePoint Server 2007 site, because users
cannot save these modifications or update the Office SharePoint Server 2007 site. In other
words, the experience of working with a table that is connected to an Office SharePoint Server
2007 site should be as comfortable as working with a normal workbook that operates in read-only
mode.
PivotTables
Many changes are made to the formulas and architecture of PivotTable dynamic views in Office
Excel 2007. These changes enable users to do more with PivotTables, but the changes may also
cause some issues when users migrate from earlier versions of Office Excel.
79
To ensure that PivotTables remain whole and functional, the version property of PivotTables is
completely separate from the version property of Office Excel. PivotTables in Office Excel 2007
are version 12 (xlPivotTableVersion12). PivotTables that are created in earlier versions of Office
Excel have a different version number. For example, version 10 PivotTables
(xlPivotTableVersion10) are created in either Office Excel 2002 or Office Excel 2003.
When users work in Office Excel 2007, the version of the PivotTable is determined by whether the
user is working in Compatibility Mode. New PivotTables that are created in that workbook are
created in version 10 if the current workbook is in Compatibility Mode. New PivotTables are
created in version 12 when the current workbook is not in Compatibility Mode.
When the user saves a workbook from Compatibility Mode to one of the new file formats, the
PivotTables in that workbook are marked for upgrade. When each PivotTable is refreshed, it is
upgraded to version 12 and new functionality is enabled for that PivotTable.
It is important to note that version 12 PivotTables cannot be downgraded to version 10, even
when the workbook is saved by using a previous file format. This means that a version 12
PivotTable that is created in Office Excel 2007 cannot be modified or refreshed when it is opened
in an earlier version of Office Excel. However, the PivotTable maintains all functionality and can
be modified or refreshed when it is re-opened in Office Excel 2007.
If the user plans to share PivotTables with other users who are working in a previous version of
Office Excel and those users need to refresh the PivotTables, it is important to make sure that the
PivotTables are created as version 10 PivotTables. The simplest way to do this is by using
Compatibility Mode.
In addition to these versioning differences, other functional changes affect the behavior of
PivotTables. The following features are either removed or are significantly deprecated in Office
Excel 2007 due to a lack of interest from users. In some cases, these functions are replaced by
more robust PivotTable tools.
Calculated members
Calculated members that are defined in Microsoft Online Analytical Processing (OLAP) cubes do
not display by default in version 12 PivotTables. This does not apply to calculated measures
(calculated members in the Measures dimension). These always appear. Calculated members
appear by default in Office Excel 2003. However, this feature can be controlled in the object
model (PivotTable.ViewCalculatedMembers) in both Office Excel 2003 and Office Excel 2007.
This setting is also added to the Display tab in the PivotTable Options dialog box in Office Excel
2007 so that it is easy to make calculated members appear when they are needed.
Filtering with SQL Server 2005 Analysis Services

The new filtering features in OLAP PivotTables require support for sub-selects on the OLAP
server. Microsoft SQL Server 2005 Analysis Services supports sub-selects, so that all of the new
filtering options are available. Earlier versions of SQL Server Analysis Services do not support
sub-selects. When users work with earlier versions, only the filtering features that are available in
Office Excel 2003 PivotTables are available in Office Excel 2007 PivotTables.
80
OLAP Cube Wizard
The OLAP Cube Wizard enables the user to create OLAP cube files from relational data sources
and add hierarchical data organization to relational data in earlier versions of Office Excel. The
relational data can be viewed in PivotTables and the data can be stored in a separate file. The
OLAP Cube Wizard is removed from Office Excel 2007 because this feature was seldom used.
Users can still create PivotTables based on relational data by using the more common methods of
directly connecting to the relational data or by importing the data into an Office Excel workbook.
PivotTable Wizard
The PivotTable Wizard is no longer the primary user interface for creating PivotTables in Office
Excel 2007. Users can access a new, simpler one-step dialog box to create PivotTables for most
purposes. Users can add the PivotTable and PivotChart Wizard to the Quick Access Toolbar. The
following features are only available through the wizard:
• Server-defined page fields.
• Option to optimize memory.
• Ability to explicitly create a PivotTable based on another PivotTable.
• Multiple consolidation ranges.
Tracking customizations
Version 12 OLAP PivotTables track customizations of items, even when those items are
temporarily not visible in the PivotTable. This is true for formatting that is applied to items and to
customized item labels. This is an improvement over Office Excel 2003, where custom labels and
formatting were lost when the parent field collapsed. Office Excel 2007 stores and applies the
parent field information after the collapse-and-expand operations. Office Excel 2007 stores
customized labels when the field is removed from the PivotTable so that the customized labels
still appear when the field is added back to the PivotTable at a later time.
References and names

Though some features and functions are not altered in Office Excel 2007, users may experience
formula issues when a workbook that was created in an earlier version of Office Excel is opened
in Office Excel 2007. Cell references or names may become confused with the naming and
reference conventions that were made possible by the larger grid. Users should be aware of the
following possible issues in their existing workbooks.
Full row or column references

All full row and full column references automatically consider the new cells in the larger grid size
of Office Excel 2007 when a workbook from an earlier version of Office Excel is converted to the
Office Excel 2007 file format. This is because the reference =A:A refers to cells A1:A65536 in
earlier versions of Office Excel, but that same reference points to cells A1:A1048536 in the Office
Excel 2007 format.
Full row or column references are often used as a shortcut to capture all data in a range within
that row or column. This can lead to issues when a user enters data that is not meant to be
81
included in that reference further down the column or row. In addition, the results of functions that
reference full rows or columns can change when the functions are converted to Office Excel
2007. Examples include COUNTBLANK, ROWS, and COLUMN functions, which count the
number of cells, rows, or columns in the reference.
Names and column header labels

With the addition of over 16,000 columns, the column header labels in Office Excel 2007 now
extend to XFD. Many names that could be defined in earlier versions of Office Excel (for example,
USA1, FOO100, MGR4) are now valid cell references. Additionally, Office Excel 2007 now
reserves names that begin with xl for internal use.
When incompatible names are found during the conversion to the Office Excel 2007 file format,
the user is alerted to the conflict and an underscore (_) is automatically added to the beginning of
all incompatible names to make the names unique. External workbook references and functions
that take strings references, such as INDIRECT, are not updated when they are converted to the
Office Excel 2007 file format. These must be changed manually.
Office Excel 2007 does not change defined names that are referenced through Microsoft Visual
Basic for Applications (VBA) code. VBA code that references incompatible names does not work
and must be updated by the user or an IT professional. This is accomplished by performing a find
and replace action on the old name.
Opening Office Excel 2007 workbooks in earlier

versions of Office Excel
It is reasonable to expect that after a migration to Office Excel 2007, users will continue to share
workbooks with other users who are still working with earlier versions of Office Excel. There are
two ways to facilitate file sharing across versions of Office Excel.
• Users can use the Save As command to save the workbook in an earlier file format.
• Users of earlier versions of Office Excel can download the Compatibility Pack to open the
Office Excel 2007 workbook in its earlier format. For more information about the Compatibility
Pack, see Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File
Formats (http://go.microsoft.com/fwlink?LinkID=77512).
The workbook performs in the same way, whether the file is saved as an Office Excel 97-2003
workbook or whether the user opens the file with the Compatibility Pack. However, some of the
features, functions, and data that are entered in an Office Excel 2007 workbook may not be
visible or usable in earlier versions of Office Excel. Users can expect the following issues to arise
when an Office Excel 2007 workbook is opened in earlier versions of Office Excel.
Conditional formatting
Office Excel 2007 users benefit from many improvements to conditional formatting, including new
and more robust visualization tools, the Office Fluent Ribbon user interface, and new conditional
formatting rules. An increase to the number of formatting parameters that can be used
simultaneously and some added PivotTable and table functionality also improve the conditional
82
formatting experience. When Office Excel 2007 workbooks are shared with other users who are
working with earlier versions of Office Excel, it is important that users know how conditional
formatting functions in the earlier versions.
Formatting is retained
In general, all of the conditional formatting that is created in an Office Excel 2007 workbook is
retained when the formatting is saved to the earlier file format. Because conditional formatting is
another property that is assigned to the cell, it is not affected when the user alters data, font,
borders, and so on. If the user does not alter the conditional formatting, the user can open and
save the file in earlier versions of Office Excel with no loss of the new conditional formatting.
Earlier versions of Office Excel cannot display the new data visualizations that are added, such
as data bars, icon sets, and color scales. This does not mean the visualizations are lost. The
visualizations remain available so that they can be viewed when the workbook is opened again in
Office Excel 2007. But when the workbook is opened in the earlier versions, some of the
visualizations are not visible and others may appear slightly different, because earlier versions of
Office Excel may substitute a compatible visual quality when the new feature is not available. For
example, more variations on the color blue are available in Office Excel 2007. When a file that
references an unavailable blue is opened in an earlier version of Office Excel, the user still sees
blue, but a different hue of blue.
Users can edit files that contain new conditional formatting with earlier versions of Office Excel.
Users can change cell values, sort ranges, add formatting, and perform a number of other tasks
without changing the conditional formatting. In general, if the user does not make changes
directly to the conditional formatting on a range, the formatting safely reappears as it was
designed when the workbook is opened again in Office Excel 2007.
Designing formats for use in multiple versions

Users who want to create workbooks to share across multiple versions of Office Excel and who
want those workbooks to look the same no matter which version of Office Excel is used, should
not use the new visualizations and new rules.
The following list of new conditional formatting features affects the appearance of workbooks that
are opened in earlier versions of Office Excel. Users should avoid these new features in the
following circumstances:
• More than three conditions used for formatting. Earlier versions of Office Excel are
limited to three conditions per cell. If more than three conditions are applied in an Office Excel
2007 workbook, only the first three conditions display when the workbook is opened in earlier
versions of Office Excel.
• Conditional formatting that overlaps. Users can define overlapping conditional
formatting in Office Excel 2007, but earlier versions of Office Excel do not evaluate all of the
rules and these cells may show different formatting.
• New visualizations. Data bars, color scales, and icon sets cannot display in earlier
versions of Office Excel.
83
• Stop if True. Office Excel 2007 has a new conditional formatting option to process
additional formatting rules, even when a previous condition is true. Earlier versions of Office
Excel do not recognize this option, and stop after the first true condition.
• Top 10 or Compare to Average. Office Excel 2007 can apply conditions to subsets of
values. Earlier versions of Office Excel do not have these conditional formatting options The
earlier versions calculate the condition across all values.
• Non-contiguous formatting. Office Excel 2007 supports additional conditional
formatting on ranges that are not adjacent to each other. This conditional formatting type is
not supported in earlier versions of Office Excel.
Incompatible grid size

Data (including cell data, charts, and all other objects) that is located in cells that are outside the
grid boundaries of earlier versions of Office Excel (A1:IV65536) is permanently removed from the
workbook when it is opened in or is saved to Office Excel 2003 and earlier file formats.
Consequently, when workbooks are shared between earlier versions of Office Excel and the new
Office Excel 2007, Microsoft strongly recommends that the user does not enter data or create
references that point to data in cells that are outside the grid boundaries of earlier versions of
Office Excel, because those cells will not exist when they are opened in earlier versions.
Compatibility Mode helps to prevent this problem by regulating the larger grid of Office Excel
2007 for use across earlier versions of Office Excel.
When a user saves a file that contains references to cells that are outside the A1:IV65536 range
into an earlier file format, Office Excel 2007 provides the option to recalculate the workbook when
it is opened again. The user can also be prompted with a recalculate cells alert. This recalculates
all cell formulas and references based on actual data in the workbook. Cells with references that
are outside the A1:IV65536 range change to #REF!. The user should take one of the following
actions when the alert appears:
• Respond yes to this alert to make sure that users who view the workbook see cell values
that accurately reflect the data in the workbook. For example: a cell that referenced A100000
and displayed the value of that cell now shows #REF!, because cell A100000 no longer
exists.
• Respond no to this alert to send a snapshot of the values that appear in the A1:IV65536
range, even if some of the values are no longer valid because data was lost. For example, a
cell that referenced A100000 and displayed the value of that cell still displays that value even
though cell A100000 no longer exists, because Office Excel did not recalculate the cell
reference.
Incompatible tables and lists

The table feature (formerly list) was first introduced with Office Excel 2003. The table data
appears in the workbook when an Office Excel 2007 workbook is opened in a version of Office
Excel that is earlier than Office Excel 2003, but none of the surrounding table functionality is
available. The workbook, including the data inside the table, can be modified and the table should
remain intact when the workbook is re-opened in Office Excel 2007. However, structural changes
84
made to the workbook in versions of Office Excel that are earlier than Office Excel 2003, such as
inserting or deleting cells and columns, may cause the table—but not the data—to be lost when
the file is opened in Office Excel 2007.
External data queries

An external data query that is created in Office Excel 2007 still functions as an external query in
earlier versions of Office Excel, but the table functionality is not present. The external data query
can still be refreshed and changed without the table functionality. Further, the table functionality
should reappear when the file is opened in Office Excel 2007, but some types of modification may
cause the table to be lost. In those cases, the data and the external data functionality remain.
New security features

Office Excel 2007 includes the following new features to secure data:
• Trust Center and the Message Bar.
• Trusted Locations.
• Disallowing empty macros.
• Change in security levels.
• Programmability enhancements.
• Interaction between Office Excel 2007 and Internet Explorer.
Trust Center and the Message Bar

Trust Center is a new feature in the 2007 Office system that hosts all security settings for each
program in a location that is common across all programs in the 2007 Office system. In addition
to combining all security options in one central location, Trust Center includes the Message Bar,
which replaces security prompts when an Excel workbook is opened. This Message Bar is similar
to the pop-up blocker message that is used in the Windows Internet Explorer Internet browser.
All potentially dangerous content is blocked or disabled in the workbook without prompts by
default. No security decisions are made when a workbook is opened. For example, documents
with macros, ActiveX controls, and data links no longer prompt the user about the possible
security concern. These features are disabled. However, users are notified when something is
blocked, because the Message Bar appears in the program window. The user can click the bar to
take action, including allowing the blocked content if the user’s Group Policy settings allow it. In
the past, users had to make this decision before they were able to see the document and with
access to little or no information about the spreadsheet.
This new security model enables users to read a document and edit content while the document
is protected. Macros are only enabled if necessary and only after Trust Center and Group Policy
have determined that the document is what the user is expecting.
Office Excel 2007 users should become familiar with these new security features. Macros,
ActiveX controls, data links, and other robust features are commonly used in workbooks.
85
Trusted Locations
Trusted Locations is a new feature that provides additional management capabilities for IT
administrators and enhanced security for users. Trusted Locations are defined folders from which
documents that contain active content (macros, ActiveX controls) run without being subjected to
further security review, such as the Message Bar. With the 2007 Office system, administrators
can better manage the types of active content that can run and the conditions under which the
active content is permitted to run. Group Policy can prohibit running macros from all other
locations.
It is important to note that these Trusted Locations must be properly managed. Only documents
that are known to be safe should be placed in Trusted Locations. Any document that is stored in
the folders is completely trusted and does not display security warnings before the document
performs potentially harmful actions, such as running macros or connecting to data.
Empty macros
Users could retain comments or declarations in Excel VBA—or macro—code in Office Excel
2003. Users can no longer save macro code that contains only comments and declaration
statements in Office Excel 2007. The user must add a subroutine or function to the Excel VBA
code to retain these features.
Change in security levels

Four levels of macro security settings are available in Office Excel 2003: low, medium, high, and
very high. Users access Trust Center to find new macro security settings in the 2007 Office
system. These new settings are more descriptive than the previous settings and are more flexible
regarding security settings that are specific to Office Excel 2007.
Programmability issues
All documents that are saved in Open XML Formats are considered to be macro-free files and
cannot contain code by default. This behavior ensures that malicious code that resides in a
default document can never run unexpectedly. While documents can still contain and use macros
in the 2007 Office system, users must save documents as a macro-enabled document type. This
safeguard does not affect a developer’s ability to build solutions, but it does enable organizations
to use documents with more confidence.
Macro-enabled files employ the same file format as macro-free files, but the files contain
additional parts that macro-free files do not. The additional parts depend on the type of
automation that exists in the document. A macro-enabled file that uses VBA contains a binary part
that stores the VBA project. Any Office Excel 2007 workbook that utilizes macros that are created
in previous versions of Office Excel or any Office PowerPoint presentation that contains action
buttons are also saved as macro-enabled files. If a code-specific part exists in a macro-free file,
whether it is placed there accidentally or maliciously, the programs in the 2007 Office system do
not allow the code to run—without exception.
Users can now determine if code exists within a Microsoft Office document before the document
opens. Previously, this could not be easily accomplished unless the file was opened in a Microsoft
86
Office program. Users can now inspect the package file for the existence of code-based parts and
relationships without running Microsoft Office programs and potentially risky code. If a file looks
suspicious, users can remove the parts of the file that are capable of running code. This ensures
that the code cannot cause harm.
Interaction between Office Excel 2007 and Internet Explorer

When a user navigated to a Microsoft Office document from within Internet Explorer in earlier
versions of the Microsoft Office suites, the document opened with the program that was hosted
inside the Internet Explorer program. Many developers used this functionality to create a more
integrated interaction between their Web programs and the data that was produced by those
programs, such as creating a workbook and then instructing Internet Explorer to navigate to that
workbook. However, this caused confusion for users who wanted to work with documents from
the Web (Internet or intranet), because the full Office Excel user interface was not available from
within Internet Explorer.
This default behavior is changed in the 2007 Office system. The program does not open inside
Internet Explorer. Instead, the appropriate Microsoft Office program launches and opens the
document. This provides a more consistent experience; however, it may cause unexpected
behavior in custom applications that use Internet Explorer. Although this is the default behavior,
users can choose to revert to the earlier hosted behavior if that is what they prefer.
87
Migration considerations for Word 2007
This topic discusses migration considerations for Microsoft Office Word 2007, including:
• Migrating files to the new file format
• Migrating AutoText entries
• Migrating customizations
• Migrating Add-ins
• Migrating AutoCorrect entries
• Migrating the data key
Migrating files to the new file format

The file format for documents created in Office Word 2007 is changed. For more information
about new file formats in the 2007 Microsoft Office system, see File format reference. For more
information about migrating files to new file formats, or for coexisting with different versions of
Word, see Planning for migration and Migrating to the 2007 Office system.
Migrating AutoText entries

Office Word 2007 handles AutoText entries differently than in previous versions of Word. In
previous versions of Word, AutoText entries are stored in the Normal.dot template or in user
templates. Office Word 2007 replaces the Normal.dot template with the new Normal.dotm
template, which supports new file formats and other features in the 2007 Office system and also
contains different styles and formatting. Instead of storing AutoText entries in the new
Normal.dotm template by default, Office Word 2007 stores the entries as a separate template in
the Document Building Blocks directory.
The Document Building Blocks directory is new to Office Word 2007. Companies can create a
template and store it in the Document Building Blocks directory. This avoids any interaction
with the Normal template.
You must manually migrate your auto text entries to use them in Office Word 2007. Use the
following procedure.
Migrate AutoText entries to Word 2007

