Planning and architecture for the 2007 Office release
Microsoft Corporation Published: July 2008 Author: Office IT and Servers User Assistance ([email protected])
Abstract This book provides a detailed description of how Setup for the 2007 Microsoft Office system works and helps you manage a smooth transition to the new version. Planning for a Microsoft Office Outlook 2007 is also included in this book. The audiences for this book are IT professionals who plan, implement, and maintain Office installations in their organizations. The content in this book is a copy of selected content in the 2007 Office release technical library (http://go.microsoft.com/fwlink/?LinkId=84741) as of the date above. For the most current content, see the technical library on the Web. 2 The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Access, Active Directory, Excel, Groove, InfoPath, Internet Explorer, OneNote, Outlook, PowerPoint, SharePoint, SQL Server, Visio, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
ii Contents
I Evaluating the new Setup architecture...... 1
Setup sequence of events in the 2007 Office system...... 2 Setup chain of events...... 2 Run Setup...... 3 Check prerequisites...... 3 Read XML data...... 3 Setup.xml and Package.xml...... 3 Setup customization file...... 4 Config.xml...... 4 Build the feature tree...... 4 Create a local installation source...... 5 Install Office...... 5 Apply the customization file...... 5 Apply software updates...... 6 Including more than one product on the installation point...... 7 Running Setup interactively...... 7
Language-neutral architecture in the 2007 Office system...... 8 Multiple MSI files...... 8
Streamlined customization model for the 2007 Office system...... 11 Using the Office Customization Tool...... 11 Customizing a new installation...... 11 Making changes to an existing Office installation...... 12 Using the Config.xml file to customize Office...... 12
Required local installation source for the 2007 Office system...... 14 Creating a local installation source on users' computers...... 14 Deploying the local installation source by itself...... 15
Consolidated update process for the 2007 Office system...... 16 Applying Office updates during new installations...... 16 Updating existing Office installations...... 16
Simplified design for multiple languages in the 2007 Office system...... 18 New multilanguage framework...... 18 Language versions of Office...... 18 Language packs for Office...... 19 Installing multiple languages of Office...... 20 Installing a default language on each user's computer...... 21 Specifying one or more languages to install on users' computers...... 21
iii Installing language packs separately...... 22 Installing Proofing Tools...... 22 Adding languages after Office is installed...... 22
II Planning for migration...... 24
Preparing for migration to the 2007 Office system...... 25
Plan and prepare for migration to the 2007 Office system...... 26
Collaborating with previous versions of Office and other programs...... 27 Using the Microsoft Office Compatibility Pack for backward compatibility...... 27 Features that are not supported in the Microsoft Office Compatibility Pack...... 27 OMPM Office File Converter...... 27 Viewers...... 27 Setting default save options...... 28 Using compatibility mode...... 28 Compatibility checker...... 28 Considerations for printing and viewing files...... 29 Printer hardware and configuration...... 29 Backward compatibility...... 29 Compatibility with other programs...... 30
FAQ: File format...... 31 What is the new file format?...... 31 Why is there a new file format?...... 31 How are users being prepared for the new file format?...... 31 How can users collaborate on files when they use different versions of Office?...... 32 Can previous versions of Office recognize the new file format?...... 32 How can I tell whether a file is from the 2007 Office release or from a previous version of Office?...... 32 File sizes have increased with each new version of Office. Will this happen again with the 2007 Office system?...... 33
Review migration issues for the 2007 Office system...... 34
Determining the best migration strategy...... 35 Single rollout...... 35 Phased rollout...... 36 As-needed rollout...... 37
Assessing your environment with the Office Migration Planning Manager...... 38
Introduction to OMPM...... 39 OMPM contents...... 39 Installing OMPM...... 40 OMPM requirements...... 40 Client system requirements...... 40
iv Administrator system requirements...... 41 How the OMPM File Scanner works...... 42 Log and CAB files generated by the OMPM File Scanner...... 43 Files scanned by the OMPM File Scanner...... 44
Install and configure OMPM File Scanner...... 47 Offscan.ini settings...... 47
Distribute OMPM File Scanner...... 55 Files to Distribute...... 55 Distributing the OMPM File Scanner with SMS...... 55 Other ways to distribute the OMPM File Scanner...... 55 Collecting OMPM File Scanner log files...... 56
Prepare a SQL database for OMPM...... 57
Import OMPM log files into the database...... 58 Fixing import failures...... 59
Analyze reports from OMPM...... 61 Starting OMPM Reports...... 61 Review Scan Coverage and Errors...... 61 Review Office 2007 Compatibility...... 62 Review Access Compatibility...... 63
Migration considerations by application...... 65
Migration considerations for Access 2007...... 66 Migration considerations for Access 2000, Access 2002, and Access 2003...... 66 Features available only in the new file format in Office Access 2007...... 66 Features available only in MDB file format...... 67 Features no longer available in Office Access 2007...... 67 Migration considerations for Access 97 and earlier...... 68 Enabling a database...... 68 Converting a database...... 68 MDE file limitations...... 68 Access 2007 in mixed environments...... 68 Handling VBA references...... 70 Access 2007 and SQL Server...... 71 Linking to SQL Server...... 71 Access Data Projects (ADPs)...... 72 Access 2003 Conversion Toolkit...... 72
Migration considerations for Excel 2007...... 73 Changes in Office Excel 2007...... 73 New file formats...... 73 Larger grid size...... 74