1. Copy the old Normal template from the %APPDATA%\Templates directory to the
%APPDATA%\Document Building Blocks directory. During installation, the old Normal
template was renamed from Normal.dot to Normal11.dot. (By default, %APPDATA% is
C:\Documents and Settings\<username>\AppData\Microsoft\.)
2. Open %APPDATA%\Document Building Blocks\Normal11.dot in Office Word
2007.
3. Save the file as AutoText.dotx. The file upgrades to the new file format.
88
4. Open AutoText.dotx in Office Word 2007, and go to the Building Blocks
Organizer. To do this, click Insert, click Quick Parts, and click Building Blocks
Organizer….
5. In Building Blocks Organizer, you can move AutoText entries to the Quick Parts
gallery or a gallery you prefer. To do this, select an AutoText entry, click Edit
Properties…, select the appropriate gallery in the Gallery: dropdown box, and click OK.
Perform the following procedure to make AutoText entries available while you compose e-mails.
Migrate AutoText entries to the NormalEmail.dotm template

1. Copy AutoText.dotx (in %APPDATA%\Document Building Blocks) to Temp.dotx
(in the same directory).
2. Open NormalEmail.dotm in Office Word 2007 and go to Building Blocks
Organizer. To do this, click Insert, click Quick Parts, and click Building Blocks
Organizer….
3. In Building Blocks Organizer, move all the AutoText entries from the Temp template
to the NormalEmail template. To do this, select an AutoText entry, click Edit
Properties…, select NormalEmail in the Save in: dropdown box, and click OK.
4. When you finish moving all AutoText entries, close Office Word 2007 and delete
%APPDATA%\Document Building Blocks\Temp.dotx.
Migrating customizations
Customizations to previous versions of Word do not automatically migrate to Office Word 2007
during installation. These customizations include:
• Settings
• Styles
• Add-ins
• Macros
• Toolbars
• AutoText entries
• AutoCorrect entries
Many features relating to these customizations are significantly redesigned in Office Word 2007.
Settings from earlier versions of Word do not automatically migrate to Office Word 2007. Users
can take advantage of the new features more easily.
In previous versions of Word, customizations are stored in the Normal template (Normal.dot).
This template stores customizations such as custom toolbars, default font changes, style
customizations (including user-created styles), macros, AutoText, and AutoCorrect entries. The
installation process for Office Word 2007 renames Normal.dot to Normal11.dot. The default for
Office Word 2007 is the new Normal.dotm template. By default, Normal11.dot and
Normal.dotm are stored in C:\Documents and
Settings\<username>\AppData\Microsoft\Templates.
89
Use the following procedure to retrieve the customizations from a previous version of Word.
Note
Some customizations for previous versions of Word, such as some changes to the user
interface, might not apply to Office Word 2007 and will not have an effect in Office Word
2007.
Migrate the contents of Normal11.dot to Normal.dotm

1. Exit Office Word 2007 if it is currently open.
2. In My Computer (or Computer if you are using Microsoft Windows Vista), navigate
to C:\Documents and Settings\<username>\AppData\Microsoft\Templates, or the
appropriate directory if you specified an alternate location during installation.
3. Right-click Normal.dotm, select Rename, and enter a name, such as Normal.old.
Click Yes when the following message appears: "If you change a file name extension, the
file may become unusable. Are you sure you want to change it?"
4. Right-click Normal11.dot, select Rename, and enter Normal.dot for the new
filename. The next time you start Office Word 2007, Office Word 2007 converts and
renames Normal.dot to Normal.dotm. Your customizations should now be available in
Office Word 2007.
Migrating Add-ins
If add-ins from a previous version of Word are no longer available after you upgrade to Office
Word 2007, see the Knowledge Base article Add-ins may not be available after you upgrade to
Word 2007 (http://go.microsoft.com/fwlink/?LinkId=80909).
Migrating AutoCorrect entries

To migrate AutoCorrect entries from a previous version of Word, see the Knowledge Base article
How to move AutoCorrect entries in Word 2007 from one computer to another computer
Migrating the data key

The data key stores the settings for frequently used options. The data key cannot be migrated
from a previous version of Word to Office Word 2007.
See Also
• Planning for migration
• Changes in the 2007 Office system
• Changes in Word 2007, Excel 2007, and PowerPoint 2007
90
• Changes in Word 2007
III Planning for Outlook 2007

In this section:
Planning for installing and upgrading Outlook 2007 (Office Resource Kit)
Planning for security and protection in Outlook 2007 (Office Resource Kit)
91
Planning for installing and upgrading
Outlook 2007 (Office Resource Kit)
In this chapter:
Outlook 2007 deployment overview
Determine when to install Outlook 2007
Install Outlook 2007 by using the Office Customization Tool
Plan an upgrade to Outlook 2007
How Outlook 2007 works with different Exchange Server versions
Plan a Cached Exchange Mode deployment in Outlook 2007
Plan Outlook 2007 Offline Address Book deployment
Considerations when installing Outlook 2007 in a Terminal Services Environment
92
Outlook 2007 deployment overview
A close review of your organization's messaging requirements will help you plan the optimal
Microsoft Office Outlook 2007 deployment. This topic provides an overview of issues to consider
when you deploy Office Outlook 2007. Most areas are covered in more detail in other Office
Resource Kit topics, which are listed in See Also.
Determining your organization's needs

Your organization's messaging environment helps to shape your Office Outlook 2007 deployment.
Factors to consider include whether you are upgrading Outlook, installing the application for the
first time, planning for roaming or remote users, or choosing a combination of these and other
factors.
Upgrade or initial installation

If you are upgrading to Office Outlook 2007 from an earlier version of Outlook, consider whether
you will migrate previous settings, modify user profiles, and use new customization options. The
Office Customization Tool (OCT) provides options for migrating users' current settings and for
making other customizations, such as defining new Microsoft Exchange servers and customizing
new features. User settings are migrated automatically by default, except for security settings.
If you are deploying Outlook on client computers for the first time, each user needs an Outlook
profile to store information about e-mail messaging server connections and other important
Outlook settings. You use the Office Customization Tool or deploy an Outlook Profile (PRF) file to
define profile settings for your users.
Migrating data
If your organization uses a different mail client, you might need to migrate data from those clients
to Office Outlook 2007. Importers provided in Outlook (for example, for Eudora Light) might be
helpful. Importers cannot be configured to run automatically; you use them to migrate data
individually for each user.
Remote and roaming users

Special customizations are required to deploy Outlook to remote users and roaming users, and to
set up Outlook for multiple users on the same computer.
You might want to configure features such as Outlook Anywhere (RPC over HTTP) and Cached
Exchange Mode for remote users. These features enhance the user experience when Outlook is
used over slower or less reliable connections. With Outlook Anywhere, you can configure
connections that enable users to connect more securely from the Internet (HTTP) to Exchange
servers in your organization without using a Virtual Private Network (VPN) connection. Cached
Exchange Mode is an Outlook feature that uses a local copy of users' mailboxes. This feature
93
enables users to have more reliable access to their Outlook data, whether they are connected to
a network or they are working offline.
Roaming users should have the same messaging environment on each computer to which they
roam. This includes the type and version of the operating system, Outlook version, and Outlook
installation location on the computer.
For multiple users sharing the same computer, use Microsoft Windows logon features on the
computer's operating system to manage user logon verification. Make sure that each user runs
the same version of Outlook so that conflicts do not arise among shared files. Conflicts can occur
when one version of Outlook attempts to write a file to a file folder location that is shared by other
versions of Outlook used on the same computer. To learn more about setting up multiple Outlook
users on the same computer, see the Outlook Help topic Using Outlook on a computer you share
with other people.
Multilingual requirements
The 2007 Microsoft Office system provides broad support for deploying in international or
multilingual environments. An 2007 Office system product consists of the language-neutral core
package plus one or more language-specific packages. In addition to the Proofing Tools included
in each language version, you can download and deploy Proofing Tools for other languages to
help multilingual groups work with and edit files in a variety of languages.
Office Outlook 2007 supports Unicode throughout the product to help multilingual organizations
seamlessly exchange messages and other information in a multilingual environment.
Client and messaging server platforms

Some features of Office Outlook 2007 (for example, Cached Exchange Mode) require Microsoft
Exchange Server as a messaging platform. While Office Outlook 2007 works well with earlier
versions of Exchange, some features of Office Outlook 2007 require specific versions of
Exchange. Because of this and other enhanced integration with Exchange throughout Office
Outlook 2007, you might gain the greatest benefit by combining Office Outlook 2007 with the
latest version of Exchange.
Deployment customization decisions for Office Outlook 2007 depend on which version of
Exchange Server you are using. If you currently use Exchange Server as your messaging server
and you have not upgraded to Exchange 2003 or later, consider coordinating your Exchange
Server upgrade with your deployment timing for Office Outlook 2007. Exchange Server 2000 is
the minimum version for using Exchange Server with Office Outlook 2007.
Choosing when and how to install Outlook

You have options for when and how you install Office Outlook 2007. For example, consider
whether it would be best for your organization to:
• Install or upgrade Outlook for different groups of users in stages, or at one time.
• Install Outlook as a stand-alone application.
• Install Outlook before, with, or after the 2007 Office system.
94
Each organization has a different environment and might make different choices about timing
Office Outlook 2007 upgrades. For example, you might have a messaging group that is
responsible for upgrading Outlook and a separate group that plans deployment for other Office
applications. In this case, it might be easier to upgrade Outlook separately from the rest of Office,
rather than attempting to coordinate deployment between the two groups.
Note
Office Outlook 2007 cannot coexist with previous versions of Outlook. If you need to use
previous versions, do not install Office Outlook 2007.
Customizing Outlook settings and profiles

You can customize your Outlook installation to handle Outlook user settings and profiles in two
ways. You can:
• Specify Outlook user settings in the Office Customization Tool (OCT).
• Specify options for managing new and existing Outlook profiles in the OCT or use an
Outlook Profile (PRF) file.
For example, you can enable Outlook users to migrate their current profiles and settings while
default profiles and settings are defined for new Outlook users. You can also modify existing
profiles and establish new default profiles for new Outlook users.
When you customize Outlook by using the OCT, you save your choices and other installation
preferences in the customization file that is applied during Setup. Later, you update settings and
profile information by opening the file in the OCT and saving a new copy of the file.
Configuring subscriptions and other sharing features

Office Outlook 2007 includes new features so you can easily subscribe to new sources of content
and share the features with users inside and outside your organization. Content sources include
Windows SharePoint Services 3.0 (WSS) contacts, tasks, and calendars, along with local and
Internet-based calendars (iCals).
Really Simple Syndication (RSS) is another sharing feature that enables users to subscribe to
internal or Internet-based sources of syndicated content (XML files) to avoid having to check a
site for new information. You can deploy specific RSS Feeds or calendar subscriptions to users,
configure settings to manage how users can share these subscriptions or content, specify how
often the servers update users' copies of the data, and more.
Using Outlook with Terminal Services

Microsoft Terminal Services enables you to install a single copy of Office Outlook 2007 on a
Terminal Services computer. Instead of running Outlook locally, multiple users connect to the
server and run Outlook from that server.
To achieve the optimal results when you use Outlook with Terminal Services, pay close attention
to how you customize your Outlook configuration. For example, Cached Exchange Mode cannot
be configured with Terminal Services. Note that Outlook might be part of an environment that
includes other applications provided on the same Terminal Services computer.
95
Collaboration Data Objects dependencies
Collaboration Data Objects (CDO) must be downloaded and then installed locally. You can
download CDO at Collaboration Data Objects version 1.2.1.
Security and privacy considerations

Outlook includes many security and privacy features.
The new Trust Center for Office

The new Trust Center for the 2007 Office system provides a central location for security and
privacy options. The Very High, High, Medium, and Low security levels that were used in earlier
versions of Office are replaced with a more streamlined security system.
For more information, see Overview of security in the 2007 Office system.
Limiting viruses and junk e-mail messages for your users

Office Outlook 2007 includes features designed to help minimize the spread of viruses and to
help users avoid junk e-mail.
In Office Outlook 2007, you can configure virus-prevention and other security settings in Group
Policy to support the needs of your organization. You can also use the Outlook Security Template
to configure settings, as in earlier releases of Outlook. With either configuration method, you can,
for example, modify the list of file types that are blocked in e-mail messages.
The Object Model (OM) Guard that helps prevent viruses from using the Outlook Address Book to
propagate themselves is updated. Outlook checks for up-to-date antivirus software to help
determine when to display address book access warnings and other Outlook security warnings.
Office Outlook 2007 has several features to help users avoid receiving junk e-mail messages.
Office Outlook 2007 includes a Junk E-mail Filter for users that replaces the rules used in
previous versions of Outlook to filter mail. Messages caught by the filter are moved to the Junk E-
mail folder, where they can be viewed or deleted later. Office Outlook 2007 includes a new
Postmarking feature that can help the Junk E-mail filter determine valid e-mail messages.
Junk e-mail senders can include a Web beacon in HTML e-mail messages that includes external
content. When users open or view the e-mail, their e-mail address is verified as valid. This
increases the likelihood that they will receive more junk e-mail messages. Office Outlook 2007
reduces the likelihood that users will become targets for future junk e-mail by blocking automatic
picture-downloads from external servers by default.
Office Outlook 2007 helps protect against issues created by phishing e-mail messages and
deceptive domain names. By default, Outlook screens phishing e-mail messages—e-mail that
appears to be legitimate but is designed to capture personal information, such as a user's bank
account number and password. Outlook also helps prevent e-mail messages from deceptive
users by warning about suspicious domain names in e-mail addresses. Office Outlook 2007
supports Internationalized Domain Names (IDN) in e-mail addresses, which allows people to
register and use domain names in their native languages instead of online English. IDN support
allows phishers to send homograph attacks: a situation in which a look-alike domain name is
96
created using alphabet characters from different languages, not just English, with the intention of
deceiving users into thinking they are visiting a legitimate Web site.
Configuring cryptographic features

Outlook provides cryptographic features for sending and receiving security-enhanced e-mail
messages over the Internet or local intranet. You can customize features in an Office Outlook
2007 deployment to set cryptographic options that are appropriate for your organization.
You can also implement additional features to help enhance security in e-mail messaging. For
example, you can provide security labels that match your organization's security policy. An
Internal Use Only label might be implemented as a security label to apply to mail messages that
should not be sent or forwarded outside your company.
Restricting permission on e-mail messages

Information Rights Management (IRM) helps users prevent sensitive e-mail messages and other
2007 Office system content, such as documents and worksheets, from being forwarded, edited,
or copied by unauthorized people. In Office Outlook 2007, users can use IRM to mark e-mail
messages with Do not forward, which automatically restricts permission for recipients to forward,
print, or copy the message. In addition, you can define customized Office-wide IRM permission
policies for your organization's needs and deploy the new permission policies for users to use
with e-mail messages or other Office documents.
Outlook 2007 and e-mail protocols and servers

Office Outlook 2007 can be used with a wide variety of e-mail servers and services. The primary
e-mail servers and services supported by Outlook include:
• Simple Mail Transfer Protocol (SMTP)
• Post Office Protocol version 3 (POP3)
• Internet Mail Access Protocol version 4 (IMAP4)
• Messaging Application Programming Interface (MAPI) for Microsoft Exchange Server
(version 2000 and later)
• MSN/Hotmail DAV/HTTP Protocol
• Other messaging and information sources, including Hewlett-Packard OpenMail and
Banyan Intelligent Messaging. Use of these additional service providers is made possible by
the way that Office Outlook 2007 uses the MAPI extensibility interface.
Note
The Microsoft Office Outlook Connector for IBM Lotus Domino replaces the Microsoft
Outlook 2002 Connector. The current version of the Outlook Connector does not work
with Microsoft Office Outlook 2007 because of changes in the application programming
interfaces (APIs) in Outlook. Microsoft continually evaluates customer requests for the
Outlook Connector, but there is no planned release for an updated tool at this time.
97
Users can use Office Outlook 2007 without an e-mail server to use the Contacts, Tasks, and
Calendar features in a stand-alone configuration.
See Also
• Install Outlook 2007 by using the Office Customization Tool
• Determine when to install Outlook 2007
• Plan an upgrade to Outlook 2007
• Configuring Really Simple Syndication (RSS) in Outlook 2007
• Plan for configuring security settings in Outlook 2007
• Plan for e-mail messaging cryptography
98
Determine when to install Outlook 2007
You can install Microsoft Office Outlook 2007 before, with, or after an installation of other
applications in the 2007 Microsoft Office system. You can also deploy Office Outlook 2007 to
different groups of users at different times. Each installation strategy has requirements,
advantages, and disadvantages.
Note
Installing Office Outlook 2007 without the 2007 Office system limits Office Outlook 2007
functionality in the following ways: 1) The Office Outlook 2007 e-mail editor has fewer
features, and 2) Internet Fax functionality is not available. For details about how
functionality is limited, see Impact of deploying Outlook 2007 without Word 2007.
Installing Outlook with Office

You can install Office Outlook 2007 as part of your overall upgrade to the 2007 Office system.
Office Outlook 2007 is included in most editions of the Microsoft Office System of products.
Install Office Outlook 2007 with the 2007 Office system to eliminate the extra steps involved in
creating separate application deployments.
Installing Outlook before Office

You might install Office Outlook 2007 in the following scenarios before you deploy other
applications in the 2007 Office system:
• To test custom solutions that rely on previous versions of Office applications (such as
Microsoft Word 2003 or Microsoft Excel 2003) before you install the current version.
• When your messaging support group has the resources to install Office Outlook 2007
now, but the desktop applications support group must install the rest of Office later.
Note
Office Outlook 2007 cannot coexist with previous versions of Outlook. If users or tools
require a previous version, do not install Office Outlook 2007.
To install Office Outlook 2007 before you install the 2007 Office system:
• Customize Office Setup to install only Office Outlook 2007 from a network installation
point.
• Later, create or update a Setup customization file with the Office Customization Tool
(OCT) that installs 2007 Office system from the same network installation point.
For details about installing 2007 Office system applications in stages, see Stage deployment of
applications in the 2007 Office system.
99
Advantages of installing Outlook before Office
If you deploy Office Outlook 2007 promptly, users can begin to use new features without waiting
for testing or technical support to become available for a complete upgrade.
Disadvantages of installing Outlook before Office

Installing Office Outlook 2007 before you install the rest of the 2007 Office system has several
disadvantages:
• When you deploy the other 2007 Office system applications later, you must customize the
installation process to preserve your original Office Outlook 2007 settings.
• The Office Outlook 2007 editor has reduced functionality unless Office Word 2007 has
also been installed.
• When you use the same network installation point for Office Outlook 2007 and the 2007
Office system, you must take extra steps to modify the installation options.
Installing Outlook after Office

You can wait to install Office Outlook 2007 until after you have installed the 2007 Office system. If
any of the following scenarios describe your organization, you might consider delaying your
deployment of Office Outlook 2007:
• You plan to coordinate your Office Outlook 2007 deployment with a future upgrade of
Microsoft Exchange Server.
• You want to convert Lotus Notes to a Microsoft Exchange Server solution before you
upgrade to Office Outlook 2007.
• Your desktop support group has the resources to upgrade to the 2007 Office system now,
but the messaging support group must wait to deploy Office Outlook 2007.
To install Office Outlook 2007 after you have installed the 2007 Office system:
• Customize Office Setup to install only Office Outlook 2007 from a network installation
point.
• Later, create or update a Setup customization file with the OCT that installs 2007 Office
system from the same network installation point.
Advantages of installing Outlook after Office