v New user interface...... 74 Opening Excel 97–2003 workbooks in Office Excel 2007...... 74 Compatibility Tools...... 75 Compatibility Mode...... 75 Compatibility Checker...... 75 Format changes...... 76 New and renamed file names and file name extensions...... 76 Support is removed for some file formats...... 76 HTML file format for publishing only...... 77 Microsoft Script Editor...... 77 Visualization and design...... 77 AutoFormat...... 77 Charting...... 78 Shapes...... 79 Lists and PivotTables...... 79 AutoFilter...... 80 AutoFilterMode property...... 80 Lists are now called tables...... 80 Adding new records to a table...... 80 Table name...... 81 Office SharePoint Server 2007 lists and write-back...... 81 PivotTables...... 82 Tracking customizations...... 83 References and names...... 83 Full row or column references...... 83 Names and column header labels...... 84 Opening Office Excel 2007 workbooks in earlier versions of Office Excel...... 84 Conditional formatting...... 85 Formatting is retained...... 85 Designing formats for use in multiple versions...... 85 Incompatible grid size...... 86 Incompatible tables and lists...... 87 External data queries...... 87 New security features...... 87 Trust Center and the Message Bar...... 87 Trusted Locations...... 88 Empty macros...... 88 Change in security levels...... 88 Programmability issues...... 88 Interaction between Office Excel 2007 and Internet Explorer...... 89
Migration considerations for Word 2007...... 90 Migrating files to the new file format...... 90 Migrating AutoText entries...... 90 Migrating customizations...... 91
vi Migrating Add-ins...... 92 Migrating AutoCorrect entries...... 92 Migrating the data key...... 92
III Planning for Outlook 2007...... 93
Planning for installing and upgrading Outlook 2007 (Office Resource Kit)...... 94
Outlook 2007 deployment overview...... 95 Determining your organization's needs...... 95 Upgrade or initial installation...... 95 Migrating data...... 95 Remote and roaming users...... 95 Multilingual requirements...... 95 Client and messaging server platforms...... 95 Choosing when and how to install Outlook...... 95 Customizing Outlook settings and profiles...... 95 Configuring subscriptions and other sharing features...... 95 Using Outlook with Terminal Services...... 95 Collaboration Data Objects dependencies...... 95 Security and privacy considerations...... 95 The new Trust Center for Office...... 95 Limiting viruses and junk e-mail messages for your users...... 95 Configuring cryptographic features...... 95 Restricting permission on e-mail messages...... 95 Outlook 2007 and e-mail protocols and servers...... 95
Determine when to install Outlook 2007...... 95 Installing Outlook with Office...... 95 Installing Outlook before Office...... 95 Advantages of installing Outlook before Office...... 95 Disadvantages of installing Outlook before Office...... 95 Installing Outlook after Office...... 95 Advantages of installing Outlook after Office...... 95 Disadvantages of installing Outlook after Office...... 95 Staging an Outlook deployment...... 95 Advantages of staging a deployment...... 95 Disadvantages of staging a deployment...... 95
Install Outlook 2007 by using the Office Customization Tool...... 95 Customizing Outlook by using the Office Customization Tool...... 95 Specifying installation states for Outlook features...... 95 Specifying Outlook user settings...... 95 Customizing Outlook profiles...... 95 Configure Outlook Send/Receive settings...... 95
Plan an upgrade to Outlook 2007...... 95
vii Issues to consider when planning an upgrade...... 95 Upgrading from an earlier version of Outlook...... 95 Configuring user profiles in Office Outlook 2007...... 95 Upgrading with Cached Exchange Mode enabled...... 95 Upgrading from Outlook 2000 IMO...... 95 Address book might need to be imported manually...... 95 Rules might not work properly...... 95 Error for unsupported fax software might not appear...... 95 Choosing fax support in Office Outlook 2007...... 95 Supporting forms in Office Outlook 2007...... 95 Upgrading from other mail and scheduling programs...... 95
How Outlook 2007 works with different Exchange Server versions...... 95 Features supported with Exchange Server 2007 and Exchange Server 2003...... 95 Features supported only with Exchange Server 2003 or later...... 95 Enhancements that work better with Exchange Server 2003 or later...... 95 Additional resources...... 95
Plan a Cached Exchange Mode deployment in Outlook 2007...... 95 How Cached Exchange Mode can help improve the Outlook user experience...... 95 Outlook features that can reduce the effectiveness of Cached Exchange Mode...... 95 Synchronization, disk space, and performance considerations...... 95 Send/Receive synchronization considerations...... 95 Offline Address Book considerations...... 95 Offline File Folders (OSTs) considerations...... 95 Managing performance issues...... 95 Managing Outlook folder sharing...... 95 Public Folder Favorites considerations...... 95 Managing Outlook behavior for perceived slow connections...... 95 Options for staging a Cached Exchange Mode deployment...... 95 Upgrading current Cached Exchange Mode users to Office Outlook 2007...... 95 Deploying Cached Exchange Mode to users who already have OST files...... 95 Using Group Policy to enforce Cached Exchange Mode settings...... 95 Additional resources...... 95
Plan Outlook 2007 Offline Address Book deployment...... 95
Considerations when installing Outlook 2007 in a Terminal Services environment...... 95 Outlook features that are disabled with Terminal Services...... 95 Enabling remote sound...... 95 Unlocking registry settings...... 95
Planning for security and protection in Outlook 2007 (Office Resource Kit)...... 95
Use Outlook 2007 to help protect messages...... 95
Plan for e-mail messaging cryptography...... 95
viii Cryptographic messaging features in Outlook...... 95 How Outlook implements cryptographic messaging...... 95 Digital IDs: A combination of public/private keys and certificates...... 95 Security labels and signed receipts...... 95 Classes of encryption strengths...... 95 Additional resources...... 95
How users manage cryptographic digital IDs in Outlook 2007...... 95 Places to store digital IDs...... 95 Microsoft Exchange Global Address Book...... 95 Internet directory service (LDAP)...... 95 Windows file...... 95 Providing digital IDs to others...... 95 Provide a certificate in a digitally signed e-mail message...... 95 Obtain a certificate from a directory service...... 95 Importing digital IDs...... 95 Renewing keys and certificates...... 95