In many organizations, it makes sense to coordinate an Office Outlook 2007 deployment with an
upgrade of a mail server, rather than with an upgrade of other desktop applications. For example,
if you plan to upgrade to a new version of Microsoft Exchange Server, you might plan an Office
Outlook 2007 upgrade to follow immediately afterward—independently from an upgrade of other
2007 Office system applications—to take advantage of features that work together between the
e-mail server and client.
100
Disadvantages of installing Outlook after Office
When you install Office without Office Outlook 2007, you must use the Office Customization Tool
to customize Setup. This ensures that previous versions of Outlook are not removed from users'
computers.
Regardless of when or how you install Office Outlook 2007 separately from the 2007 Office
system, you must perform extra steps to manage customizations to the installation process.
Staging an Outlook deployment

Some groups in your organization might be ready to immediately upgrade to Office Outlook 2007,
while other groups might need more time. The following situations might warrant a staged
deployment of Office Outlook 2007:
• Your normal policy is to stage upgrades to help ensure a smooth rollout of new software
throughout your organization.
• You have remote systems support groups (for example, in regional sales offices) that
require autonomy in scheduling upgrades for their areas.
• Some groups want to wait until after a project deadline before making changes to their
local computers.
• You have limited resources for staging and upgrading systems throughout your
organization.
Advantages of staging a deployment

Staging your Office Outlook 2007 deployment gives you more flexibility in managing your
upgrading resources. In addition, pilot users immediately become familiar with the new features
and productivity enhancements of Office Outlook 2007.
In most scenarios, there are no significant technical problems when users work with different
versions of Outlook. Office Outlook 2007 users can communicate seamlessly with users of
Outlook 2003 and Office 2003. However, if users have set up delegate access in Outlook, the
person granting delegate permission and the delegate should use the same version of Outlook.
Disadvantages of staging a deployment

You must consider the logistics of scheduling and managing a staged deployment. Your
organization might require extra resources to support users on different versions of the same
product; for example, you might need additional help desk staff training.
101
Install Outlook 2007 by using the Office
Customization Tool
The Office Customization Tool (OCT) helps you configure how Microsoft Office Outlook 2007 is
installed on users' computers. This tool enables you to include custom settings and Outlook
profile configurations in a Setup customization file that is applied when Office Outlook 2007 is
installed from a network installation point.
Customizing Outlook by using the Office

Customization Tool
You can use the OCT to customize the following aspects of your installation of a network
installation point for Office Outlook 2007:
• Specify installation states for Outlook features
• Specify Outlook user settings
• Customize profiles and (optionally) export profile settings to a PRF file
• Configure Send/Receive settings for Microsoft Exchange accounts
After your initial installation, you also use the OCT to modify and deploy updates to
customizations.
Specifying installation states for Outlook features

You use the Set Feature Installation States page in the OCT to specify how and when Office
Outlook 2007 features are installed.
For example, for the feature Microsoft Outlook for Windows, you might set the installation state
to Run all from My Computer. In this case, all Office Outlook 2007 features are installed on the
user's computer. Or you might set some features to install locally with Run from My Computer,
and others to install when the user first gains access to the feature with Installed on First Use.
Another common option, Not Available, Hidden, Locked, sets some features to not install and to
not appear in the feature tree if users change the installation state of the parent feature.
Specifying Outlook user settings

There are three ways to use the OCT to customize Outlook user settings for your installation:
• Use the Modify user settings page in the OCT to customize Outlook user settings. This
option might be more time-consuming than using the User State Migration Tool, especially if
you have a large number of user settings.
• Use Group Policy to specify settings to enforce. Typically, if you use the OCT to define a
default setting for options, you can also use Group Policy to lock down those options.
102
Customizing Outlook profiles
Using the OCT, you can create Outlook profiles and modify the settings in existing Outlook
profiles. For example, you can keep all existing Outlook user profiles and specify a default
configuration for new profiles.
Your options for configuring profiles include:
• Specifying Exchange server connections
• Defining account information, such as adding POP3 or LDAP accounts
• Saving the configuration in an Office Outlook 2007 profile file (PRF file)
For more information about how to customize Outlook profiles, see the Outlook profile section of
the Office Customization Tool reference.
Configure Outlook Send/Receive settings

You can also use the OCT to define Outlook Send/Receive settings. A Send/Receive group
contains a collection of Outlook accounts and folders. You specify the tasks that are performed on
each group during a Send/Receive in Outlook. You also specify different options for
Send/Receive groups when Outlook is online and offline.
For more information about how to customize Send/Receive settings, see the Specify
Send/Receive groups section of the Office Customization Tool reference.
See Also
• Customize Outlook 2007 profiles with an Outlook Profile (PRF) file
103
Plan an upgrade to Outlook 2007
Microsoft Office Outlook 2007 is compatible with earlier versions of Outlook. Upgrading typically
involves no more than customizing settings and then deploying Outlook on users' computers.
Note
This topic is for Outlook administrators. If you are experiencing difficulty upgrading
Outlook on your computer, see Upgrade Your Installation in the Microsoft Office Outlook
2007Help and Support page on Office Online.
This topic discusses the following items:
Issues to consider when planning an upgrade, including planning for cryptographic and security
needs, Microsoft Exchange Server upgrades, and so on.
Upgrading from an earlier version of Outlook, including configuring Outlook user profiles,
upgrading with Cached Exchange Mode already configured, upgrading from an Outlook Internet-
only (IMO) installation, choosing fax support, and supporting forms.
Upgrading from other mail and scheduling programs, including a table listing migration paths
supported by Office Outlook 2007.
Note
You cannot import MS Mail files to Office Outlook 2007, and you cannot share information
between Office Outlook 2007 and Schedule+.
Issues to consider when planning an upgrade

To prepare for an upgrade, you must decide on the following issues:
• Which cryptographic and security settings do you want your users to have? For more
information, see Plan for e-mail messaging cryptography and Set consistent Outlook 2007
cryptography options for an organization.
• If you use Microsoft Exchange 2000 as your messaging server, should you upgrade to
Exchange 2003 or Exchange 2007 before deploying Office Outlook 2007? For more
information, see How Outlook 2007 works with different Exchange Server versions.
• Should you upgrade all users in your organization at once or in stages? If you plan to
upgrade in stages, keep in mind that Outlook users might need to exchange e-mail messages
and scheduling data with users of other Microsoft e-mail and calendar applications, which can
complicate support issues.
• If you plan to install the 2007 Microsoft Office system, should you upgrade to Office
Outlook 2007 at the same time, or later? If users upgrade to Office Outlook 2007 before
upgrading to other Office applications, their e-mail editor will have limited functionality. For
more information about staging your Outlook deployment (by upgrading groups of users in
stages, or by separating the Office Outlook 2007 installation from the Office installation), see
Determine when to install Outlook 2007.
104
• Should you make changes to Outlook user profiles as part of your upgrade? For
example, you might define a new Exchange server or enable new features of Office Outlook
2007. For more information about customizing Outlook profiles, see Install Outlook 2007 by
using the Office Customization Tool and Apply an Outlook Profile (PRF) File to configure
Outlook 2007 profiles.
• Does your organization use fax features or Outlook forms from earlier version of Outlook?
For more information, see Upgrading from an earlier version of Outlook later in this topic.
• How should you create and store a backup of your existing installation? Before upgrading
to any new release, it is wise to back up your existing data. For more information about
backing up Outlook files, see Back up Outlook data with the Microsoft Outlook Personal
Folders Backup tool.
• How will your users learn about the new interface and features of 2007 Office system? To
help them get started, you might direct them to Office Online demos such as The new
Microsoft Office user interface demo which allows users to try the new interface interactively.
Another helpful resource for transitioning to the ribbon user interface is Interactive: Word
2003 to Word 2007 command reference guide. (Guides are also available for Microsoft Office
Excel 2007 and Microsoft Office PowerPoint 2007.)
• Will any discontinued features or changed functionality affect when and how you
upgrade? For a list of changes from earlier versions of Microsoft Outlook, see Discontinued
features and modified functionality in Outlook 2007. A more technical discussion of changed
functionality is included in Changes in Outlook 2007.
Upgrading from an earlier version of Outlook

You can install Office Outlook 2007 over any previous installation of Outlook. As in other 2007
Office system applications, user settings stored in the registry are migrated. If a MAPI profile
already exists on a user's computer, you typically can configure your deployment to continue to
use the profile. However, if you are upgrading from an Internet Mail Only (IMO) installation of
Outlook 2000 or earlier, you might need to re-create user profiles.
Note
Office Outlook 2007 cannot coexist with previous versions of Outlook on the same
computer. If you determine that users need a previous version, do not install Office
Outlook 2007.
When you upgrade users from an earlier version of Outlook, you must make choices about
configuring user profiles, consider Cached Exchange Mode issues, and be aware of fax and
forms changes.
Configuring user profiles in Office Outlook 2007

You can configure e-mail services by using the Office Customization Tool and then saving your
customizations in a Setup customization file. For example, you can define Microsoft Exchange
Server connections, add POP3 accounts, or specify other e-mail support.
105
When you create a customization file for Outlook, you have several choices for retaining,
creating, or modifying user profiles. For example, you can create new default profiles for new
Outlook users and keep existing profiles for current Outlook users.
You can modify Outlook user profiles during an upgrade to configure a number of user options
and other features for your users, including defining default categories and default calendar
subscriptions and Really Simple Syndication (RSS) feeds. You can modify the default profile on
the user’s computer or define changes to profiles with a name you specify.
For more information about configuring Outlook profiles, see Install Outlook 2007 by using the
Office Customization Tool.
Upgrading with Cached Exchange Mode enabled

Cached Exchange Mode is an Outlook feature that can help to provide an improved experience
for users who work offline or who experience a slow or unavailable connection to the Microsoft
Exchange server. Cached Exchange Mode works by downloading copies of users' Exchange
mailboxes to a local file – the user's Offline Folder (OST) file. If users have large Exchange
mailboxes and have OST files already configured for Outlook, and you do not already have
Cached Exchange Mode enabled in your current version, you might need to take steps to help
avoid errors when those users upgrade to Office Outlook 2007 with Cached Exchange Mode
enabled.
When Cached Exchange Mode is deployed or enabled for users without an existing OST file,
Outlook creates a new OST file. Office Outlook 2007 (and Outlook 2003) OST files are Unicode
(by default) and do not have a 2-gigabyte (GB) storage limit, unlike Outlook files created with
Outlook 2002 or earlier. This means that large Exchange mailboxes can typically be successfully
downloaded into an Office Outlook 2007 or Outlook 2003 OST file.
However, when Outlook — in Cached Exchange Mode — tries to synchronize Exchange
mailboxes for users with existing OST files from versions earlier than Outlook 2003, it might be
difficult to update the OST. For help with this issue, see Plan a Cached Exchange Mode
deployment in Outlook 2007.
Upgrading from Outlook 2000 IMO

When you upgrade users to Office Outlook 2007 from an Internet Mail Only (IMO) installation of
an earlier version of Outlook, you might need to re-create some Outlook user profiles. Users
might also encounter the following issues; a work-around is provided when available.
Address book might need to be imported manually

After you upgrade users from Outlook 2000 IMO to Office Outlook 2007, members of Microsoft
Windows Address Book distribution lists in their Outlook 2000 Address Book might be absent
from Office Outlook 2007.
To work around this behavior, manually import the Windows Address Book data.
106
To manually import Windows Address Book data
1. On the File menu in Office Outlook 2007, click Import and Export.
2. Click Import Internet Mail and Addresses, and then click Next.
3. Click Outlook Express 4.x, 5.x, 6.x, and then click Next.
4. Choose how you want to handle entries that would duplicate any current Outlook
contacts, and then click Finish.
Rules might not work properly

After users upgrade to Office Outlook 2007 from Outlook 2000 IMO with multiple POP accounts,
rules that are based on the through the specified account option might not function.
To work around this problem, re-create the rules in Office Outlook 2007.
To create a rule for POP accounts in 2nd_Outlook12

1. On the Tools menu in Office Outlook 2007, click Rules and Alerts.
2. Click New Rule.
3. Click Start from a blank rule, and then click Next.
4. Under Which condition(s) do you want to check?, select the through the specified
account check box, and then click the underlined value to enter the specified POP account.
5. Click Next.
6. Under What do you want to do with the message?, click Move it to the specified
folder, and then click the underlined value to enter the specified folder.
7. Click Next.
8. Click Next.
9. Click Finish.
Error for unsupported fax software might not appear

When you upgrade users from Outlook 2000 in IMO mode with the Symantec Winfax Starter
Edition installed and configured to Office Outlook 2007 , the following error message should
appear but might not:
Setup has detected that you have one or more of the following features installed: - cc:Mail -
Microsoft Mail - Net Folders - Microsoft Fax - WinFax Starter Edition (SE) These features are no
longer supported in Outlook. If you continue the upgrade, you will no longer be able to use them.
Would you like to continue the upgrade to Outlook?
This error message should appear, and Symantec Winfax Starter Edition should be included as
one of the features that is no longer supported.
Choosing fax support in Office Outlook 2007

Integrated fax support is not provided in Office Outlook 2007. However, you can use third-party
MAPI fax providers or Microsoft Windows fax support.
107
WinFax — an earlier faxing program that was integrated with Outlook — is uninstalled by Office
Outlook 2007. If the viewer is currently on a user's computer, it is uninstalled as part of the
upgrade process.
Supporting forms in Office Outlook 2007

If you have custom solutions that depend on Electronic Forms Designer, note that Electronic
Forms Designer is not supported in Office Outlook 2007.
Upgrading from other mail and scheduling

programs
You can upgrade to Office Outlook 2007 from other e-mail and scheduling programs. The process
can be simplified with the use of the import feature in Outlook.
The following table lists migration paths supported by Office Outlook 2007.
Software program Version
Outlook Express 4.x, 5.x, 6.x
Eudora Pro, Eudora Light 2.x, 3.x, 4.x, 5.x
Note
You cannot import MS Mail files to Office Outlook 2007, and you cannot share information
between Office Outlook 2007 and Schedule+.
See Also
• Determine when to install Outlook 2007
108
How Outlook 2007 works with different
Exchange Server versions
Microsoft Office Outlook 2007 works well with a variety of e-mail servers, and you can take
advantage of an even richer feature set by using Outlook with the latest version of Microsoft
Exchange Server. Features of Office Outlook 2007 that work better with Microsoft Exchange 2007
include scheduling meetings, Offline Address Book (OAB) downloads, automatic configuration of
Exchange server accounts, and enhanced Out of Office functionality. In addition, some features of
Office Outlook 2007 require or work better with Microsoft Exchange Server 2003 or later.
Note
Using Office Outlook 2007 with Microsoft Exchange Server 5.5 is not supported.
Features supported with Exchange Server 2007

and Exchange Server 2003
The following table shows how Office Outlook 2007 features are supported by different versions
of Exchange Server.
Office Outlook 2007 feature Exchange Exchange

2007 Server 2003
Instant Search X
Exchange Server on which the user's mailbox resides is automatically X X (see note
found. below)
Outlook Anywhere (RPC over HTTP) connections are automatically X

configured.
Exchange Server settings are automatically detected over the Internet. X
Exchange servers are automatically found in multi-forest environments. X
Exchange servers can share information across forests. X
Cross-forest mailbox moves do not require extra administrator steps. X
Free/Busy information is always up-to-date for users with Exchange X

2007 Availability service.
Tentative calendar booking is managed on the Exchange Server. Users X

do not need to run Outlook for others to see their Free/Busy status.
Scheduling Assistant helps users choose the most convenient times for X
meetings, including easy checking for conference room availability.
109
Office Outlook 2007 feature Exchange Exchange
2007 Server 2003
Public Folder replication on the server is not required to schedule X

meetings across forests.
Out of Office improvements: separate internal/external Out of Office X

messages, external replies can be limited to Contacts folder entries,
HTML formatting for reply messages, scheduling Out of Office replies
during a specified time period only.
Support for Offline Address Book (OAB) Version 4 enhances OAB X

download support, including HTTP download distribution points that do
not require Public Folders, interrupted downloads restart where they
were interrupted (instead of at the beginning), trickle download to help
with low bandwidth scenarios.
Other OAB V4 features, including client-side indexes for sorting OAB X

for multilingual scenarios when the user's computer and Exchange
Server use different languages, more efficient, client-side search index,
smaller file for full OAB download, incremental Update Downloads
using more efficient, smaller binary updates.
Support for Yomi names in OAB. X
Address Book can be searched hierarchically and by name. X
Partial item downloads in Cached Exchange Mode are more efficient. X

This helps with synchronizing in multiple client scenarios, including
Outlook Web Access.
If a user's mailbox is full in Cached Exchange, Outlook no longer X

generates non-delivery reports (NDRs) when you are sending. Instead,
the user receives an error message that the mailbox is full, and the
messages stay in the Outbox until the user resolve the quota issue.
(Requires Exchange Server 2003 SP2 and later.)
Shared calendars/PIM data is cached for offline access. X X
Connection Sharing to reduce the number of open connections against X X

the server.
Scenarios that previously caused synchronizations to fail are now X X

managed so synchronization can continue.
Updates are check-pointed. If a download of new information is X X

interrupted—for example, by a connection failure—Outlook can resume
the update at the point where the failure occurred, instead of starting
over from the beginning.
110
Note
For Exchange Server 2003 and earlier versions of Exchange, the server can be found
automatically only if the client machine is joined to a domain and the Exchange server
topology is installed within the same Active Directory organization as the user object.
Features supported only with Exchange Server

2003 or later
Using Office Outlook 2007 with an Exchange Server 2003 or later messaging server has a
number of advantages. For example, the following Outlook features, which were introduced in
Microsoft Outlook 2003 and are also available in Office Outlook 2007, work only with Exchange
Server 2003 or later.
• Cached Exchange Mode using Download Headers Cached Exchange Mode
automatically downloads only headers when the user's operating system perceives that the
user's connection mode is slow.
• Cached Exchange Mode using Download Headers and then Full Items With this
option, all item headers are downloaded first, followed by item bodies and other detailed
information. Users can click item headers to immediately see specific items (headers, item
bodies, and attachments).
• Outlook Anywhere (RPC over HTTP) connection support You can configure user
accounts to connect to an Exchange server over the Internet. This feature enables users to
use the Office Outlook 2007 client for security-enhanced access to their Exchange Server
accounts when they are traveling or are working outside their organization's firewall.
• Kerberos authentication Outlook can use Kerberos authentication with Exchange
Server 2003. The Kerberos network security protocol uses cryptography to help provide
mutual authentication for a network connection between a client and a server, or between two
servers.
• Performance tracking support Office Outlook 2007 provides information about client
processing that Exchange can use to help locate networking or server issues. For more
information, see Exchange Server 2003 documentation.
Enhancements that work better with Exchange

Server 2003 or later
Exchange Server 2003 and later versions of Exchange Server provide support for certain Outlook
features, and Office Outlook 2007 works better with Exchange Server 2003 or later in several
ways for other features. Several of these features were introduced in Outlook 2003—most notably
for synchronization processing, user synchronization status reports, and junk e-mail filtering.
Instant Search and automatic Exchange server discoverability are new in Office Outlook 2007.
Synchronization processing between Outlook and Exchange is enhanced in a number of ways,
starting in Outlook 2003. For example, data exchanged between the Outlook client and Exchange
Server 2003 servers is compressed, and the data buffer size is larger. In addition, the buffers are
111
packed, so more compressed data is included in each buffer. With these features, more data can
be transferred with fewer server calls. This is especially beneficial when users are synchronizing
across networks that charge by the byte of data that is transmitted. When large information sets
are downloaded—for example, when users update their mailboxes after they have been on
vacation—cost can be significantly lowered and the transaction can be shortened with these
improvements.
Another feature that users will notice is better status information about Cached Exchange Mode
synchronization. With Exchange Server 2003 or later, the Outlook status bar shows detailed
information about synchronization, such as:
• How many bytes have not been downloaded for the current folder
• How many items have not been downloaded in the current folder
• Approximately how long it will be until the current folder is synchronized
• Folder status, such as Up to Date and Last updated at date and time.
When it is used with Exchange Server 2003 or later, the Headers Only mode in Outlook provides
a 256-byte plain text preview that includes part of the message body, rather than showing just the
message header information. This message preview can help remote users to make better
decisions about whether to download a whole message—which, for example, might include a
large attachment.
Using Outlook with Exchange Server 2003 or later also helps to provide a better experience for
users in filtering junk e-mail messages. The Junk E-mail Filter in Outlook provides some support
for Outlook users with Cached Exchange Mode on versions of Exchange Server earlier than
Exchange Server 2003. The experience is much improved with Exchange Server 2003 or later. To
learn more about how Outlook junk e-mail filtering is supported with different versions of
Exchange Server, see Configure junk e-mail settings in Outlook 2007.
Several features that are new in Office Outlook 2007 also work better with Exchange 2007.
Instant Search works better with Exchange 2007 when you use Outlook in Online mode with a
mailbox server, because Outlook can use the index on Exchange Server 2007 for searching. To
enable Instant Search when you use Outlook with earlier versions of Exchange, you must
configure Outlook to index user mailboxes for each Exchange client. This extra step is required
because indexing in Outlook on the user's computer cannot be fully optimized, unlike the server
indexing service that is implemented for Exchange Server 2007.
If users are configured to use Cached Exchange Mode, Office Outlook 2007 indexes the search
locally, regardless of the Exchange server version. In addition, Office Outlook 2007 automatically
detects the user's Exchange server with Exchange Server 2007. Automatic detection is also
enabled under the following circumstances for earlier versions of Exchange: when the user's
computer is joined to a domain and when Exchange is in the same domain as the user account.
Note
You can configure Microsoft Exchange Server settings for Outlook profiles as part of your
Office Outlook 2007 deployment. For more information about using the Office
Customization Tool to customize Outlook profiles, see Specify Exchange settings in
Office Customization Tool in the 2007 Office system.
112
Additional resources
Additional information regarding how Outlook and Exchange versions work together is listed
below.
• Office Outlook 2007 includes the ability to automatically configure user accounts. To learn
how the discovery mechanisms work and how to modify an XML file to configure
AutoDiscover for your organization, download the Outlook Automatic Account Configuration
whitepaper.
• For a description of how Office Outlook 2007 and Exchange 2007 features work together
to provide a better experience for users, see Better together: do more with Microsoft Office
Outlook 2007 and Exchange Server 2007.
• For a chart comparing features in Exchange Server 2007, Exchange Server 2003, and
Exchange Server 2000, see Exchange Server Version Comparison.
• To learn more about Offline Address Book (OAB) Version 4, see OAB Version 4 in
Exchange Server 2003 Service Pack 2.
113
Plan a Cached Exchange Mode deployment
in Outlook 2007
When Microsoft Office Outlook 2007 is configured for Cached Exchange Mode, the user can
enjoy a better online and offline experience because a copy of the user's mailbox is stored on the
local computer.
When an Office Outlook 2007 account is configured to use Cached Exchange Mode, Office
Outlook 2007 works from a local copy of a user's Exchange mailbox stored in an Offline Folder
file (OST file) on the user's computer, along with the Offline Address Book (OAB). The cached
mailbox and OAB are updated periodically from the Exchange server.
Consider the following when you plan an Office Outlook 2007 deployment:
• Benefits of configuring Cached Exchange Mode
• Features your organization uses that might impact the effectiveness of using Cached
Exchange Mode
• Synchronization, disk space, and performance issues
• Management of Cached Exchange Mode in slow connection scenarios
• Staging an initial Cached Exchange Mode deployment
• Upgrading current Cached Exchange Mode users to Office Outlook 2007
• Deploying Cached Exchange Mode to users who already have OST files
• Using Group Policy to enforce Cached Exchange Mode settings
• Additional resources
How Cached Exchange Mode can help improve

the Outlook user experience
The primary benefits of using Cached Exchange Mode are the following:
• Shielding the user from network and server connection issues
• Facilitating switching from online to offline for mobile users
By caching the user's mailbox and the OAB locally, Outlook no longer depends on on-going
network connectivity for access to user information. In addition, users' mailboxes are kept current.
If a user disconnects from the network—for example, by removing a laptop from a docking station
—the latest information is automatically available offline.
In addition to using local copies of mailboxes to improve the user experience, Cached Exchange
Mode optimizes the type and amount of data sent over a connection with the server. For example,
if On Slow Connections Download Headers Only is configured, Outlook changes the type and
amount of data sent over the connection.
114
Note
Outlook checks the network adapter speed on the user's computer to determine a user's
connection speed, as supplied by the operating system. Reported network adapter
speeds of 128 KB or lower are defined as slow connections. There might be
circumstances when the network adapter speed does not accurately reflect data
throughput for users. For more information about adjusting the behavior of Outlook in
these scenarios, see the section Managing Outlook behavior for perceived slow
connections later in this topic.
Outlook can adapt to changing connection environments by offering different levels of
optimization, such as disconnecting from a corporate local area network (LAN), going offline, and
then reestablishing a connection to the server via a slower dial-up connection. As your Exchange
server connection type changes—for example, to LAN, wireless, cellular, or offline—transitions
are seamless and never require changing settings or restarting Outlook.
For example, users might have a laptop computer at work with a network cable connection to a
corporate LAN. In this scenario, users have access to headers and full items, including
attachments. Users also have quick access and updates to the computer running Exchange
Server. If users disconnect their laptops from the LAN, Outlook switches to Trying to connect
mode. Users can continue to work uninterrupted with their data in Outlook. If they have wireless
access, Outlook can reestablish a connection to the server and then switch back to Connected
mode.
If the users later connect to the Exchange server by using dial-up access, Outlook recognizes
that the connection is slow and automatically optimizes for that connection by downloading only
headers and by not updating the Offline Address Book. In addition, Office Outlook 2007 includes
optimizations to reduce the amount of data sent over the connection. Users do not need to
change settings or restart Outlook during this scenario.
In addition to the Outlook 2003 Trying to connect and Connected modes, a new mode, Need
Password, is introduced in Office Outlook 2007. The mode displays when Outlook is in a
disconnected state but is not offline. This can happen, for example, when a user clicks Cancel in
a credentials authentication dialog box. When Outlook is disconnected but is not offline, a user-
initiated action (such as clicking Send/Receive) causes Outlook to prompt again for the password
and to display Connected mode, even though Outlook is disconnected and is waiting for a
password.
Outlook features that can reduce the effectiveness of Cached

Exchange Mode
Some Outlook features reduce the effectiveness of Cached Exchange Mode because they
require network access or bypass Cached Exchange Mode functionality. The primary benefit of
using Cached Exchange Mode is that the user is shielded from network and server connection
issues. Features that rely on network access can cause delays in Outlook responsiveness that
users would not otherwise experience when they use Cached Exchange Mode.
Some Outlook features can require network access to retrieve information, such as looking up
free/busy information. This can cause a delayed response, even when users have fast
115
connections to Exchange data. The delays can occur unpredictably, rather than only when the
feature is accessed by the user.
In addition, the following features might rely on network access and can cause delays in Outlook
unless users have fast connections to Exchange data:
• Delegate access, when folders are not cached locally (local cache is the default)
• Opening another user's calendar or folder that are not cached locally (local cache is the
default)
• Using a public folder that is not cached
See Managing Outlook folder sharing in Synchronization, disk space, and performance
considerations later in this topic.
In Office Outlook 2007, shared folders that users access in other mailboxes are downloaded and
cached in the user's local OST file when Cached Exchange Mode is enabled. Only shared Mail
folders are not cached. For example, if a co-worker shares a calendar with a user and the user
opens it, Office Outlook 2007 starts caching the folder locally so that the user has offline access
to the folder and is insulated from network issues. However, if a manager delegates access to his
or her Inbox to a team member, accessing the folder is an online task and can cause response
delays.
We recommend that you disable or do not implement the following features, or combination of
features, if you deploy Cached Exchange Mode:
• Instant Messaging integration If users right-click the Person Names Smart Tag in an
e-mail message header, Outlook checks for free/busy status for that person. You can use
Group Policy to disable Instant Messaging integration. For more information, see Configuring
Instant Messaging integration options in Outlook 2007.
• The toast alert feature with digital signatures on e-mail messages Outlook must
check a network server to verify a digital signature. By default, Outlook displays a toast
message that contains a portion of an e-mail message when new messages arrive in a user's
Inbox. If the user clicks the toast message to open a signed e-mail message, Outlook uses
network access to check for a valid signature on the message.
• Multiple Address Book containers The Address Book typically contains the Global
Address List (GAL) and user Contacts folders. Some organizations configure subsets of the
GAL, which display in the Address Book. These subset address books can also be included
in the list that defines the search order for address books. If subset address books are
included in the search order list, Outlook might need to access the network to check these
address books each time a name is resolved in an e-mail message that a user is composing.
• Custom properties on the General tab in Properties dialog box for users The
Properties dialog box appears when you double-click a user name (for example, on the To
line of an e-mail message). This dialog box can be configured to include custom properties
unique to an organization, such as a user's cost center. If you add properties to this dialog
box, however, we recommend that you not add them to the General tab. Outlook must make
a remote procedure call (RPC) to the server to retrieve custom properties. Because the
General tab shows by default when the Properties dialog box is accessed, an RPC would be
performed each time the user accessed the Properties dialog box. As a result, a user
running Outlook in Cached Exchange Mode might experience noticeable delays when he or
116
she accesses this dialog box. To help avoid such delays, you should create a new tab on the
Properties dialog box for custom properties, or include custom properties on the
Phone/Notes tab.
Installing certain Outlook add-ins can affect Cached Exchange Mode. Some add-ins can access
Outlook data by using the object model to bypass the expected functionality of Headers Mode
(Download Headers Only) in Cached Exchange Mode. For example, full Outlook items—not just
headers—download if you use Microsoft ActiveSync technology to synchronize a hand-held
computer, even over a slow connection. In addition, the update process is slower than if you
download the items in Outlook, because one-off applications use a less-efficient type of
synchronization.
Synchronization, disk space, and performance considerations

There are a number of issues to consider when you deploy Cached Exchange Mode. The way
Cached Exchange Mode works to maintain a current local copy of a user's Exchange mailbox and
other information can affect other Outlook features and behavior. In some cases, you can improve
how Cached Exchange Mode works with other Outlook features for your whole organization or for
a group of users (for example, users who work remotely).
Send/Receive synchronization considerations

Cached Exchange Mode works independently of existing Outlook Send/Receive actions to
synchronize users' OST and OAB files with Exchange Server data. Send/Receive settings update
users' Outlook data in the same way they did in earlier versions of Outlook.
Users who synchronize Outlook data by pressing F9 or clicking Send/Receive might not realize
that manual synchronization is no longer necessary. In fact, network traffic and server usage can
be affected if users repeatedly execute Send/Receive requests to Exchange Server. To minimize
the effects, inform users that manual Send/Receive actions are unnecessary in Cached
Exchange Mode. This might be especially helpful for remote users who typically used Outlook in
offline mode with earlier Outlook versions and used Send/Receive to synchronize their data or
just before they disconnected from the network. This type of data synchronization now occurs
automatically with Cached Exchange Mode.
Another way to manage the issue is to disable the Send/Receive option for users. However,
sometimes this can create problems for users, such as when you upgrade current Outlook users
with POP accounts and existing customized Send/Receive groups to Office Outlook 2007. In this
situation, disabling the Send/Receive option means users cannot download POP e-mail
messages.
Offline Address Book considerations

Cached Exchange Mode allows Outlook to access the local Offline Address Book (OAB) for user
information, instead of requesting the data from Exchange Server. Local access to user data
greatly reduces the need for Outlook to make remote procedure calls (RPCs) to Exchange, and
shields the user from much of the network access required in Exchange online mode or in
previous versions of Outlook.
117
After users have a current OAB installed on their computers, only incremental updates to the
OAB are needed to help protect against unnecessary server calls. Outlook in Cached Exchange
Mode synchronizes the user's OAB with updates from the Exchange Server copy of the OAB
every 24 hours. You can help control how often users download OAB updates by limiting how
often you update the Exchange Server copy of the OAB. If there is no new data to synchronize
when Outlook checks, the user's OAB is not updated.
Note
Although users with a No Details OAB can use Outlook with Cached Exchange Mode, we
recommend that you install a Full Details OAB on users' computers. We also recommend
that users use the Unicode OAB. The ANSI OAB files do not include some properties that
are in the Unicode OAB files. Outlook must make server calls to retrieve required user
properties that are not available in the local OAB, which can result in significant network
access time when users do not have a Full Details OAB in Unicode format.
Offline File Folders (OSTs) considerations

When you deploy Cached Exchange Mode for Outlook, be aware that users' OST files can
increase 50 to 80 percent over the size of the mailbox reported in Exchange Server. The format
Outlook uses to store data locally for Cached Exchange Mode is less efficient than the server
data file format. This results in the use of more disk space when mailboxes are downloaded to
provide a local copy for Cached Exchange Mode.
When Cached Exchange Mode first creates a local copy of a user's mailbox, the user's current
OST file, if one exists, is updated. When users have relatively small mailboxes—for example, less
than 500 megabytes (MB) of Exchange Server data—this works fine. However, ensure that users
with larger mailboxes have Unicode-formatted OST files before you deploy Cached Exchange
Mode. Unicode is an Outlook file format that was first provided in Outlook 2003. Unicode OST
files can store up to 20 gigabytes (GB) of data, instead of the limit of 2 GB on non-Unicode
(ANSI) Outlook files.
By creating Unicode OST files, you can help to avoid error messages for users. Error messages
result when Outlook runs out of OST file space when it attempts to create a local copy of the
user's mailbox for Cached Exchange Mode. Outlook with Cached Exchange Mode also works
better when there is plenty of free space in the user's OST file; for example, when only 5 to 10
percent of a 20 GB OST file is used.
Also be sure that users' OST files are located in a folder with sufficient disk space to
accommodate users' mailboxes. For example, if users' hard drives are partitioned to use a
smaller drive for system programs (the system drive is the default location for the folder that
contains the OST file), specify a folder on another drive with more disk space as the location of
users' OST files. For more information about deploying OST files in a location other than the
default location, see "To configure a default OST location by using Group Policy" in Configure
Cached Exchange Mode Group Policy settings in Outlook 2007.
Managing performance issues

Many factors influence a user's perception of Cached Exchange Mode performance, including
hard disk size, CPU speed, and the expected level of performance. For example, offline users
118
might find that Cached Exchange Mode provides better performance, while users who formerly
accessed Exchange in online mode might perceive reduced Outlook performance.
One factor that can contribute to reduced performance is a large OST file. If the user's OST file
grows too large (for example, larger than 1 GB), Outlook with Cached Exchange Mode
performance degrades. To improve response time in Outlook, users should either reduce the size
of their mailbox (for example, by archiving older files) or disable Cached Exchange Mode. To help
prevent large OST files, you can set a limit on the mailbox size in Exchange Server. You might
also choose to disable synchronizing shared non-mail folders or disable synchronizing users'
Public Folder Favorites if you previously enabled the option in your deployment of Cached
Exchange Mode.
Managing Outlook folder sharing

In Office Outlook 2007, shared folders that users access in other mailboxes are downloaded and
cached in the user's local OST file when Cached Exchange Mode is enabled. Only shared Mail
folders are not cached. For example, if a co-worker shares a calendar with another user and the
user opens it, Office Outlook 2007 starts caching the folder locally so that the user has offline
access to the folder and is insulated from network issues. However, if a manager delegates
access to his or her Inbox to a team member, accessing the folder is an online task and can
cause response delays.
You can configure this option in the Office Customization Tool (OCT) when you customize your
Cached Exchange Mode deployment. If users in your organization typically open many shared
calendars and people work together on networks with reliable links to their Exchange servers, you
might want to disable this feature. Leaving the feature enabled can cause OST files to become
large, which can adversely affect Outlook performance when Cached Exchange Mode is used.
Public Folder Favorites considerations

Cached Exchange Mode can be configured to download and synchronize the public folders
included in users' Favorites folders for Outlook Public Folders. By default, Public Folder Favorites
are not synchronized. However, you might want to enable this option if your organization uses
public folders extensively. You can configure an option to download Public Folder Favorites in the
OCT when you customize your Cached Exchange Mode deployment.
If users' Public Folders Favorites folders include large public folders, their OST files can also
become large. This can adversely affect Outlook performance in Cached Exchange Mode. Before
you configure Cached Exchange Mode to enable this option, ensure that users are selective
about the public folders that are included in their Public Folder Favorites. Also ensure that users'
OST files are large enough, and are in folders with enough disk space, to accommodate the
additional storage requirements for the public folder downloads.
Managing Outlook behavior for perceived slow connections

Outlook is configured to determine a user's connection speed by checking the network adapter
speed on the user's computer, as supplied by the operating system. If the reported network
adapter speed is 128 KB or lower, the connection is defined as a slow connection.
119
When a slow connection to a user's Exchange server is detected, Outlook helps users have a
better experience by reducing the amount of less-critical information that is synchronized with the
Exchange server. Outlook makes the following changes to synchronization behavior for slow
connections:
• Switches to downloading headers only
• Does not download the Offline Address Book or OAB updates
• Downloads the body of an item and associated attachments only when requested by the
user
Outlook continues to synchronize with personal digital assistants (PDAs), and some client-side
rules may run.
Note
Synchronizing PDAs while using Cached Exchange Header Only Mode is not
recommended. When you synchronize a hand-held computer—for example, by using
ActiveSync—full items are downloaded in Outlook, and the synchronization process is
less efficient than with regular Outlook synchronization to users' computers.
The Headers Only mode of synchronization is designed for Outlook users with dial-up
connections or cellular wireless connections to minimize network traffic when there is a slow or
expensive connection.
There might be circumstances when the network adapter speed does not accurately reflect data
throughput for users. For example, if a user's computer is on a local area network for fast access
to local file servers, the network adapter speed is reported as fast because the user is connected
to a local area network (LAN). However, the user's access to other locations on an organization's
network—including the Exchange server—might use a slow link, such as an ISDN connection.
For a scenario like this, where users' actual data throughput is slow although their network
adapters report a fast connection, you might want to configure an option to change or lock down
the behavior of Outlook—for example, by disabling automatic switching to downloading only
headers and configuring Outlook to download only headers. Similarly, there might be connections
that Outlook has determined are slow in which users actually have high data throughput. In this
scenario, you might also disable automatic switching to downloading only headers.
The setting you configure to change the behavior of Outlook for reported connection speed is the
On slow connections, download only headers check box. You can configure this option in the
OCT, or lock down the option by using Group Policy. For more information about customizing this
setting, see Configure Cached Exchange Mode Group Policy settings in Outlook 2007.
Options for staging a Cached Exchange Mode deployment