Plan for configuring security settings in Outlook 2007...... 95 Specifying how security settings are enforced in Outlook...... 95 Choosing between the Exchange Server security form and Group Policy security settings...... 95 Scenario for using the security form...... 95 Scenarios for using Group Policy security settings...... 95 Scenarios for using security form or Group Policy security settings...... 95 Caveats to consider when customizing security settings...... 95 Customizing options for junk e-mail and ActiveX controls...... 95 Updated Object Model Guard...... 95
How administrator and user security settings interact in Outlook 2007...... 95
Plan for Outlook 2007 security in special environments...... 95 Users with a hosted Exchange Server environment...... 95 Users with administrative rights...... 95 Users with an Outlook Web Access environment...... 95
Plan for limiting junk e-mail in Outlook 2007...... 95 Overview: the Outlook Junk E-mail Filter...... 95 Supported account types...... 95 Support in different versions of Exchange Server...... 95 Upgrading from a previous installation of Outlook before Outlook 2003...... 95 Configuring the Junk E-mail Filter user interface...... 95 Providing default Junk E-mail Filter lists...... 95
IV Planning for Group Policy for the 2007 Office system...... 95
Group Policy overview (2007 Office)...... 95 Local and Active Directory-based Group Policy...... 95
ix Multiple local GPOs: changes in Windows Vista and Windows Server 2008...... 95 Group Policy processing...... 95 Policy inheritance...... 95 Group Policy application...... 95 Synchronous and asynchronous processing...... 95 Fast Logon Optimization feature...... 95 Slow links processing...... 95 Group Policy refresh interval...... 95 Targeting the application of Group Policy Objects...... 95 Changing the GPO processing order...... 95 Security filtering...... 95 Windows Management Instrumentation filtering...... 95 Loopback processing...... 95 Administrative Templates extension...... 95 Administrative Template files...... 95 Administrative Template files for the 2007 Office System...... 95 Administrative Template Files: Changes in Windows Vista and Windows Server 2008...... 95 ADMX and ADML file storage in Windows Vista...... 95 User preferences and true policies...... 95 Group Policy Management tools...... 95 Group Policy Management Console...... 95 Group Policy Object Editor...... 95 Office Customization Tool and Group Policy...... 95
x I Evaluating the new Setup architecture
In this section: Setup sequence of events in the 2007 Office system Language-neutral architecture in the 2007 Office system Streamlined customization model for the 2007 Office system Required local installation source for the 2007 Office system Consolidated update process for the 2007 Office system Simplified design for multiple languages in the 2007 Office system
1 Setup sequence of events in the 2007 Office system
Unlike previous versions, the 2007 Microsoft Office system is not installed as a single Windows Installer package (MSI file). Instead, a language-neutral core package is combined with one or more language-specific packages to make a complete product. Setup assembles the individual packages and orchestrates a seamless installation. Setup also handles customization and maintenance tasks during and after Office is installed on users' computers. Typically, the first step in a corporate installation of Office is to create a network installation point —a task as simple as copying all the files and folders from the Office product CD to a shared network location. At a minimum, the network installation point contains the language-neutral core package plus language-specific folders for one language. This installation point serves as the initial source for all users who install Office. In the simplest scenario, you deploy an Office product from the network installation point with one language version and a single set of customizations for all users. Setup handles this scenario automatically. If you deploy multiple products or languages, you can add them to the same network installation point and specify exactly which products and languages to include in the installation. In all of these scenarios, Setup performs the same tasks to assemble the correct set of MSI files and to complete the installation.
Note Unlike previous versions of Microsoft Office products, the 2007 Office system does not allow you to create an administrative installation point by running Setup with the /a command-line option to extract compressed source files. Instead, all installations occur from the compressed source.
Setup chain of events The basic Setup chain of events occurs in the same sequence in every deployment scenario, as shown in the following list: 1. Run Setup 2. Check prerequisites 3. Read XML data 4. Build the feature tree 5. Create a local installation source on the user's computer 6. Install Office 7. Apply the customization file 8. Apply software updates
2 Run Setup Setup.exe is the program that initiates all the mechanisms of the installation process; it is located at the root of the network installation point. You run Setup once for each Office product you install. When it runs, Setup searches the network installation point for an Office product to install. If the installation point contains more than one Office product, Setup presents the user with a choice of products to install. You can circumvent the selection process and determine which Office product is installed by pointing Setup.exe to the Config.xml file in a core product folder. For example, if you want to install Microsoft Office Standard 2007, you can use the following command line: \\server\share\Office12\setup.exe /config \\server\share\Office12\Standard.WW\Config.xml where Office12 is the root of the network installation point. In previous versions of Office, Setup.exe called Windows Installer (Msiexec.exe) to perform the installation of Office. Although Setup still uses Windows Installer, Setup bypasses the Windows Installer executable program. The Msiexec.exe command line cannot be used to install the 2007 Office system.
Note This version of Setup.exe recognizes only a few command-line options. For more information, see Setup command-line options for the 2007 Office system.