Stage the rollout over time if you plan to upgrade a large group of users from a deployment of
Outlook without Cached Exchange mode (Outlook XP or earlier, or Outlook 2003 without Cached
Exchange Mode) to Office Outlook 2007 with Cached Exchange Mode enabled. This helps your
organization's Exchange servers manage the requirements of creating or updating users' OST
files.
120
Caution
If most users are updated to use Cached Exchange Mode at once and then start Outlook
at the same time (for example, on a Monday morning after a weekend upgrade), the
Exchange servers will have significant performance issues.These performance issues
can sometimes be mitigated; for example, if most of the users in your organization have
current OST files. But in general, staging deployment of Cached Exchange Mode over a
period of time is recommended.
The following scenarios include examples of how you could deploy Cached Exchange Mode to
avoid a large initial performance impact on the Exchange servers and—in some cases—minimize
the time users spend waiting for the initial synchronization:
• Retain Outlook OST files while deploying Cached Exchange Mode. Since existing
OST files are merely updated with the latest mailbox information when Outlook with Cached
Exchange Mode starts for the first time, retaining these files when you deploy Cached
Exchange Mode can help reduce the load on your organization's Exchange servers. Users
who already have OST files will have less Outlook information to synchronize with the server.
This scenario works best when most users already have OST files that have recently been
synchronized with Exchange Server. To retain OST files while you deploy Outlook with
Cached Exchange Mode, do not specify a new Exchange server when you customize
Outlook profile information in the OCT. Alternatively, when you customize Outlook profiles,
clear the Overwrite existing Exchange settings if an Exchange connection exists (only
applies when modifying the profile) check box.(If you specify an Exchange server when
you configure and deploy Outlook with this option enabled, Outlook replaces the Exchange
service provider in the MAPI profile, which removes the profile's entry for existing OST files.)
• Provide seed OST files to remote users, and then deploy Cached Exchange Mode
after users have installed the OST files you provide. If most users in your organization
do not currently have OST files or are not using Cached Exchange Mode, you can deploy
Office Outlook 2007 with Cached Exchange Mode disabled. Then, before the date on which
you plan to deploy Cached Exchange Mode, you provide initial or "seed" OST files to each
user with a snapshot of the user's mailbox; for example, by providing or mailing to the user a
CD that contains the file with installation instructions. You might also want to provide a recent
version of your organization's Office Address Book (OAB) with Full Details. You configure and
deploy Cached Exchange Mode when users confirm that they have installed the files.
Note
For more information about creating initial OST files, see Providing an initial OST file for
an Outlook Cached Exchange Mode deployment. The article describes creating initial
OST files for Microsoft Office Outlook 2003; the process works similarly for Office Outlook
2007.
When you update your Outlook deployment to use Cached Exchange Mode later, the Exchange
server updates users' existing OST files and there is much less data to synchronize than there
would be if a new OST and OAB were created for each user. Creating individual CDs for each
user's OST file can be time consuming, so this procedure might be most useful for select groups
of remote users who would otherwise spend a lot of time waiting for the initial mailbox and OAB
synchronization, perhaps at a high cost, depending on their remote connection scenario.
121
• Deploy Outlook with Cached Exchange Mode to groups of users at a time. You can
balance the workload on your Exchange servers and the local area network by upgrading
groups of users to Cached Exchange Mode over a period of time. The network traffic and
server-intensive work of populating OST files with users' mailbox items and downloading the
OAB are mitigated by rolling out the new feature in stages. The way that you create and
deploy to groups of users depends on your organization's usual deployment methods. For
example, you might create groups of users in Microsoft Systems Management Server (SMS),
to which you would deploy an SMS package that updates Outlook to use Cached Exchange
Mode. You would deploy SMS to each group over a period of time. To balance the load as
much as possible, choose groups of users whose accounts are spread across groups of
Exchange servers.
Upgrading current Cached Exchange Mode users to Office

Outlook 2007
Upgrading users to Office Outlook 2007 with Cached Exchange Mode already enabled in Outlook
2003 is straightforward. If you do not change Cached Exchange Mode settings, the same settings
are kept for Office Outlook 2007. There is no change to the OST or OAB file format, and you do
not need to re-create these files during an upgrade.
The ability to share non-mail folders is a new feature that is enabled by default for Cached
Exchange Mode in Office Outlook 2007. Existing profiles with Cached Exchange Mode have this
setting enabled when users are upgraded. This could be problematic if:
• Users in your organization use ANSI OST files.
• Users' OST files are close to the size limit.
• Your organization shares a large amount of data.
When these factors are all present, downloading shared non-mail folders can create performance
issues and other problems.
You can disable this option when you deploy Outlook to help prevent problems with downloading
non-mail folders.
In addition, be aware that caching for shared non-mail folders works differently from other caching
for Cached Exchange Mode. With shared non-mail folders, replication to the local OST file starts
only when the user clicks the shared folder. Once a user has activated caching for the folder by
clicking it, Outlook updates the folder just like other Outlook folders are synchronized in Cached
Exchange Mode. However, if the user does not navigate to the folder at least once every 45 days
(the default value), the local data will be not be updated further until the user clicks the folder
again.
You can configure the Synchronizing data in shared folders option in Group Policy or use the
OCT to change the number of days before Outlook stops caching inactive non-mail folders. For
more information about this setting, see Configure Cached Exchange Mode Group Policy settings
in Outlook2007.
122
Deploying Cached Exchange Mode to users who already have
OST files
Some Microsoft Outlook users who connect to Microsoft Exchange in online mode might have
OST files. There are several issues to consider when you configure Cached Exchange Mode for
these users:
• Users with large Exchange mailboxes If users with existing OST files have large
Exchange mailboxes, they might experience errors when Outlook attempts to synchronize
their mailboxes to their OST files. To help prevent this, you can first configure a Group Policy
setting that requires new Outlook files to be Unicode-formatted, since Outlook Unicode files
do not have the 2-GB size limit that Outlook ANSI files do.
Then, when Outlook is deployed with Cached Exchange Mode, Outlook creates a new
Unicode OST file for users that currently have ANSI OST files. Users' existing OST and OAB
files are not removed.
• Users without a Full Details Offline Address Book (OAB) For users who have not
downloaded a Full Details Offline Address Book (OAB), a Full Details OAB is downloaded
when Cached Exchange Mode synchronizes for the first time. Existing OAB files, including
files for a No Details OAB, are not removed. Depending on several factors—including the
version of Exchange Server you are using, your Exchange server Unicode settings, and the
Outlook client Unicode settings—the new OAB files might be Unicode.
If Unicode OAB files are created and users have ANSI OAB files (with Full Details or No
Details), the ANSI OAB files are not removed.
If the Exchange Server version and settings support Unicode, you can require that new Outlook
files are Unicode. For more information about configuring the default format for new Outlook files
to be Unicode, see "To specify Unicode for new Outlook files" in Configure Cached Exchange
Mode Group Policy settings in Outlook 2007.
Using Group Policy to enforce Cached Exchange Mode settings

By using Group Policy, you can help prevent users from enabling Cached Exchange Mode in
Outlook, enforce download options for Cached Exchange Mode, or configure other Cached
Exchange Mode options.
For example, you can specify the default times between Exchange server synchronizations when
data changes on an Exchange server. Those changes will be downloaded. You can also specify
the default times when data changes on the client computer. Those changes will be uploaded.
You can configure these options as defaults by using the Modify user settings page in the Office
Customization Tool, or lock down the settings by using Group Policy.
Steps for locking down settings by using Group Policy are provided in Configure Cached
Exchange Mode Group Policy settings in Outlook 2007.
Refer to the resources listed below for additional information relevant to planning a Cached
Exchange Mode deployment.
123
• When you use Microsoft Office Outlook 2003 or 2nd_Outlook12 with Microsoft Exchange
Server-based systems, you can use Cached Exchange Mode and other features to enhance
the user experience regarding issues such as high latency, loss of network connectivity, and
limited network bandwidth. Download the Client Network Traffic with Exchange 2003 white
paper to learn about these new enhancements.
• You can make changes to your configuration that improve the user experience in areas
such as high latency, loss of connectivity, and limited bandwidth. For more information,
download the Enabling a Superior Client Experience with Outlook 2003 whitepaper.
• Office Outlook 2007 includes the ability to automatically configure user accounts.
Download the Outlook Automatic Account Configuration whitepaper to learn how the
discovery mechanisms work and how to modify an XML file to configure AutoDiscover for
your organization.
124
Plan Outlook 2007 Offline Address Book
deployment
When you use Microsoft Outlook with Microsoft Exchange Server, Outlook uses the Offline
Address Book (OAB) to provide offline access to directory information from the global address list
(GAL) when users work offline or are configured to use Cached Exchange Mode. When a user
starts Outlook in Cached Exchange Mode for the first time, the user's Exchange mailbox is
synchronized to a local offline folder (OST) file, and the offline address list from the Exchange
server typically is synchronized to a collection of OAB files on the user's computer.
When you plan to configure users to use Cached Exchange Mode, you can take steps to help
avoid network delays when users start Outlook and Outlook begins caching information locally on
their computers. More information about staging a Cached Exchange Mode deployment is
included in Plan a Cached Exchange Mode deployment in Outlook 2007.
Detailed information about deploying and managing the OAB with Microsoft Exchange 2003 is
included in the Offline Address Book Best Practices Guide on TechNet's Exchange TechCenter.
The guide focuses on Microsoft Office Outlook 2003 and Microsoft Exchange Server 2003. Much
of the information is also helpful for understanding and working with the OAB when you deploy
Microsoft Office Outlook 2007.
The following chapters are particularly important for understanding how Outlook and Exchange
versions and service packs work together to provide the best experience with the OAB, and for
following best practices when you deploy the OAB. There is also a resources section with links to
helpful additional information.
• Deployment Scenarios for Outlook 2003. This topic discusses a variety of offline
address book best practices to use when you deploy Outlook 2003. This topic also discusses
offline address book best practices to use when you upgrade from Microsoft Exchange
Server 5.5, perform site consolidations and mergers, and stage Offline Address Book
deployments.
• Improvements for Offline Address Books. This topic describes recent improvements
that have been made to offline address books. Both Exchange Server 2003 and Outlook
2003 introduced Offline Address Book v3(a), which included improvements to the offline
address book. Service Pack 1 (SP1) for Exchange Server 2003 and Service Pack 1 (SP1) for
Outlook 2003 included additional enhancements to the offline address book. Exchange
Server 2003 SP2 and Outlook 2003 SP2 introduce Offline Address Book version 4 (OAB v4).
OAB v4 includes significant performance improvements and other improvements over
previous versions of the Offline Address Book.
• Offline Address Book Best Practices Guide Resources. This section includes links to
Knowledge Base articles and other technical articles, WebCasts, and related Web sites that
might help you understand how to work with the OAB.
See Also
• Administering the offline address book in Outlook 2003 and Outlook 2007
125
Considerations when installing Outlook 2007
in a Terminal Services environment
In this article:
• Outlook features that are disabled with Terminal Services
• Enabling remote sound
• Unlocking registry settings
By using Microsoft Windows Terminal Services, you can use Microsoft Office Outlook 2007
without upgrading every computer in your organization. Users can work in the latest 2007
Microsoft Office system environment even when their computers have limited hard disk space,
memory, or processing speed.
Windows Terminal Services allows you to run Microsoft Windows–based programs on a server
and display the programs remotely on client computers. For example, you can install a single
copy of Office Outlook 2007 on a Windows Terminal Services computer. Instead of running
Outlook locally, multiple users can connect to the server and run Outlook from the Windows
Terminal Services computer.
Note
Learn more about installing applications in the 2007 Office system in Deploy the 2007
Office system in a Windows Terminal Services environment.
There are some limitations when you use Terminal Services with Outlook. For example, you
cannot use Outlook with Cached Exchange Mode when you run Outlook on Windows Terminal
Services.
Outlook features that are disabled with Terminal

Services
You cannot use the following Outlook features when you run Outlook in a Terminal Services
environment:
• Offline store (OST) files.
Features that rely on the OST (for example, Cached Exchange Mode and Offline mode) are
not supported with Terminal Services.
• Forms Designer and the Microsoft Visual Basic Scripting Edition (VBScript) editor.
You can view a custom form, but you cannot design a new form or revise an existing form.
• Changing the Time Zone from within Outlook.
Changing this setting in Outlook updates a system setting.
• Changing Zone security settings from within Outlook.
Changing this setting in Outlook updates a system setting.
• Changing the status of a Microsoft Exchange Client Extension.
126
You cannot change the status; however, if the Exchange Client Extension is already on, the
extension should work correctly.
• Adding stationery that was not included with Outlook as part of the Terminal Services
installation.
• Outlook animations are disabled.
Examples of Outlook animations include Send/Receive animation and the Search Folder
creation icon.
Enabling remote sound

By default, when 2007 Office system is used over a Remote Desktop Protocol (RDP) session, the
New Mail sound uses the Default Beep sound and not the New Mail Notification sound.
To establish the correct sound, first ensure that the audio is enabled on the Terminal Services
computers. For more information, see HOW TO: Use Group Policy to Permit Users to Redirect
and Play Audio in a Remote Desktop Session to Terminal Services in Windows Server 2003
(http://go.microsoft.com/fwlink/?LinkId=105038) or You Do Not Hear Any Sound During a Terminal
Server Session (http://go.microsoft.com/fwlink/?LinkId=105039).
Next, configure the settings for remote computer sound on the Remote Desktop Connection
(RDC) client, as shown in the following procedure.
Configure the settings for remote computer sound on the RDC client
1. Click Start, point to All Programs, point to Accessories, point to Communications,
and then click Remote Desktop Client.
2. In the Remote Desktop Connection dialog box, click Options.
3. Click the Local Resources tab.
4. In the Remote Computer Sound section, click Bring to this Computer in the drop-
down list.
5. Click Connect to use the new settings.
6. Click Start, point to Control Panel, click Sound, and then click the Sounds tab.
7. In the Program section, locate Windows\Default Beep and assign a *.WAV file; you
can reassign the Windows Notify.wav file from the New Mail Notification to the
Windows\Default Beep.
8. Click OK.
Unlocking registry settings

By default, Windows Terminal Services clients do not have write access to the registry on the
Windows Terminal Services computer, except to the registry hive under
HKEY_CURRENT_USER. To run some Outlook features, you might need to give users write
access to some keys and subkeys. For example, unlock the subkey
HKEY_CLASSES_ROOT\CLSID to allow users to use the custom MAPI forms for Office Outlook
2007.
127
Planning for security and protection in
Outlook 2007 (Office Resource Kit)
In this chapter:
Use Outlook 2007 to help protect messages
Plan for e-mail messaging cryptography
How users manage cryptographic digital IDs in Outlook 2007
Plan for configuring security settings in Outlook 2007
How administrator and user security settings interact in Outlook 2007
Plan for Outlook 2007 security in special environments
Plan for limiting junk e-mail in Outlook 2007
128
Use Outlook 2007 to help protect messages
You have two main options for helping to protect messages in Microsoft Office Outlook 2007 from
unauthorized use, tampering, or change: 1) cryptographic messaging using the S/MIME standard,
and 2) Information Rights Management (IRM). While both of these options can help protect
messages your users send and receive, they work differently and are each best suited for
different scenarios.
S/MIME is a standard for sending digitally signed and encrypted e-mail messages. Using S/MIME
in Outlook is the preferred way to:
• Sign a message to prove the identity of the sender. S/MIME is the only option the 2007
Microsoft Office system supports for digital signatures. It is not possible to tamper with an
IRM message, and in this way it is similar to a signed message. But IRM protection is more
limited because there are no authorities that attest to the identities of the senders, and the
Outlook user interface does not show information about the identity of the sender.
• Help ensure that Internet e-mail messages are not vulnerable to attackers that use
software to monitor and intercept e-mail traffic over the Internet. The focus is on the Internet,
as that is where point-to-point encryption is most valuable and where interoperability
standards are most important.
The biggest value in using S/MIME is when users send and receive e-mail messages outside
corporate boundaries, where they are not protected by the corporate firewall.
Another feature that can help to protect messages in Outlook is IRM. IRM gives organizations
and information workers greater control over sensitive information. IRM is the preferred way to
help to:
• Protect e-mail conversations containing sensitive information by restricting the ability to
forward or copy the messages in an e-mail thread. The reasons to use IRM have little to do
with whether an unauthorized person outside the organization—for example, a hacker on the
Internet—will intercept the communication. Instead, IRM is used most efficiently when the
sender is concerned that the intended recipient will share the information inappropriately.
• Prevent people from using out-of-date information by enforcing message expiration. With
IRM, expiration dates on messages are enforced, unlike expiration dates set on messages
without IRM.
The biggest value for IRM is within the corporation, where employees need to share information
while maintaining some control over who has access to this information IRM is especially helpful
in ensuring that this information does not leak outside the corporate firewall.
See Also
• Plan for e-mail messaging cryptography
129
Plan for e-mail messaging cryptography
Microsoft Office Outlook 2007 supports security-related features to help users send and receive
cryptographic e-mail messages. These features include cryptographic e-mail messaging, security
labels, and signed receipts.
Note
To obtain full security functionality in Outlook, you must install Outlook with local
administrative rights.
Cryptographic messaging features in Outlook

Outlook supports cryptographic messaging features that enable users to do the following:
• Digitally sign an e-mail message. Digital signing provides nonrepudiation and verification
of contents (the message contains what the person sent, with no changes).
• Encrypt an e-mail message. Encryption helps to ensure privacy by making the message
unreadable to anyone other than the intended recipient.
Additional features can be configured for security-enhanced messaging. If your organization
provides support for these features, security-enhanced messaging enables users to do the
following:
• Send an e-mail message with a receipt request. This helps to verify that the recipient is
validating the user's digital signature (the certificate that the user applied to a message).
• Add a security label to an e-mail message. Your organization can create a customized
S/MIME V3 security policy that adds labels to messages. An S/MIME V3 security policy is
code that you add to Outlook. It adds information to the message header about the sensitivity
of the message. See Security Labels and signed receipts later in this topic.
How Outlook implements cryptographic messaging

The Outlook cryptography model uses public key encryption to send and receive signed and
encrypted e-mail messages. Outlook supports S/MIME V3 security, which allows users to
exchange security-enhanced e-mail messages with other S/MIME e-mail clients over the Internet
or intranet. E-mail messages encrypted by the user's public key can be decrypted using only the
associated private key. This means that when a user sends an encrypted e-mail message, the
recipient's certificate (public key) encrypts it. When a user reads an encrypted e-mail message,
the user's private key decrypts it.
In Outlook, users are required to have a security profile to use cryptographic features. A security
profile is a group of settings that describes the certificates and algorithms used when a user
sends messages that use cryptographic features. Security profiles are configured automatically if
the profile is not already present when:
• The user has certificates for cryptography on his or her computer.
• The user begins to use a cryptographic feature.
130
You can customize these security settings for users in advance. You can use registry settings or
Group Policy settings to customize Outlook to meet your organization's cryptographic policies and
to configure (and enforce, with Group Policy) the settings you want in the security profiles. These
settings are described in the table in Set consistent Outlook 2007 cryptography options for an
organization.
Digital IDs: A combination of public/private keys and certificates