Check prerequisites When Setup starts, it checks for a number of installation prerequisites, including minimum operating system requirements and administrative rights. A user must be an administrator of the client computer in order to install Office, or you must use a tool such as Microsoft Systems Management Server to run the installation with elevated privileges. For more information about giving users administrative rights for an Office installation, see Deploy the 2007 Office system to users who are not administrators.
Read XML data Setup gathers information about each package on the installation point, collects default settings for the installation, and incorporates customizations you specify. Setup gathers all this information in the form of XML data from several sources: Setup.xml and Package.xml files for each package Setup customization file Config.xml file
Setup.xml and Package.xml Each folder on the installation point—both the folder for the language-neutral core package and the folder for each language-specific package—contains a Setup.xml and a Package.xml file (for example, StandardWW.xml for Office Standard 2007). Information in these files allows Setup to do the following:
3 Identify a product and the available languages for that product. Match language-neutral and language-specific elements to create complete features. Build a consolidated feature tree. Collect the set of MSI files required for the installation.
Note The Setup.xml and Package.xml files are signed and cannot be modified. Altering these files causes Setup to fail.
Setup customization file Early in the installation process, Setup determines whether you have specified a Setup customization file (MSP file) for the product that is being installed. The customization file contains all the modifications for an installation, including customizations that control the installation process. If no customization file is specified on the command line or in the Config.xml file, Setup searches the Updates folder on the installation point for a customization file specific to the product that is being installed. The Updates folder is included by default on the installation point; in most cases, it is the recommended location in which to store both customization files and software updates for all the Office products included on the installation point. Setup uses XML data appended to the customization file to determine how to install the product— for example, whether to run quietly or which features to display in the feature tree. Settings in a customization file overwrite default settings contained in the Setup.xml and Package.xml files. For more information about Setup customization files, see Streamlined customization model for the 2007 Office system.
Config.xml Each core product folder contains a Config.xml file that directs Setup to install that product. You can edit Config.xml to customize the installation process. For example, you can use elements in Config.xml to specify which products or languages to include in the installation. Settings in Config.xml take precedence over settings in a customization file and default settings contained in the Setup.xml and Package.xml files. For more information about how and when to edit Config.xml, see Config.xml file in the 2007 Office system.
Build the feature tree Setup uses the information contained in the XML files to create a single feature tree that includes all the available applications and features in the product. You view the feature tree and specify which applications and features to install on users' computers by using the Office Customization Tool. If you allow users to run Setup interactively, they view the feature tree with your modifications in the Setup user interface. For more information about specifying which Office features to install, see Configure feature installation states of the 2007 Office system.
4 Create a local installation source Setup calls a program named Office Source Engine (Ose.exe) to create a required local installation source on the user's computer. To create the local installation source, Setup copies files from the installation point to a hidden location on the user's computer. The default location is \MSOCache\All Users at the root of the drive on which Office is installed. Later, Setup uses Windows Installer to install Office from this local installation source. The local installation source provides several important benefits: After Office is installed, Setup can repair, reinstall, or add Office features by using the local source. Users who are applying software updates are less likely to be prompted for a network or CD source because an installation source is available locally. You can deploy the local installation source in advance and trigger the installation of Office on users' computers later to reduce the load on the network. In this scenario, you can even run Setup from the local installation source, allowing users to complete the Office installation with no network connection. For more information about the local installation source, see Required local installation source for the 2007 Office system.
Install Office When the installation begins, Setup checks for required disk space and feature dependencies, and then calls Windows Installer to install the correct set of packages (MSI files) on the user's computer from the local installation source. Setup uses the XML data described previously to determine which set of MSI files to include. The progress bar that Setup displays to users during the installation takes the entire installation process into account, including applying customizations and software updates from the Updates folder.
Note Although Setup uses Windows Installer to install Office, Windows Installer alone cannot install the individual MSI files independent of Setup.
Apply the customization file During the installation process, Setup applies the customization file to the user's configuration. The result is similar to the effect of applying a Windows Installer transform (MST file) in previous versions of Office: your customizations become the default configuration for users. In addition to the XML data that customizes the installation process, the customization file may include default user settings, feature installation states, Microsoft Outlook profiles, and other modifications to the user's configuration. Customization files are product-specific; Setup applies only those files that are relevant to the product being installed. However, if you store more than one customization file for the same product in the Updates folder, Setup applies all of the files to the user's configuration in alphabetical order.
5 If you create different configurations for different groups of users, Microsoft recommends that you store the customization files in another location and then use the /adminfile option on the Setup command line to specify the file you want. For example: \\server\share\Office12\setup.exe /adminfile \\server\share\Office12\MyUpdates\Engineering.msp where Office12 is the root of the network installation point.
Note When you precache the local installation source, Setup copies the Updates folder from the network installation point to the local installation source. In this way, your customizations can be included in offline installation scenarios. This is the only circumstance in which Setup caches the customization file on the local computer before the installation. For more information, see Precache the local installation source for the 2007 Office system.
Apply software updates At the end of the installation process, Setup checks the Updates folder on the installation point for software updates (MSP files). Unlike Setup customization files that you create by using the Office Customization Tool, software updates are distributed by Microsoft to enhance the product. If you are deploying Office to users who also need a set of software updates, Setup can apply the updates as part of the initial installation process. Costing (estimated required disk space) and progress bar indicators all take this step of the installation process into account. From a user's perspective, the entire process is a single event. This model preserves the original installation point and still allows you to give new users the most up-to-date version of the product.
Note You cannot use the Updates folder to deploy product updates after the initial installation of Office. For more information about the software update process, see Consolidated update process for the 2007 Office system.
Including more than one product on the installation point If the network installation point contains more than one 2007 Office system product, Setup searches all folders and subfolders for Config.xml and Setup.xml files and then prompts the user to select a product to install. If you are installing more than one Office product, it is more efficient to store all the products on the same installation point and then customize Setup to install a specific Office product on users' computers.
Note When you copy multiple Office products to the same installation point, you might be prompted to overwrite shared Setup files. Because these files are duplicated among all
6 2007 Office system products, you do not need to recopy any of the duplicate folders. This efficient design saves space and ensures consistency when you create and replicate network installation points. For more information, see Sequentially install multiple products of the 2007 Office system.
Running Setup interactively You can choose to run the installation quietly, so that users see little or none of the process; however, if you allow users to view the Setup user interface, the choices you make affect several aspects of Setup behavior. For example: If more than one Office product is available on the installation point and a user runs Setup.exe with no command-line options, then Setup presents the user with a choice of products to install. If more than one language is available on the installation point, Setup matches the language of Office to the Windows user locale on the user's computer by default. However, if a user chooses the Customize installation option, the Languages tab in the Setup interface presents the user with a choice of all available languages on the network installation point. If you enter a product key and accept the Microsoft Customer License Terms in the customization file or Config.xml, those Setup screens are not displayed to the user during Setup. If you use a customization file to hide and lock certain features, those features are not displayed in the feature tree. To find out more about customizing display settings, see Customize Setup before installing the 2007 Office system.
See Also Language-neutral architecture in the 2007 Office system
Language-neutral architecture in the 2007 Office system
If your job is to deploy the 2007 Microsoft Office system in an organization, you probably have one or more of the following requirements: Manage the deployment process so that Office installs in the most efficient way for your environment. Customize Office so that users get the optimal configuration on their computers. Give users who are located in offices around the world the language-specific features they need to do their jobs. Deploy Office in a way that makes future maintenance, including software updates, as efficient as possible.
7 The Setup architecture in the 2007 Office system has been designed to streamline all of these aspects of the process of installing and maintaining Office. The new Setup program unifies and manages the entire installation process, including customizing users’ Office configuration, deploying multiple languages at once, and applying software updates to new installations.
Multiple MSI files An MSI file, or Windows Installer package, is a relational database that Windows Installer uses to install a product. In past versions, a single Office product such as Microsoft Office Standard was contained in a single MSI file. By contrast, all 2007 Office system products consist of multiple MSI files, and no single MSI file represents a complete product. In the new design, all language-neutral elements are bundled into one core package, and all language-specific elements are grouped into separate packages. This arrangement of files makes international deployments much simpler. The most basic installation of an Office product consists of the core package plus one language. Adding more languages is as simple as copying additional Single Language Packs (SLPs) to the network installation point—they all work with the core product in exactly the same way. For example, an installation point for Microsoft Office Standard 2007 with both U.S. English and French language elements includes the following files and folders: Office 2007 network installation point Setup.exe—Setup program Standard.WW folder—Language-neutral core product Office.en-us folder—U.S. English shared features Excel.en-us folder—U.S. English Excel features Outlook.en-us folder—U.S. English Outlook features PowerPoint.en-us folder—U.S. English PowerPoint features Word.en-us folder—U.S. English Word features Office.fr-fr folder—French shared features Excel.fr-fr folder—French Excel features Outlook.fr-fr folder—French Outlook features PowerPoint.fr-fr folder—French PowerPoint features Word.fr-fr folder—French Word features Each folder contains a parallel set of installation files: Office 2007 network installation point Setup.exe Standard.WW folder StandardWW.msi—Windows Installer package StandardWW.cab—Compressed cabinet file StandardWW.xml—XML data read by Setup.exe Setup.xml—XML data read by Setup.exe
8 Config.xml—XML data read by Setup.exe Word.en-us folder WordMUI.msi—Windows Installer package WordLR.cab—Compressed cabinet file WordMUI.xml—XML data read by Setup.exe Setup.xml—XML data read by Setup.exe Word.fr-fr folder WordMUI.msi—Windows Installer package WordLR.cab—Compressed cabinet file WordMUI.xml—XML data read by Setup.exe Setup.xml—XML data read by Setup.exe The Office Standard 2007 product is spread out among the files in these folders. For example, elements that are not specific to any language, such as Winword.exe (the executable file for Microsoft Office Word 2007), reside in the core Standard.WW package. Other elements, such as Help and the user interface for Office Word 2007, reside in the appropriate language-specific package for Word or for shared Office features. Both language-neutral and language-specific elements are needed to make a functionally complete feature. Winword.exe by itself does not represent a Word application that anyone can use. Similarly, the core Office Standard 2007 MSI file in the Standard.WW folder does not represent a complete Office product. Setup assembles all these parts into a whole product. The Package.xml and Setup.xml files in each folder contain information that Setup uses to assemble complete features, build a consolidated feature tree, and collect the correct set of MSI files for the installation. After collecting the XML data and assembling the required MSI files, Setup uses Windows Installer to install Office on the user’s computer. From a user’s perspective, this process happens automatically and seamlessly. You cannot deploy an individual application in the 2007 Office system by detaching the language- specific folder that contains the individual MSI file, such as the Word.en-us or Word.fr-fr folder. You can, however, determine which applications and features are installed on users’ computers by customizing the installation.
Note None of the MSI files on an Office installation point can be installed independently by using Windows Installer or any other method. Nor can the digitally-signed XML files (Setup.xml and Package.xml) be edited or altered. In the 2007 Office system, Setup is required to collect the files and installation information and to orchestrate the installation process.