S/MIME features rely on digital IDs, which associate a user's identity with a public and private key
pair. The combination of a certificate and private/public key pair is called a digital ID. The private
key can be saved in a security-enhanced store, such as the Microsoft Windows certificate store,
on the user's computer or on a Smart Card. Outlook fully supports the X.509v3 standard, which
requires that public and private keys are created by a certificate authority such as VeriSign, Inc.
Users can obtain digital IDs by using public World Wide Web-based certificate authorities such as
VeriSign and Microsoft Certificate Server. For more information about how users can acquire a
digital ID, see the Outlook Help topic Get a Digital ID. As an administrator, you can provide digital
IDs to a group of users. Outlook also continues to support working with Microsoft Exchange Key
Management Server to obtain or provide digital IDs.
When certificates for digital IDs expire, users typically must obtain updated certificates from the
issuing certificate authority. If your organization relies on Microsoft Exchange Key Management
Server for certificates, Outlook automatically manages certificate update for users.
Security labels and signed receipts

Outlook includes support for S/MIME V3 Enhanced Security Services (ESS) extensions about
security labels and signed receipts. These extensions help you to provide security-enhanced e-
mail communications within your organization and to customize security to fit your requirements.
If your organization develops and provides S/MIME V3 security policies to add custom security
labels, the code in the security policies can enforce attaching a security label to an e-mail
message. Here are two examples of security labels:
• An Internal Use Only label might be implemented as a security label to apply to mail that
should not be sent or forwarded outside your company.
• A label can specify that certain recipients cannot forward or print the message, if the
recipient also has the security policy installed.
Users can also send security-enhanced receipt requests with messages to verify that the
recipients recognize the user's digital signature. When the message is received and saved (even
if it is not yet read) and the signature is verified, a receipt implying that the message was read is
returned to the user's Inbox. If the user's signature is not verified, no receipt is sent. When the
receipt is returned, because the receipt is also signed, you have verification that the user received
and verified the message.
131
Classes of encryption strengths
There are two classes of encryption key strengths available from Microsoft: high (128-bit) and low
(40-bit). Microsoft provides 128-bit encryption capabilities in Windows 2000 and Windows XP, the
operating systems required for the 2007 Microsoft Office system. Ensuring that users have
software versions that support high encryption helps to provide a high level of security-enhanced
e-mail messaging.
The Outlook Security Labels application programming interface (API) creates security label policy
modules that define the sensitivity of message content in your organization. For a detailed
description of creating policy modules and code samples, see the MSDN article Creating
Security Label Policy Modules.
Public key cryptography can help you maintain security-enhanced e-mail systems. For more
information about the use of public key cryptography in Outlook, search for the Outlook 98
Security whitepaper in the Knowledge Base search page of the Microsoft Product Support
Services Web site.
Microsoft Exchange Key Management Server version 5.5 issues keys for Microsoft Exchange
Server security only. Microsoft Exchange Key Management Server 5.5 Service Pack 1 supports
both Exchange security and S/MIME security. For more information, see the Microsoft Exchange
Server version 5.5 Resource Guide in the Microsoft BackOffice Resource Kit, Second Edition.
132
How users manage cryptographic digital IDs
in Outlook 2007
Microsoft Office Outlook 2007 provides ways for users to manage their digital IDs—the
combination of a user's certificate and public and private encryption key set. Digital IDs help to
keep users' e-mail messages secure by letting them exchange cryptographic messages.
Managing digital IDs includes:
• Obtaining a digital ID. For more information about how users can acquire a digital ID, see
the Outlook Help topic Get a Digital ID.
• Storing a digital ID, so you can move the ID to another computer or make it available to
others.
• Providing a digital ID to others.
• Exporting a digital ID to a file. This is useful when the user is creating a backup or moving
to a new computer.
• Importing a digital ID from a file into Outlook. A digital ID file might be a user's backup
copy or might contain a digital ID from another user.
• Renewing a digital ID that has expired.
A user who performs cryptographic messaging at more than one computer must copy his or her
digital ID to each computer.
Places to store digital IDs

Digital IDs can be stored in three locations:
• The Microsoft Exchange Global Address Book
• A Lightweight Directory Access Protocol (LDAP) directory service
• A Microsoft Windows file
Microsoft Exchange Global Address Book

Users who enroll in Exchange Advanced Security store their certificates in their organization's
Global Address Book. Alternatively, users use their LDAP provider to open the Global Address
Book.
Only certificates generated by Microsoft Exchange Server Advanced Security or by Microsoft
Exchange Key Management Server (KMS) are automatically published in the Global Address
Book. Externally generated certificates can be manually published to the Global Address Book by
clicking the Publish to GAL button in the Trust Center under the Tools menu option.
133
Internet directory service (LDAP)
External directory services, certificate authorities, or other certificate providers can publish their
users' certificates through an LDAP directory service. Outlook allows access to these certificates
through LDAP directories.
Windows file
Digital IDs can be stored on users' computers. Users export their digital ID to a file by using the
Import/Export option in the Trust Center under the Tools menu option. They can encrypt the file
when they create it by providing a password.
Providing digital IDs to others

In order for a user to exchange cryptographic e-mail messages with another user, they must have
each other's public key. Users provide access to their public key through a certificate. There are
several ways to provide a digital ID to others; for example, users can:
• Use a certificate to digitally sign an e-mail message.
• Provide a certificate by using a directory service, such as the Microsoft Exchange Global
Address Book.
Provide a certificate in a digitally signed e-mail message

A user provides his or her public key to another user by composing an e-mail message and
digitally signing the message by using a certificate. When Outlook users receive the signed
message, they right-click the user's name on the From line and click Add to Contacts. The
address information and the certificate are saved in the Outlook user's contacts list.
Obtain a certificate from a directory service

Another alternative is for a user to automatically retrieve another user's certificate from an LDAP
directory on a standard LDAP server when he or she sends an encrypted e-mail message. To
gain access to a certificate this way, users must be enrolled in S/MIME security with digital IDs for
their e-mail accounts.
A user can also obtain certificates from the Global Address Book. To do this, the user must be
enrolled in Microsoft Exchange Server Advanced Security.
Importing digital IDs

Users can import a digital ID from a file. This is useful, for example, if a user wants to send
cryptographic e-mail messages from a new computer. Each computer from which the user sends
cryptographic e-mail messages must have the user's certificates installed. Users import digital IDs
from a file by using the Import/Export option in the Trust Center under the Tools menu option.
134
Renewing keys and certificates
A time limit is associated with each certificate and private key. When the keys provided by the
Microsoft Exchange Key Management Server approach the end of the designated time period,
Outlook displays a warning message and offers to renew the keys. Outlook prompts the user,
offering to send the renewal message to the server on each user's behalf.
If users do not choose to renew a certificate before it expires, or if they use another certificate
authority rather than KMS, the user must contact the certificate authority to renew the certificate.
135
Plan for configuring security settings in
Outlook 2007
You can customize many of the security-related features in Microsoft Office Outlook 2007,
including limiting automated access to address books and managing users' access to
attachments.
Caution
Outlook is configured with high security-related settings by default. High security levels
can result in limitations to Outlook functionality, such as restrictions on e-mail message
attachment file types. Be aware that lowering any default security settings might increase
the risk of virus execution or propagation. Use caution and read the documentation
before you modify these settings.
Specifying how security settings are enforced in

Outlook
A new feature in Office Outlook 2007 allows you to configure security options by using new Group
Policy settings, instead of modifying security settings by using the Outlook security template and
publishing the settings to a form in a top-level folder in Exchange Server public folders. To use
Group Policy to configure security options, you must configure the new Outlook Security Mode
setting.
For more information about specifying the method used to customize security settings in Outlook,
see Specify the method Outlook uses to manage virus prevention features.
To continue using the Exchange Server security form for Outlook security settings, you must also
configure the new Group Policy setting.
Default security settings in the product are enforced if you do not enable the setting.
Choosing between the Exchange Server security

form and Group Policy security settings
Office Outlook 2007 supports both the Exchange Server security form and Group Policy security
settings. You can choose the option that is best for your environment. Following are sample
environments in which you can use the security form, Group Policy, or either one.
Scenario for using the security form

• An Exchange Server environment with public folders. Client computers must use Outlook
2000 with the security update, Outlook 2002, Outlook 2003, or Office Outlook 2007.
136
Scenarios for using Group Policy security settings
• A Microsoft Exchange 2007 environment without public folders. All client computers use
Outlook.
• An Exchange 2007 environment without public folders. Client computers with Office
Outlook 2007 use Group Policy security settings, and client computers with other versions of
Outlook depend on default security or the security form.
• An environment without Exchange Server. All client computers use Outlook.
Scenarios for using security form or Group Policy security

settings
• An Exchange Server environment in which Exchange Server is being upgraded to
Exchange 2007. Client computers use Office Outlook 2007.
• An Exchange Server environment in which client computers are being upgraded from
Outlook 2002 or Outlook 2003 to Office Outlook 2007.
Caveats to consider when customizing security

settings
There are three caveats to consider when you customize Group Policy security settings for
Outlook:
• Customized settings configured using Group Policy might not be active
immediately. You can configure Group Policy to refresh automatically (in the background) on
users' computers while users are logged on, at a frequency that you determine. To ensure
that new Group Policy settings are active immediately, users must log off and log back on to
their computers.
• Outlook checks security settings only at start up. If security settings are refreshed
while Outlook is running, the new configuration is not used until the user closes and restarts
Outlook.
• No customized settings are applied in Personal Information Manager (PIM)-only
mode. In PIM mode, Outlook uses the default security settings. No administrator settings are
necessary or used in this mode.
Customizing options for junk e-mail and ActiveX

controls
In addition to modifying how Outlook manages virus-prevention security options, you can also
customize junk e-mail and ActiveX control features.
You can customize the following Junk E-mail options: read as plain text, automatic picture
download, and HTML mail zones. For more information about modifying these settings, see
Configure junk e-mail settings in Outlook 2007.
137
You can also customize how Outlook runs ActiveX controls in one-off forms. For more information
about customizing how ActiveX controls behave in one-off forms, see Customize Active X and
custom forms security settings in Outlook 2007.
Updated Object Model Guard

The Object Model (OM) Guard that helps prevent viruses from using the Outlook Address Book to
propagate themselves is updated. Outlook checks for up-to-date antivirus software to help
determine when to display address book access warnings and other Outlook security warnings.
138
How administrator and user security settings
interact in Outlook 2007
Security settings defined by the user through the Microsoft Office Outlook 2007 user interface
work as if they are included in the Group Policy settings you define as the administrator. When
there is a conflict between the two, settings with a higher security level override settings with a
lower security level.
The following list describes specific interactions between Group Policy security settings and
security settings that a user defines in Outlook.
• Display Level 1 attachments. When this Group Policy is set, all file types that were set
to Level 1 security are set to Level 2 security. If a user wants to block a file type, the user can
customize the list in Outlook to block access to specific types of attachments.
• Add file extensions to block as Level 1. If you use this Group Policy setting to create a
list of Level 1 file types, the list overrides the default list provided with Outlook and overrides
user's settings for Level 1 file types. Even if you allow users to remove file types from the
default Level 1 group of excluded file types, users cannot use Group Policy to remove file
types that were added to the list.
For example, if the user wants to remove the file types EXE, REG, and COM from the Level 1
group, but you use the Add Level 1 file extensions Group Policy setting to add EXE as a
Level 1 file type, the user can only remove REG and COM files from the Level 1 group in
Outlook.
• Remove file extensions blocked as Level 1. The user's list is combined with the list
you set in Group Policy to determine which Level 1 items are set to Level 2.
• Add file extensions to block as Level 2. If a user changes Level 1 files to Level 2 files,
and those file types are listed in Group Policy as Level 2 extensions, the files are treated as
Level 2 attachments.
• Remove file extensions blocked as Level 2. There is no interaction with this setting.
• Allow users to demote attachments to Level 2. This setting allows a user to change a
Level 1 attachment to Level 2. If you do not configure this Group Policy setting, the default
behavior in Outlook is to ignore the user's list.
See Also
• Attachment file types restricted by Outlook 2007
139
Plan for Outlook 2007 security in special
environments
When you use Group Policy to configure security settings for Microsoft Office Outlook 2007, there
are issues to consider when your environment includes one or more of the following:
• Users who access their mailboxes by using a hosted Exchange Server.
• Users with administrative rights on their computers.
• Users who access Exchange mailboxes by using Outlook Web Access.
Users with a hosted Exchange Server

environment
If users access mailboxes by using a hosted Exchange Server, you might use the Exchange
Server security form to configure security settings or use the default Outlook security settings. In
hosted environments, users access their mailboxes remotely; for example, by using a virtual
private network (VPN) connection or by using RPC over HTTP. Since Group Policy is deployed by
using Active Directory and in this scenario, the user's local computer is not a member of the
domain, Group Policy security settings cannot be applied.
Also, by using the Exchange Server security form to configure security settings, users
automatically receive updates to security settings. Users cannot receive updates to Group Policy
security settings unless their computer is in the Active Directory domain.
Users with administrative rights

Restrictions to Group Policy settings are not enforced when users log on with administrative
rights. Users with administrative rights can also change the Outlook security settings on their
computer and can remove or alter the restrictions you have configured. This is true not just for
Outlook security settings, but for all Group Policy settings.
While this can be problematic when an organization intends to have standardized settings for all
users, there are mitigating factors:
• Group Policy overrides local changes at the next logon. Changes to Outlook security
settings revert to the Group Policy settings when the user logs on.
• Overriding a Group Policy affects only the local computer. Users with administrative rights
affect only security settings on their computer, not the security settings for users on other
computers.
• Users without administrative rights cannot change policies. In this scenario, Group Policy
security settings are as secure as settings configured by using the Exchange Server security
form.
140
Users with an Outlook Web Access environment
Outlook and Outlook Web Access (OWA) do not use the same security model. OWA has separate
security settings stored on the OWA server.
141
Plan for limiting junk e-mail in Outlook 2007
Microsoft Office Outlook 2007 includes features that can help users avoid receiving and reading
junk e-mail messages, including the Junk E-mail Filter and disabling automatic content download
from external servers.
Note
This topic is for Outlook administrators. To configure Outlook junk e-mail options on your
computer, see Junk E-mail Filter options.
The filtering manager helps users avoid reading junk e-mail messages. The filter is on by default
and the protection level is set to Low, which is designed to filter the most obvious junk e-mail
messages. The filter replaces the rules for processing junk e-mail messages in previous versions
of Outlook (prior to Microsoft Outlook 2003). The filter incorporates technology built into the
software to evaluate e-mail messages to determine if the messages are likely to be junk e-mail, in
addition to filtering lists that automatically block or accept messages to or from specific senders.
Automatic picture download settings help reduce the risk of Web beacons activating in e-mail
messages by automatically blocking the download of pictures, sounds, and other content from
external servers in e-mail messages. Automatic content download is disabled by default.
Configure junk e-mail settings in Outlook 2007 contains more information about configuring how
external content is downloaded.
This topic discusses how the Outlook Junk E-mail Filter works, and how you can configure the
Junk E-mail Filter to meet the needs of your organization. For example, you can configure the
filter to be more aggressive, though this might also cause it to filter more legitimate messages.
Rules that are not part of junk e-mail management are not affected.
Overview: the Outlook Junk E-mail Filter

The Junk E-mail Filter contains two parts:
• Three Junk e-mail Filter lists: Safe Senders, Safe Recipients, and Blocked Senders.
• State-of-the-art technology developed by Microsoft Research. This technology evaluates
whether an unread message should be treated as junk e-mail based on several factors,
including the message content and whether the sender is included in Junk E-mail Filter lists.
All settings for the Junk E-mail Filter are stored in each user's Outlook profile. You can override
the profile settings by using policies for all options except the Junk E-mail Filter lists. However,
you can create and deploy initial lists of Safe Senders, Safe Recipients, and Blocked Senders for
your users.
The Junk E-mail Filter is provided for a subset of Outlook account types. The types are listed in
the following section, Supported account types. The filter works best when it is used with
Microsoft Exchange Server 2003 and later accounts, as described in detail later in this topic.
When Outlook users are upgraded to Office Outlook 2007 , existing Junk E-mail Filter lists are
maintained, unless you deploy new lists to users.
142
Supported account types
Office Outlook 2007 supports junk e-mail filtering for the following account types:
• Microsoft Exchange Server e-mail accounts in Cached Exchange Mode
• Microsoft Exchange Server e-mail accounts when mail is delivered to a Personal Folders
file (PST file)
• HTTP accounts
• POP accounts
• MSN Hotmail accounts
• IMAP accounts
The following account types are not supported for Outlook junk e-mail filtering:
• Microsoft Exchange Server e-mail accounts in Online (MDB) mode
• Third-party MAPI providers
Information about what junk e-mail filtering options are available with Exchange Server is
included in the next section, Support in different versions of Exchange Server.
In scenarios in which POP e-mail messages are downloaded into an Exchange Online (MDB)
mailbox, Outlook blocks junk e-mail messages for the user's POP e-mail; however, Outlook does
not block Exchange Online junk e-mail messages.
Support in different versions of Exchange Server

Junk E-mail Filter behavior depends on the Exchange Server version you use for messaging.
Later versions of Exchange Server support more filtering options than earlier versions do.
The following list details Junk E-mail Filter behavior with different versions of Exchange Server.
• Versions earlier than Exchange Server 2003
If users use Cached Exchange Mode or download to a Personal Folders file (PST file): Users
can create and use the Junk E-mail Filter lists, which are available from any computer that
users use.
If users work online: The Junk E-mail Filter is not available.
• Exchange Server 2003 and later versions of Exchange
If users use Cached Exchange Mode or download to a PST file: The Junk E-mail Filter lists
that are available from any computer are also used by the server to evaluate mail. This
means that if a sender is on a user's Blocked Senders list, mail moves to the Junk E-mail
folder on the server and is not evaluated by Office Outlook 2007. In addition, Office Outlook
2007 uses Microsoft Research technology to evaluate e-mail messages.
If users work online: The Junk E-mail Filter lists that are available from any computer are also
used by the server to evaluate mail. This means that if a sender is on a user's Blocked
Senders list, mail moves to the Junk E-mail folder on the server and is not evaluated by
Office Outlook 2007.
143
Upgrading from a previous installation of Outlook
before Outlook 2003
When a user's previous version of Outlook (earlier than Outlook 2003) is upgraded to Office
Outlook 2007, the rules that previously handled junk e-mail messages are removed. The existing
rules and files used by the old filter are not migrated. The existing rules are handled as follows:
• Rules created by the old filter
With the previous rules filter for junk e-mail messages, users could create up to three client-
side rules for their mailbox: Adult Content Rule, Junk E-mail Rule, and Exception List.
Outlook removes these rules from the user's mailbox when Outlook 2003 starts for the first
time on the user's computer. This means that Outlook 2003 always disables the previous junk
e-mail filter.
• Files that contain the Adult Senders list and the Blocked Senders list
These text files are left on the user's computer, but Outlook no longer uses the files.
Configuring the Junk E-mail Filter user interface