See Also Setup sequence of events in the 2007 Office system Streamlined customization model for the 2007 Office system
9 Streamlined customization model for the 2007 Office system
In previous versions of Microsoft Office, several tools were required to customize Setup and to manage Office after installation. However, the 2007 Microsoft Office system provides a consistent, streamlined model. Using just Setup, you can install, customize, and manage Office — no additional tools are needed.
Using the Office Customization Tool You customize an Office installation by using the Office Customization Tool (OCT), a component of Setup. Start the OCT by running Setup with the /admin command-line option. Using the OCT, create a Setup customization file, which you place in the Updates folder in the network installation point. A Setup customization file is an expanded form of a Windows Installer MSP file. Each file is configured for a specific product, such as Microsoft Office Professional 2007 or Microsoft Office OneNote 2007. When you run Setup to install an Office product, Setup looks in the Updates folder for a customization file that corresponds to the product you are installing. As Setup installs the product, it applies the customizations from this file. You can create more than one Setup customization file to configure Office for different groups of users. When you run Setup, you specify the appropriate customization file to use for each installation by using the Setup command-line option /adminfile, or by using Config.xml (see "Using the Config.xml file to customize Office" later in this topic). For more information, see Create different configurations of the 2007 Office system for different groups of users. For complete details on how to use the OCT to create a Setup customization file, see Office Customization Tool in the 2007 Office system.
Customizing a new installation Using a Setup customization file that you create with the OCT, you can modify the way Setup installs Office on a user's computer the first time. For example, the OCT allows you to customize Office in the following ways: Direct Setup to run without user interaction (quietly). Predefine the product key and accept the Microsoft Software License Terms on behalf of the user. Specify where to install Office files on the user's computer. Choose whether to remove previous versions of Office before installing the 2007 Office system. Determine which Office features are installed.
10 Specify the default values for a large number of user options, including Microsoft Outlook settings. For information about how to customize Setup in this way, see Customize Setup before installing the Office 2007 system.
Making changes to an existing Office installation If you need to make changes to an existing Office installation, use the same tool you used to customize the original installation: Run the OCT to update a Setup customization file or to create a new one. Then apply the customization file to the user's computer just as you would a software update, and the user's existing Office installation is updated with your customizations. This means that the customizations available when you install Office are also available when you modify Office after installation.
Note There are some customizations that Setup applies only when you are installing Office for the first time. These include specifying where to install Office on the user's computer, defining the product key, and removing previous versions of Office applications. The OCT identifies which customizations apply only to a new installation. For more information about updating an existing Office installation, see Change users' configurations after installing the 2007 Office system.
Using the Config.xml file to customize Office You can use the Config.xml file to make changes to your Office installation. You can customize most of the same options that you can with the Office Customization Tool, including a few additional ones not available in the OCT. Using the Config.xml file is the recommended method for performing the following installation tasks: Instructing Setup to copy the local installation source to the user's computer without installing Office. Specifying the path to the network installation point. Selecting which product or language to install. Changing where Setup looks for Setup customization files and updates. Making last-minute or one-off customizations that do not warrant running the OCT to create a new customization file. If you put the Config.xml file in the same folder as Setup.exe, Setup finds and uses the file. You can also specify the location of the file by using the /config Setup command-line option.
Note If you specify both a Setup customization file and the Config.xml file, the customizations you define in Config.xml take precedence over the same customizations in the customization file.
11 For a complete description of the contents and format of the Config.xml file, see Config.xml file in the 2007 Office system.
See Also Office Customization Tool in the 2007 Office system Config.xml file in the 2007 Office system
12 Required local installation source for the 2007 Office system
In the 2007 Microsoft Office system, Setup creates a local installation source on the user's computer as part of the default installation process. Setup installs all 2007 Office system products in a two-step process: first, Setup copies compressed installation source files to the user's computer; second, Setup calls Windows Installer to perform the actual installation from the local installation source. After the installation is complete, the local installation source remains available for any Setup operations that require access to an original source. Minimum disk space requirements include the local installation source.
Note In Microsoft Office 2003, large organizations typically installed the product from an administrative installation point; installing from a local installation source was optional. In the 2007 Office system, however, the administrative installation option no longer exists, and the local installation source is a required part of the design. The local installation source makes the process of distributing software updates more efficient and reliable. Neither the network installation point nor the user's local installation source is ever updated directly. Users' installations remain synchronized when they apply the client version of software updates. Additional benefits of having a complete installation source always available on the local computer include the following: You can deploy the local installation source to users before they install Office. This minimizes the impact on the network and ensures that all users install the product and begin using 2007 Office system applications at exactly the same time. Users can perform maintenance tasks, such as applying software updates, without being prompted for their Office CD or a network source. Traveling users, or users with slow or intermittent network connections, can run Setup without access to the network if they have a local installation source installed in advance. These benefits come at minimal cost. Although the local installation source does use some hard disk space, creating the local installation source and installing Office takes approximately the same amount of time as installing Office by itself.
Creating a local installation source on users' computers When users install Office from the CD or from a network installation point, Setup creates the local installation source by using a program called the Office Source Engine (Ose.exe) to copy required installation files to a hidden folder on the local computer. The default location is \MSOCache\All Users at the root of the drive on which Office is installed.
13 Each package that comprises an Office product—both the language-neutral core package and one or more language-specific packages—has a separate download code and is cached in the subfolder under MSOCache\All Users. Setup always caches a complete local installation source, which includes all the files associated with the product that is being installed. If the installation point includes multiple languages, Setup caches only the packages for the languages that are installed on the user's computer. When additional Office products are installed on the user's computer, those products are cached in the same local installation source.
Note If a user installs a second Office product on a different drive, Setup creates a second local installation source at the root of that drive. In this scenario, shared files may be duplicated between the two local installation sources; however, this design ensures that each local installation source is complete and functions correctly. Users cannot inadvertently delete the local installation source or remove it by using the Setup user interface or the Windows Disk Cleanup Wizard. If the MSOCache folder is deleted or corrupted, Setup automatically re-creates or repairs the folder the next time a source is required. If users do not have sufficient disk space, they are prompted to free some space. You can rely on the fact that every user has access to a source when you distribute new updates or customizations.
Note Once the local installation source is created, its location on the user's computer is fixed. Unless the user specifies a different drive, additional Office products installed later are always added to the existing MSOCache\All Users folder.
Deploying the local installation source by itself Because Setup performs the installation of Office from the local installation source, you can minimize the demand on the network by deploying the installation source ahead of time. For example, using your usual method for running Setup on users' computers, you can distribute the local installation source to one group of users at a time. Once all users have a precached source, you can have everyone run Setup to install Office at the same time. In this scenario, most of the installation activity takes place on the local computer instead of over the network. For more information, see Precache the local installation source for the 2007 Office system. You can also run Setup directly from the local installation source on the local computer. Running Setup locally means that no activity, including loading Setup files and reading metadata, takes place over the network. In this scenario, you must identify the subfolder in MSOCache\All Users that contains the core product that you want to install. Each core product subfolder contains a copy of the Setup program, and running Setup from a specific folder installs that product. This method allows users to install Office without relying on a network connection. For more information, see Run Setup from the local installation source to install the 2007 Office system.
14 Consolidated update process for the 2007 Office system
In previous versions of Microsoft Office, you made a number of choices to ensure that client computers received the latest Office software updates and that client computers did not become out of sync with the administrative installation point. You might have configured Setup to chain software updates with new installations of Office, or you might have applied updates to the administrative installation point and reinstalled Office on all your client computers. The new architecture of the 2007 Microsoft Office system makes this process much simpler. In the 2007 Office system, you create a network installation point that you never have to update. Instead, a simple copy operation makes software updates available for new installations. You update existing installations independent of the network installation point so you do not have to worry about keeping client computers synchronized with the installation source.
Applying Office updates during new installations When you obtain Office software updates from Microsoft, copy the updates into the Updates folder in the root of your network installation point. The existing files in the network installation point remain the same as when you first copied them from the Office CD.
Note You can use the Updates folder to incorporate the installation of updates with an initial installation of the 2007 Office system products. Only Windows Installer update files contained in this folder are installed with the initial installation, so you must extract the updates from Microsoft Self-Extractor packages. You can also install customization updates by using this method. For detailed information, see Deploying software updates with an initial 2007 Office system installation. When you run Setup to install Office on a client computer, Setup looks in the Updates folder for software updates and incorporates the updates automatically as it installs Office. If there are multiple updates in the folder, Setup applies only those updates that are targeted at the Office product being installed. Setup also applies the updates in the correct sequential order. The result is that the user receives the latest updates with the new installation of Office.
Tip To direct Setup to look for software updates in a folder other than Updates, use the SetupUpdates element in the Config.xml file. For more information, see SetupUpdates in Config.xml file in the 2007 Office system.
Updating existing Office installations Once Office is installed, you apply software updates directly to the client computer without returning to the network installation point. You do this through a deployment management program such as Microsoft Systems Management Server, by using Microsoft Windows Server Update Services, or by updating computers directly from the Internet using Microsoft Update. For
15 information about deploying software updates after an initial installation of the 2007 Office release by using Microsoft Self-Extractor files, see Deploying all Microsoft Self-Extractor packages in a folder. For details on keeping existing Office installations up to date, see Distribute product updates for the 2007 Office system.
Note After Office is installed on a client computer, reinstalling Office reapplies only those software updates that were applied with the original installation. If you copied new software updates in the Updates folder, they are not applied during the reinstallation.
See Also Language-neutral architecture in the 2007 Office system Distribute product updates for the 2007 Office system
16 Simplified design for multiple languages in the 2007 Office system
In an international environment, corporate language requirements are often complex. For example, offices around the world might need to use Office in multiple languages, or one user might need to work with more than one language. The 2007 Microsoft Office system accommodates these multilanguage scenarios efficiently and consistently.
New multilanguage framework In the 2007 Office system, all language-neutral elements are grouped in one core package (MSI file). Language-specific elements are organized in separate packages by application. An Office product, such as Microsoft Office Standard 2007 or Microsoft Office Outlook 2007, consists of the core package plus one or more language-specific packages. All language versions of Office, including the English language version, are deployed in exactly the same way. Setup combines the language-neutral core package with the language-specific packages in a seamless installation process.
Language versions of Office You cannot deploy the core package (MSI file) by itself. Every Office product must include at least one set of language-specific packages. On the Office product CD and the network installation point, these packages are contained in folders. Each folder name includes a language tag, in the form ll-cc, that identifies the language. For example, an installation point for Microsoft Office Standard 2007 with both U.S. English and French language elements includes the following files and folders: Office 2007 network installation point Setup.exe —Setup program Standard.WW folder—Language-neutral core product Office.en-us folder—U.S. English shared features Excel.en-us folder—U.S. English Excel features Outlook.en-us folder—U.S. English Outlook features PowerPoint.en-us folder—U.S. English PowerPoint features Word.en-us folder—U.S. English Word features The French version of Office Standard 2007 has a parallel set of folders: Office 2007 network installation point Setup.exe—Setup program Standard.WW folder—Language-neutral core product Office.fr-fr folder —French shared features
17 Excel.fr-fr folder—French Excel features Outlook.fr-fr folder—French Outlook features PowerPoint.fr-fr folder—French PowerPoint features Word.fr-fr folder—French Word features In both cases, the core package (StandardWW.msi in the Standard.WW folder) is identical, and it accommodates both English and French language packages in the same way.