You can specify several options to configure how the Junk E-mail Filter works for your users,
including the following:
• Set the Junk E-mail Filter protection level.
• Permanently delete suspected junk e-mail messages or move the messages to the Junk
E-mail folder.
• Trust e-mail messages from users' Contacts.
The default values for the Junk E-mail Filter are designed to help provide a positive experience
for users. However, you can configure these settings to different defaults and set other options
and policies when you deploy Outlook to your organization, such as defining an alternative URL
for the location of filter updates.
Junk e-mail settings are set only once. When the user first starts Outlook 2003, the settings are
configured in the profile that the user chooses. Other profiles the user has, or may create later, do
not include the settings that you have configured. Instead, default settings are used.
Default values for the Junk E-mail Filter settings are:
• Junk E-mail: Set to LOW
• Permanently delete: Set to OFF
• Trust my Contacts: Set to ON
You can use the Office Customization Tool to configure these options to specify default values for
users, or the options can be enforced by Group Policy. For more information about configuring
options for the Junk E-mail Filter, see Configure junk e-mail settings in Outlook 2007.
Providing default Junk E-mail Filter lists

You can deploy default Junk E-mail Filter lists to your users. The Junk E-mail Filter uses these
lists as follows:
144
• Safe Senders list
E-mail messages received from the e-mail addresses in the list or from any e-mail address
that includes a domain name in the list are never treated as junk e-mail.
• Safe Recipients list
E-mail messages sent to the e-mail addresses in the list or to any e-mail address that
includes a domain name in the list are never treated as junk e-mail.
• Blocked Senders list
E-mail messages received from the e-mail addresses in the list or from any e-mail address
that includes a domain name in the list are always treated as junk e-mail.
If a domain name or e-mail address is on both the Blocked Senders list and the Safe Senders list,
the Safe Senders list takes precedence over the Blocked Senders list. This reduces the risk that
mail that users want might be treated as junk e-mail by mistake. The lists are stored on the server
and are available if users roam.
To deploy the Junk E-mail Filter lists, you create the lists on a test computer and distribute the
lists to your users. The lists you provide are default lists; they cannot be locked down by policy.
For more information about deploying default lists, see Create and deploy Junk E-mail Filter lists
in Outlook 2007.
See Also
• Configure junk e-mail settings in Outlook 2007
• Create and deploy Junk E-mail Filter lists in Outlook 2007
145
IV Planning for Group Policy for the 2007
Office system
In this section:
Group Policy overview (2007 Office)
146
Group Policy overview (2007 Office)
Group Policy is an infrastructure that administrators can use to implement specific computing
configurations for users and computers. Policy settings can also be applied to member servers
and domain controllers within the scope of an Active Directory forest. Administrators use Group
Policy to define configurations once and then rely on the operating system to enforce that state.
Group Policy settings are contained in Group Policy objects (GPOs), which are linked to selected
Active Directory directory service containers — sites, domains, or organizational units (OUs). The
settings within GPOs are evaluated by the affected targets using the hierarchical nature of Active
Directory.
The Group Policy infrastructure consists of a Group Policy engine and several individual
extensions. These extensions are used to configure Group Policy settings, either by modifying the
registry through the Administrative Templates extension, or setting Group Policy settings for
security settings, software installation, folder redirection, Internet Explorer Maintenance, wireless
network settings, and other areas.
Each Group Policy extension consists of two extensions:
• A server-side extension of the Group Policy Object Editor Microsoft Management
Console (MMC) snap-in, used to define and set the policy settings applied to client
computers.
• A client-side extension that the Group Policy engine calls to apply policy settings.
The 2007 Microsoft Office system system policy settings are contained in Administrative Template
(.adm) files. For more information, see the Administrative Templates section.
The following sections provide an overview of Group Policy concepts. For more detailed
information, see Group Policy Collection (http://go.microsoft.com/fwlink/?LinkId=80200) on the
Microsoft TechNet site.
In this topic
Local and Active Directory-based Group Policy
Group Policy processing
Group Policy application
Targeting the application of Group Policy Objects
Administrative Templates extension
User Preferences and True Policies
Group Policy Management Tools
Office Customization Tool and Group Policy
Local and Active Directory-based Group Policy

Every computer has a local GPO that is always processed, regardless of whether the computer is
part of a domain or is a stand-alone computer. The local GPO cannot be blocked by domain-
147
based GPOs. However, settings in domain GPOs always take precedence, since they are
processed after the local GPO.
Although you can configure local Group Policy objects on individual computers, maximum
benefits of Group Policy are realized in a Windows 2000 or Windows Server 2003-based network
with Active Directory installed.
Administrators can implement Group Policy settings for as broad or as narrow a part of their
organization as necessary. To do this, administrators link GPOs to sites, domains, and OUs. GPO
links affect users and computers as follows:
• GPOs linked to a site apply to all users and computers in the site.
• GPOs linked to a domain apply directly to all users and computers in the domain and by
inheritance to all users and computers in child OUs. Group Policy is not inherited across
domains.
• GPOs linked to an OU apply directly to all users and computers in the OU and, by
inheritance, to all users and computers in child OUs.
When a GPO is created, it is stored in the domain. When the GPO is linked to an Active Directory
container, such as an OU, the link is a component of that Active Directory container. The link is
not a component of the GPO.
Administrators must have GPO creation privileges to create a GPO. By default, only domain
administrators, enterprise administrators, and members of the Group Policy creator owners group
can create Group Policy objects. You must have edit permissions for the GPO that you want to
edit.
For more detailed information about Group Policy infrastructure, see Group Policy Collection
(http://go.microsoft.com/fwlink/?LinkId=80200) on the Microsoft TechNet site.
The Windows Vista and Windows Server® 2008 operating systems introduce new functionality for
managing local GPOs that gives stand-alone computer administrators the ability to apply multiple
Group Policy objects to users of stand-alone computers.
Multiple local GPOs: changes in Windows Vista and Windows Server 2008
Windows Vista and Windows Server 2008 provide support for managing multiple local GPOs on
stand-alone computers. This capability is useful for managing environments that involve shared
computing on a single computer, such as libraries or computer labs. You can assign multiple local
GPOs to local users or built-in groups.
In a workgroup environment, each computer maintains its own policy settings. This feature works
with domain-based Group Policy, or it can be disabled through a Group Policy setting.
Administrators can use multiple local GPOs to do the following:
• Apply different levels of local Group Policy to local users on a stand-alone computer. This
capability is ideal for shared computing environments where domain-based management is
not available.
• Manage Group Policy based on groups of administrators and non-administrators. For
example, if administrators want to set up computers in a computer lab to configure a secure
environment, they can create highly managed policy settings for User groups and lightly
managed policy settings for built-in Administrator accounts. This obviates the need for local
148
administrators to explicitly disable or remove Group Policy settings that interfere with their
ability to manage the workstation before they perform administrative tasks. Windows Vista
administrators can also turn off local Group Policy settings without explicitly enabling domain-
based Group Policy.
Domain administrators can disable the processing of local Group Policy objects on clients running
Windows Vista by enabling the Turn off Local Group Policy objects processing policy setting
in a domain Group Policy object. This setting is accessed under Computer
Configuration\Administrative Templates\System\Group Policy.
Windows Vista provides three layers of local Group Policy objects: local Group Policy,
Administrator and Non-Administrators Group Policy, and user-specific local Group Policy. These
layers of local Group Policy objects are processed according to the following order:
• Local Group Policy
• Administrators and Non-Administrators Group Policy
• User-specific local Group Policy
For detailed information about using the multiple local GPOs feature in Windows Vista, see the
Step-by-Step Guide to Managing Multiple Local Group Policy Objects on the Microsoft TechNet
Web site.
Group Policy processing

The local GPO is processed first, and the organizational unit to which the computer or user
belongs (the one that it is a direct member of) is processed last. Group Policy settings are
processed in the following order:
• Local GPO. Each computer has a Group Policy object that is stored locally. This GPO
processes for both computer and user Group Policy.
• Site. GPOs linked to the site to which the computer belongs are processed next.
Processing is done in the order specified by the administrator, on the Linked Group Policy
Objects tab for the site in Group Policy Management Console (GPMC). The GPO with the
lowest link order is processed last and has the highest precedence. For information about
Group Policy Management Console, see the Group Policy Management Tools section.
• Domain. Multiple domain-linked GPOs are processed in the order specified by the
administrator, on the Linked Group Policy Objects tab for the domain in Group Policy
Management Console. The GPO with the lowest link order is processed last and has the
highest precedence.
• Organizational units. GPOs linked to the organizational unit that is highest in the Active
Directory hierarchy are processed first, and then GPOs that are linked to its child
organizational unit are processed, and so on. GPOs linked to the organizational unit that
contains the user or computer are processed last.
The processing order is subject to the following conditions:
• Windows Management Instrumentation (WMI) or security filtering applied to GPOs.
• Any domain-based GPO (not local GPO) can be enforced by using the Enforce option,
so that its policy settings cannot be overwritten. Because an Enforced GPO is processed last,
149
no other settings can write over the settings in that GPO. If more than one Enforced GPO
exists, the same setting in each GPO may be set to a different value. In this case, the link
order of the GPOs determines which GPO contains the final settings.
• At any domain or organizational unit, Group Policy inheritance can be selectively
designated as Block Inheritance. However, because Enforced GPOs are always applied and
cannot be blocked, blocking inheritance does not prevent the application of policy settings
from Enforced GPOs.
Policy inheritance
Policy settings in effect for a user and computer are the result of the combination of GPOs
applied at a site, domain, or OU. When multiple GPOs apply to users and computers in those
Active Directory containers, the settings in the GPOs are aggregated. By default, settings
deployed in GPOs linked to higher level containers (parent containers) in Active Directory are
inherited to child containers and combine with settings deployed in GPOs linked to the child
containers. If multiple GPOs attempt to set a policy setting with conflicting values, the GPO with
the highest precedence sets the setting. GPOs that are processed later have precedence over
GPOs that are processed earlier.
Group Policy application

Group Policy for computers is applied at computer startup. Group Policy for users is applied when
users log on. In addition to the initial processing of Group Policy at startup and logon, Group
Policy is applied subsequently in the background on a periodic basis. During a background
refresh, a client-side extension reapplies the policy settings only if it detects that a change
occurred on the server in any of its GPOs or its list of GPOs.
For software installation and folder redirection, Group Policy processing occurs only during
computer startup or user logon.
Synchronous and asynchronous processing

Synchronous processes can be described as a series of processes in which one process must
finish running before the next one begins. Asynchronous processes can run on different threads
simultaneously, because their outcome is independent of other processes. Administrators can use
a policy setting for each GPO to change the default processing behavior so that processing is
asynchronous instead of synchronous.
Under synchronous processing, there is a time limit of 60 minutes for all of Group Policy to finish
processing on the client computer. Client-side extensions that have not finished processing after
60 minutes are signaled to stop. In this case, the associated policy settings might not be fully
applied.
Fast Logon Optimization feature

The Fast Logon Optimization feature is set by default for both domain and workgroup members.
The result is the asynchronous application of policy when the computer starts up and when the
user logs on. This application of policy is similar to a background refresh. It can reduce the length
150
of time it takes for the logon dialog box to appear and the length of time it takes for the desktop to
become available to the user.
Notes:
• Logon Optimization is not enabled and policies are processed synchronously when
the user logs on for the first time, the user has a roaming profile, the user has a HomeDir,
and the user has a logon script specified in the User object. Folder Redirection and
Group Policy Software Installation require a synchronous application of policy. Under
these conditions, computer startup can still be asynchronous. However, since logon is
synchronous, logon does not exhibit optimization.
• Client computers running Windows XP Professional, Windows XP 64-bit Edition
(Itanium), and Windows Server 2003 operating systems support Fast Logon Optimization
in any domain environment.
• For servers, startup and logon processing always behaves as if this policy setting is
enabled.
Administrators can disable the Fast Logon Optimization feature with the Always wait for the
network at computer startup and logon policy setting, which is accessed in the Computer
Configuration\Administrative Templates\System\Logon node of Group Policy Object Editor.
When this policy setting is enabled, logons are performed in the same way as they are for
Windows 2000 clients. This means that Windows XP waits for the network to be fully initialized
before users are logged on. Group Policy is applied synchronously in the foreground.
Slow links processing

Some Group Policy extensions are not processed when the connection speed falls below
specified thresholds. The default value for what Group Policy considers a slow link is any rate
slower than 500 Kilobits per second (Kbps).
The default settings for processing Group Policy over slow links are as follows.
Setting Default
Security Settings ON (cannot be turned off)
IP Security ON
EFS ON
Software Restriction Policies ON
Wireless ON
Administrative Templates ON (cannot be turned off)
Software Installation OFF
Scripts OFF
Folder Redirection OFF
IE maintenance ON
151
Administrators can use a policy setting to override the default setting. To specify settings for
Group Policy slow link detection for computers, use the Group Policy slow link detection policy
setting in the Computer Configuration\Administrative Templates\System\Group Policy node
of Group Policy Object Editor.
To set this option for users, use the Group Policy slow link detection policy setting in User
Configuration\Administrative Templates\System\Group Policy.
For more information about managing Group Policy over slow links, see Specifying Group Policy
for Slow Link Detection (http://go.microsoft.com/fwlink/?LinkId=80435) on the Microsoft TechNet
site.
Group Policy refresh interval

By default, Group Policy is processed every 90 minutes, with a randomized delay of up to 30
minutes — for a total maximum refresh interval of up to 120 minutes.
For security settings, after you have edited security settings policies, the policy settings are
refreshed on the computers in the organizational unit to which the Group Policy object is linked:
• When a computer restarts.
• Every 90 minutes on a workstation or server and every 5 minutes on a domain controller.
• By default, security policy settings delivered by Group Policy are also applied every 16
hours (960 minutes), even if a GPO has not changed.
Triggering a Group Policy refresh

Changes made to the Group Policy object must first replicate to the appropriate domain
controller; therefore, changes to Group Policy settings might not be immediately available on
users’ desktops. In some scenarios, such as application of security policy settings, it may be
necessary to apply policy settings immediately.
Administrators can trigger a policy refresh manually from a local computer without waiting for the
automatic background refresh. To do this, administrators can type gpupdate at the command line
to refresh the user or computer policy settings. You cannot use GPMC to trigger a policy refresh.
The gpupdate command triggers a background policy refresh on the local computer from which
the command is run. The gpupdate command is used in Windows Server 2003 and Windows XP
environments.
The application of Group Policy cannot be pushed to clients on demand from the server.
For more information about using gpupdate, see Refresh Group Policy settings with
GPUpdate.exe (http://go.microsoft.com/fwlink/?LinkId=80461) on the Microsoft TechNet Web site.
Targeting the application of Group Policy Objects

The primary method for specifying which users and computers receive the settings from a GPO is
the GPO link to sites, domains, and organizational units.
You can change the default order in which GPOs are processed by changing the link order,
blocking policy inheritance, enforcing a GPO link (previously known as no override), and disabling
a GPO link.
152
Administrators can use security filtering and WMI filtering to modify the set of users and
computers to which to apply a GPO.
Administrators can also use the Loopback processing feature to ensure that the same set of
policy settings is applied to any user that logs on to a specific computer.
Changing the GPO processing order

Administrators can use one of the following methods to change the order in which GPOs are
processed:
• Change the link order. The GPO link order in a site, domain, or OU controls when links
are applied. Administrators can change the precedence of a link by changing the link order,
moving each link up or down in the list to the appropriate location. The link with the higher
order (1 is the highest order) has the higher precedence for a site, domain, or organizational
unit.
• Block inheritance. Using block inheritance for a domain or OU prevents GPOs linked to
higher sites, domains, or organizational units from being automatically inherited by the child-
level Active Directory container. By default, child-level containers inherit all GPOs from the
parent. However, it is sometimes useful to block inheritance.
• Enforce a GPO link. Administrators can specify that the settings in a GPO link take
precedence over the settings of any child object by setting that link to Enforced. GPO links
that are enforced cannot be blocked from the parent container. If GPOs contain conflicting
settings and do not have enforcement from a higher-level container, the settings of the GPO
links at the higher-level parent container are overwritten by settings in GPOs linked to child
organizational units. With enforcement, the parent GPO link always has precedence. By
default, GPO links are not enforced.
• Disable a GPO link. By default, processing is enabled for all GPO links. You can
completely block the application of a GPO for a site, domain, or organizational unit by
disabling the GPO link for that domain, site, or organizational unit. This does not disable the
GPO. If the GPO is linked to other sites, domains, or organizational units, they will continue to
process the GPO if their links are enabled.
Security filtering
This method is used to specify that only specific security principals within a container where the
GPO is linked apply the GPO. Administrators can use security filtering to narrow the scope of a
GPO so that the GPO applies only to a single group, user, or computer. Security filtering cannot
be used selectively on different settings within a GPO.
The GPO applies to a user or computer only if that user or computer has both Read and Apply
Group Policy (AGP) permissions on the GPO, either explicitly or effectively though group
membership. By default, all GPOs have Read and AGP set to Allowed for the Authenticated
Users group, which includes users and computers. This is how all authenticated users receive the
settings of a new GPO when the GPO is applied to an organizational unit, domain, or site.
By default, Domain Admins, Enterprise Admins, and the local system have full control
permissions, without the Apply Group Policy access-control entry (ACE). Administrators are
153
also members of Authenticated Users. This means that, by default, administrators receive the
settings in the GPO. These permissions can be changed to limit the scope to a specific set of
users, groups, or computers within the organizational unit, domain, or site.
The Group Policy Management Console (GPMC) manages these permissions as a single unit
and displays the security filtering for the GPO on the GPO Scope tab. In GPMC, groups, users,
and computers can be added or removed as security filters for each GPO. For information about
GPMC, see the Group Policy Management Tools section.
Windows Management Instrumentation filtering

Windows Management Instrumentation (WMI) is the Microsoft implementation of the Web-Based
Enterprise Management industry initiative that establishes management infrastructure standards
and provides a way to combine information from various hardware and software management
systems. WMI exposes hardware configuration data such as CPU, memory, disk space, and
manufacturer, as well as software configuration data from the registry, drivers, file system, Active
Directory, the Windows Installer service, networking configuration, and application data. Data
about a target computer can be used for administrative purposes, such as WMI filtering of GPOs.
WMI filtering is used to filter the application of a GPO by attaching a WMI Query Language
(WQL) query to a GPO. The queries can be used to query WMI for multiple items. If a query
returns true for all queried items, the GPO is applied to the target user or computer.
A GPO is linked to a WMI filter and applied on a target computer, and the filter is evaluated on the
target computer. If the WMI filter evaluates to false, the GPO is not applied (except if the client
computer is running Windows 2000, in which case the filter is ignored and the GPO is always
applied). If the WMI filter evaluates to true, the GPO is applied.
The WMI filter is a separate object from the GPO in the directory. A WMI filter must be linked to a
GPO in order to apply, and a WMI filter and the GPO to which it is linked must be in the same
domain. WMI filters are stored only in domains. Each GPO can have only one WMI filter. The
same WMI filter can be linked to multiple GPOs.
Loopback processing
Loopback processing is an advanced Group Policy setting that is useful on computers in some
closely managed environments, such as servers, kiosks, laboratories, classrooms, and reception
areas. Setting loopback causes the User Configuration policy settings in GPOs that apply to the
computer to be applied to every user logging on to that computer, instead of (in Replace mode)
or in addition to (in Merge mode) the User Configuration settings of the user. Administrators can
use this feature to ensure that a consistent set of policy settings is applied to any user that logs
on to a specific computer, regardless of the user's location in Active Directory.
To set Loopback processing, administrators can use the User Group Policy loopback
processing mode policy setting, which is accessed under Computer
Configuration\Administrative Templates\System\Group Policy in Group Policy Object Editor.
To use the Loopback processing feature, both the user account and the computer account must
be in a Windows 2000 or later domain. Loopback does not work for computers joined to a
workgroup.
154
For more information about targeting the application of GPOs, see Controlling the Scope of
Group Policy Objects using GPMC (http://go.microsoft.com/fwlink/?LinkId=80462) on the
Microsoft TechNet site.
Administrative Templates extension

The Administrative Templates extension of Group Policy consists of an MMC server-side snap-in
used to configure policy settings and a client-side extension that sets registry keys on target
computers. Administrative Templates policy is also known as registry-based policy or registry
policy.
The 2007 Microsoft Office system policy settings are contained in Administrative Template files,
which can be downloaded from 2007 Office System Administrative Templates (ADM)
(http://go.microsoft.com/fwlink/?LinkId=78161) on the Microsoft Download Center.
Administrative Template files

Administrative Template (.adm) files are Unicode files which consist of a hierarchy of categories
and subcategories that define how options display through the Group Policy Object Editor and
GPMC. They also indicate the registry locations where changes should be made if a selection is
made, specify options or restrictions (in values) associated with the selection, and, in some
cases, indicate a default value to use if a selection is activated.
The functionality of .adm files is limited. The purpose of .adm files is to enable a user interface to
configure policy settings. .Adm files do not contain policy settings. The policy settings are
contained in registry.pol files located in the Sysvol folder on domain controllers.
The Administrative Templates server-side snap-in provides an Administrative Templates node
that appears in Group Policy Object Editor under the Computer Configuration node and under
the User Configuration node. The settings under Computer Configuration manipulate registry
settings for the computer. Settings under User Configuration manipulate registry settings for
users. Although some policy settings require simple UI elements such as text boxes to enter
values, most policy settings contain only the following options:
• Enabled: The policy is enforced. Some policy settings provide additional options that
define the behavior when the policy is activated.
• Disabled: Enforces the opposite behavior as the Enabled state for most policy settings.
For example, if Enabled forces a feature's state to Off, Disabled forces the feature's state to
On.
• Not configured: The policy is not enforced. The default is not configured for most
settings.
Administrative Template files for the 2007 Office System

The following Administrative Template files are available for the 2007 Office system:
• office12.adm: shared Office components
• access12.adm: Microsoft Office Access 2007
• cpao12.adm: Calendar Printing Assistant for Microsoft Office Outlook 2007
155
• excel12.adm: Microsoft Office Excel 2007
• groove12.adm: Microsoft Office Groove 2007
• ic12.adm: Microsoft Office InterConnect 2007
• inf12.adm: Microsoft Office InfoPath 2007
• onent12.adm: Microsoft Office OneNote 2007
• outlk12.adm: Microsoft Office Outlook 2007
• ppt12.adm: Microsoft Office PowerPoint 2007
• proj12.adm: Microsoft Office Project 2007
• pub12.adm: Microsoft Office Publisher 2007
• spd12.adm: Microsoft Office SharePoint Designer 2007
• visio12.adm: Microsoft Office Visio 2007
• word12.adm: Microsoft Office Word 2007
Administrators can use the 2007 Office system policy settings for tasks such as the following:
• Managing security settings for the 2007 Office system applications
• Preventing connections to the Internet from the 2007 Office system applications
• Hiding or disabling 2007 Office system user interface settings that might be confusing to
users or unnecessary for users to perform their work
• Creating highly managed or less restricted, standard configurations of users' computers
• Setting default File Save options for the 2007 Office system applications to prepare for
migration from earlier versions of Office
For example, administrators can use Group Policy to disable, enable, or configure most of the
settings that control the Office user interface, such as:
• Menu commands
• Shortcut keys
• Options dialog box settings
The large numbers of Group Policy settings available for the 2007 Office system provide a high
degree of flexibility. Administrators can create highly restricted or lightly managed configurations,
depending on the specific business requirements and security concerns of their organizations.
To download the 2007 Office system Administrative Template files, see 2007 Office System
Administrative Templates (ADM) in the Microsoft Download Center.
You can also download the 2007 Microsoft Office System Open XML Format converters
Administrative Template (ADM) file from the Microsoft Download Center. Administrators can use
this template to modify the default behavior for the Microsoft Office Word, Excel, and PowerPoint
2007 Open XML Format converters.
Administrators can modify Microsoft Office 2003 and Microsoft Office XP Administrative Template
files to set default File Save As options to include the new OpenXML file formats of the 2007
Microsoft Office programs. For more information, see KB article 932127, How to modify an
existing Office policy file (ADM file) for Office 2003 and for Office XP to set the Save As default
file format to include the new OpenXML file formats of the 2007 Microsoft Office programs on the
Microsoft Support Knowledge Base (KB) Web site.
156
For more information about Administrative Templates, see the Administrative Templates
Extension Technical Reference (http://go.microsoft.com/fwlink/?LinkId=56088).
Windows Vista and Windows Server 2008 introduce a new XML-based format for Administrative
Template files, as discussed in the next section.
Administrative Template Files: Changes in Windows Vista and

Windows Server 2008
First released in Windows NT 4.0, Administrative Template files used a unique file format known
as .adm files. In Windows Vista and Windows Server 2008 operating systems, these files are
replaced by ADMX files, which use an XML-based file format to display registry-based policy
settings. These new Administrative Template files make it easier to manage registry-based policy
settings in Windows Vista and Windows Server 2008. The policy settings contained in the Office
2007 ADM and ADMX files are the same.
The new ADMX and ADML files replace earlier .adm files and are divided into language-neutral
(ADMX) and language-specific (ADML) resource files. These new file types allow Group Policy
tools to adjust the user interface according to the administrator's configured language.
Group Policy Object Editor and Group Policy Management Console continue to recognize
earlier .adm files you may have in your current environment. Custom .adm files (or .adm files that
are not delivered by default in the operating system) in a GPO are used by Group Policy Object
Editor and Group Policy Management Console. The tools do not recognize earlier .adm files that
were included by default in the operating system, such as System.adm and Inetres.adm.
Administrators can manage Group Policy settings affecting Windows Vista and earlier operating
systems from a workstation running Windows Vista. ADMX files are supported only on the
Windows Vista operating system. Copying ADMX files to earlier operating systems has no effect.
Note
Administrators can convert ADM files to the ADMX format by using the ADMX Migrator
tool. ADMX Migrator provides an ADMX editor with a graphical user interface for creating
and editing administrative templates. For more information, see ADMX Migrator
ADMX and ADML file storage in Windows Vista

The central store is a folder created on the Sysvol folder of an Active Directory domain controller.
This folder provides a single, centralized storage location for ADMX and ADML files for the
domain. Administrators can create a central store on a domain controller running Windows Server
2003 R2, Windows Server 2003 SP1, or Windows 2000 Server. The creation of the central store
does not require Windows Server 2008.
For more information about administering ADMX files in Vista, see Managing Group Policy ADMX
Files Step-by-Step Guide, Requirements for Editing Group Policy Objects Using ADMX Files, and
Scenario 2: Editing Domain-Based GPOs Using ADMX Files on the Microsoft TechNet Web site.
157
User preferences and true policies
Group Policy settings that administrators can fully manage are referred to as true policies.
Settings that users configure or that reflect the default state of the operating system at installation
time are referred to as preferences. Both true policies and preferences contain information that
modifies the registry on users’ computers. There are important distinctions between true policies
and preferences. True policy settings take precedence over preference settings.
Registry values for true policies are stored under the approved registry keys for Group Policy.
Users cannot change or disable these settings:
For computer policy settings:
• HKEY_LOCAL_MACHINE\Software\Policies (the preferred location)
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
For user policy settings:
• HKEY_CURRENT_USER\Software\Policies (the preferred location)
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
Preferences are set by users or by the operating system at installation time. The registry values
that store preferences are located outside the approved Group Policy keys shown in the
preceding table. Users can change their preferences.
Administrators can write an .adm file that sets registry values outside of the approved Group
Policy registry trees. In this case, this method only ensures that a registry key or value is set in a
specific way. With this approach, the administrator configures preference settings instead of true
policy settings and marks the registry with these settings. This means that the settings persist in
the registry, even if the preference setting is disabled or deleted.
If you configure preference settings by using a GPO in this manner, the GPOs that you create do
not have Access Control List (ACL) restrictions. Therefore, users might be able to change these
values in the registry. When the GPO goes out of scope (if the GPO is unlinked, disabled, or
deleted), these values are not removed from the registry.
In contrast, true registry policy settings do have ACL restrictions to prevent users from changing
the settings. The policy values are removed when the GPO that sets the values goes out of
scope. For this reason, true policies are considered to be policy settings that can be fully
managed. By default, the Group Policy Object Editor only displays policy settings that can be fully
managed.
To view preferences in Group Policy Object Editor, click the Administrative Templates node,
click View, click Filtering, and then clear Only show policy settings that can be fully
managed.
True policy settings take priority over preferences; however, they do not overwrite or modify the
registry keys used by the preferences. If a policy setting is deployed that conflicts with a
preference setting, the policy setting takes precedence over the preference. If both a policy and
preference are present, the preference is successfully restored if the policy is removed or
disabled. Preference settings persist in the registry until they are reversed by a counteracting
policy setting or by editing the registry.
The following table summarizes the effects of policy settings and preferences.
158
Group Policy present Preference present Resultant behavior
No No Default
No Yes The preference setting configures behavior.
Yes No The policy setting configures behavior.
Yes Yes The policy setting configures behavior. The

preference setting is ignored.
For the 2007 Office system, all user-specific policy settings are stored in the
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0 sub-key. Computer-specific
policies are stored in the HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\12.0
sub-key. By default, both policy sub-keys are locked to prevent users from modifying them.
Group Policy Management tools

Administrators use the following tools to administer Group Policy: Group Policy Management
Console (GPMC) and Group Policy Object Editor Microsoft Management Console (MMC) snap-
ins. Administrators use Group Policy Management Console for managing most Group Policy
management tasks. Group Policy Object Editor is used for configuring policy settings in Group
Policy objects.
Group Policy Management Console

GPMC simplifies the management of Group Policy by providing a single tool for managing core
aspects of Group Policy, such as scoping, delegating, filtering, and manipulating inheritance of
GPOs. GPMC can also be used to back up (export), restore, import, and copy GPOs.
Administrators can use GPMC to predict how GPOs will affect the network and to determine how
GPOs have changed settings on a computer or user. GPMC is the preferred tool for managing
most Group Policy tasks in a domain environment.
GPMC provides a view of GPOs, sites, domains, and OUs across an enterprise, and can be used
to manage either Windows Server 2003 or Windows 2000 domains. Administrators use GPMC to
perform all Group Policy management tasks, with the exception of configuring individual policy
settings in Group Policy objects. This is done with Group Policy Object Editor. GPMC invokes
Group Policy Object Editor. and you can use this tool from GPMC.
Administrators use GPMC to create a GPO with no initial settings. An administrator can also
create a GPO and link the GPO to an Active Directory container at the same time. To configure
individual settings within a GPO, an administrator edits the GPO from within GPMC. Group Policy
Object Editor displays with the GPO loaded.
An administrator can use GPMC to link GPOs to sites, domains, or OUs in Active Directory.
Administrators must link GPOs to apply settings to users and computers in Active Directory
Containers.
GPMC includes the following Resultant Set of Policies (RSoP) features that are provided by
Windows:
159
• Group Policy Modeling. Simulates what policy settings are applied under circumstances
specified by an administrator. Administrators can use Group Policy Modeling to simulate the
RSoP data that would be applied for an existing configuration, or they can analyze the effects
of simulated, hypothetical changes to their directory environment. Group Policy Modeling
requires that you have at least one domain controller running Windows Server 2003, because
this simulation is performed by a service running on a domain controller that is running
Windows Server 2003. For more information, see Group Policy Modeling
(http://go.microsoft.com/fwlink/?LinkId=82672) on the Microsoft TechNet Web site.
• Group Policy Results. Represents the actual policy data that is applied to a computer and
user. Data is obtained by querying the target computer and retrieving the RSoP data that was
applied to that computer. The Group Policy Results capability is provided by the client
operating system and requires Windows XP, Windows Server 2003, or later versions of the
operating system. For more information, see Group Policy Results
(http://go.microsoft.com/fwlink/?LinkId=82673) on the Microsoft TechNet Web site.
GPMC was originally provided as a separate download component for Microsoft Windows Server
2003 and Windows XP. To download GPMC, see Download Group Policy Management Console
(GPMC) (http://go.microsoft.com/fwlink/?LinkId=58541) on the Microsoft Download Center Web
site.
In Windows Vista and Windows Server 2008, GPMC is integrated directly into the operating
system and is the standard tool for managing Group Policy tasks along with Group Policy Object
Editor.
For more information about GPMC, see Step-by-Step Guide to Using Group Policy Management
Console (http://go.microsoft.com/fwlink/?LinkId=75196) on the Microsoft TechNet Web site.
Group Policy Object Editor

Group Policy Object Editor is an MMC snap-in that is used to configure policy settings in Group
Policy objects. The Group Policy Object Editor is contained in gpedit.dll, and is installed with
Windows 2000, Windows XP, Windows Server 2003, and Windows Vista and Windows Server
2008 operating systems.
On computers running Windows 2000, Windows XP with the Windows Server 2003
Administration Tools Pack installed, and Windows Server 2003, you can access the Group Policy
Object Editor from the Active Directory Users and Computers and Active Directory Sites and
Services snap-ins.
To configure Group Policy settings for a local computer that is not a member of a domain, use
Group Policy Object Editor to manage a local GPO (or multiple GPOs in computers running
Windows Vista or Windows Server 2008). To configure Group Policy settings in a domain
environment, GPMC, which invokes Group Policy Object Editor, is the preferred tool for Group
Policy management tasks.
Group Policy Object Editor provides administrators with a hierarchical tree structure for
configuring Group Policy settings in GPOs. These GPOs can then be linked to sites, domains,
and OUs that contain computer or user objects.
160
Group Policy Object Editor consists of two main nodes: User Configuration, which contains
settings that are applied to users at logon and periodic background refresh, and Computer
Configuration, which contains settings that are applied to computers at startup and periodic
background refresh. The main nodes are further divided into folders that contain the different
types of policy settings that can be set. These folders include:
• Software Settings, which contains software installation settings
• Windows Settings, which contains Security Settings and Scripts policy settings
• Administrative Templates, which contains registry-based policy settings
For more information about Group Policy Object Editor, see Group Policy (pre-GPMC)
(http://go.microsoft.com/fwlink/?LinkId=72742) on the Microsoft TechNet Windows Server 2003
site.
Office Customization Tool and Group Policy

Administrators can use two tools to customize user configurations for the 2007 Office system
applications: Office Customization Tool (OCT) and Group Policy. Although both of these tools
configure user settings, there are important distinctions.
• The Office Customization Tool is used to create a Setup customization file (MSP file).
Administrators can use the OCT to customize features and configure user settings. Users can
modify most of the settings after the installation. This is because the OCT configures settings
in publicly accessible portions of the registry, such as
HKEY_CURRENT_USER/Software/Microsoft/Office/12.0. This tool is typically used in
organizations that do not manage desktop configurations centrally. For more information, see
Office Customization Tool in the 2007 Office system.
• Group Policy is used to configure the 2007 Office system policy settings contained in
Administrative Templates, and the operating system enforces those policy settings. In an
Active Directory environment, administrators can apply policy settings to groups of users and
computers in a site, domain, or organizational unit to which a Group Policy object is linked.
True policy settings are written to the approved registry keys for policy, and these settings
have ACL restrictions that prevent non-administrator users from changing them.
Administrators can use Group Policy to create highly managed desktop configurations. They
can also create lightly managed configurations to address the business and security
requirements of their organizations.
See Also
• Enforce settings by using Group Policy in the 2007 Office system
• Disabling User Interface Items and Shortcut Keys by Specifying Toolbar Control IDs
• Planning for security in the 2007 Office system
• Plan for configuring security settings in Outlook 2007
• Using Group Policy to set default file save options
161

AM101638461033

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

AM101638461033

Caricato da

Copyright:

Formati disponibili

Planning and architecture for the 2007 Office

I Evaluating the new Setup architecture.........................................................................................1

Setup sequence of events in the 2007 Office system.....................................................................2

Language-neutral architecture in the 2007 Office system...............................................................7

Streamlined customization model for the 2007 Office system.......................................................10

Required local installation source for the 2007 Office system.......................................................13

Consolidated update process for the 2007 Office system.............................................................15

Simplified design for multiple languages in the 2007 Office system..............................................17

II Planning for migration...............................................................................................................23

Preparing for migration to the 2007 Office system........................................................................24

Plan and prepare for migration to the 2007 Office system............................................................25

Collaborating with previous versions of Office and other programs..............................................26

FAQ: File format............................................................................................................................30

Review migration issues for the 2007 Office system.....................................................................33

Determining the best migration strategy........................................................................................34

Assessing your environment with the Office Migration Planning Manager....................................37

Install and configure OMPM File Scanner.....................................................................................45

Distribute OMPM File Scanner......................................................................................................53

Prepare a SQL database for OMPM.............................................................................................55

Import OMPM log files into the database......................................................................................56

Analyze reports from OMPM.........................................................................................................59

Migration considerations by application........................................................................................63

Migration considerations for Access 2007.....................................................................................64

III Planning for Outlook 2007........................................................................................................91

Outlook 2007 deployment overview..............................................................................................93

Determine when to install Outlook 2007........................................................................................99

Install Outlook 2007 by using the Office Customization Tool.......................................................102

Plan an upgrade to Outlook 2007...............................................................................................104

How Outlook 2007 works with different Exchange Server versions............................................109

Plan a Cached Exchange Mode deployment in Outlook 2007....................................................114

Plan Outlook 2007 Offline Address Book deployment.................................................................125

Considerations when installing Outlook 2007 in a Terminal Services environment.....................126

Use Outlook 2007 to help protect messages..............................................................................129

Plan for e-mail messaging cryptography.....................................................................................130

How users manage cryptographic digital IDs in Outlook 2007....................................................133

Plan for configuring security settings in Outlook 2007................................................................136

How administrator and user security settings interact in Outlook 2007.......................................139

Plan for Outlook 2007 security in special environments..............................................................140

Plan for limiting junk e-mail in Outlook 2007...............................................................................142

Group Policy overview (2007 Office)...........................................................................................147

Setup chain of events

Read XML data

Setup.xml and Package.xml

Setup customization file

Build the feature tree

Apply the customization file

Apply software updates

Including more than one product on the

Running Setup interactively

Language-neutral architecture in the 2007

Multiple MSI files

Using the Office Customization Tool

Customizing a new installation

Making changes to an existing Office installation

Using the Config.xml file to customize Office

Creating a local installation source on users'

Deploying the local installation source by itself

Applying Office updates during new installations

Updating existing Office installations

New multilanguage framework

Language versions of Office

Language packs for Office

Installing multiple languages of Office