Note These examples show only a portion of the network installation point. You may see additional folders, all of which follow the same naming conventions show here.
Language packs for Office Language-specific packages are used in two contexts: in the language version of an Office product, and in the Single Language Pack (SLP) for that language. The French version of Office Standard 2007 has a language-specific folder for each application and for shared features in Office Standard 2007. The same folders are included in the French SLP, which also includes language-specific folders for other products in the 2007 Office system. For example, the Japanese language pack contains the following files and folders: Office 2007 network installation point Setup.exe—Setup program Access.ja-jp folder—Japanese Access features Excel.ja-jp folder—Japanese Excel features Groove.ja-jp folder—Japanese Groove features InfoPath.ja-jp folder—Japanese InfoPath features Office.ja-jp folder—Japanese Shared Office features OneNote.ja-jp folder—Japanese OneNote features Outlook.ja-jp folder—Japanese Outlook features PowerPoint.ja-jp folder—Japanese PowerPoint features Publisher.ja-jp folder—Japanese Publisher features SharePointDesigner.ja-jp folder—Japanese SharePoint Designer features Word.ja-jp folder—Japanese Word features OMUI.ja-jp folder—Defines the language pack as a separate product XMUI.ja-jp folder—Identifies the particular culture for the language pack Language-specific features for Microsoft Office Project 2007 are included in each SLP, but are deployed separately. For example, the Japanese SLP also includes the following folders for Office Project 2007: Office 2007 network installation point Project.ja-jp folder—Japanese Project features PMUI.ja-jp folder—Defines the Project language pack as a separate product
18 Language-specific features for Microsoft Office Visio 2007 are handled in a similar way. For example, the Japanese SLP includes the following folders for Office Visio 2007: Office 2007 network installation point Visio.ja-jp folder—Japanese Visio features VMUI.ja-jp folder—Defines the Visio language pack as a separate product All three language packs on a specific SLP share some common folders—the Office.ll-cc folder (for shared Office features) and the XMUI.ll-cc folder (for culture definition). In the preceding example, the Office.ja-jp and the XMUI.ja-jp folders are shared by Office, Visio, and Project language packs. Language packs can be deployed as separate products, or they can be used to deploy an Office product in multiple languages. You are not required to enter a unique product key for language packs, whether you are deploying them separately or as part of the installation of another product.
Note In previous versions of Office, enterprise customers added languages by deploying Multilanguage User Interface (MUI) packs after a U.S. English version of Office was installed. Localized versions, such as the Japanese version of Office Standard Edition, were not identical to the core version with a Japanese MUI pack. This design has been simplified and improved in the 2007 Office system.
Installing multiple languages of Office After you create a network installation point for Office, you can make any number of languages available to users by copying language packs directly to the network installation point. Instead of creating a series of installations, you can allow Setup to coordinate a single installation with multiple languages. For example, if your network installation point contains the U.S. English version of Office Standard 2007, the French language pack, and the Japanese language pack, then Setup detects that there is more than one language available for Office Standard 2007. During the installation, Setup may combine the language-neutral core package with language-specific packages for English, French, or Japanese, or for a combination of those languages. Only one product key is required for the entire process; only one entry appears in Add or Remove Programs in the user's Control Panel. When Setup creates the local installation source on the user's computer, only the languages actually being installed are cached. When you run the Office Customization Tool to customize the installation, the majority of your customizations apply to the core product. This design allows Setup to apply the same customization file (MSP file) to every installation, regardless of the language. The feature tree displayed in the tool includes common features and a smaller number of language-specific features for each language on the installation point. For more information, see Office Customization Tool in the 2007 Office system.
19 Note Before it installs a language version of an Office product, Setup determines whether the user has the required operating system support for that language. Setup stops the installation if there is no support. For example, if a user has not enabled support for East Asian languages, Setup does not install the Japanese version of Office.
Installing a default language on each user's computer When you install an Office product, Setup searches the installation point for all the possible languages for that product. By default, Setup installs Office in the language that matches the language specified by the user's Windows user locale. Without your having to control the process, every user gets the most likely language of Office for his or her needs. A user in Paris might get the Office Standard 2007 in French, while a user in London gets Office Standard 2007 in English, and a user with a Japanese user locale gets Office Standard 2007 in Japanese. If there is no exact match between the user locale and the set of available languages on the installation point, Setup uses the closest match. If there is no acceptable match, Setup prompts the user to select an available language. If you are running Setup in quiet mode (without user interaction) and there is no acceptable language match, the installation fails. If users run Setup interactively and choose the Install Now option, Setup follows the same default pattern and installs the language version of Office that matches the user’s user locale setting. For step-by-step instructions about how to deploy multiple languages of Office, see Deploy multiple languages of the 2007 Office system.
Note Language packs cannot be deployed as products independent of an 2007 Office system product. If the user has already installed at least one 2007 Office system product, however, then Setup treats the language packs as products and includes them in the list of products that the user can choose to install.
Specifying one or more languages to install on users' computers You can override default behavior and specify exactly which languages Setup installs on users’ computers. In the Config.xml file located in the core product folder (Standard.WW for Office Standard 2007), you can specify that Setup install a specific language or set of languages. Then you use the /config command line option to point to your custom Config.xml file. For example: \\server\share\Office12\setup.exe /config \\server\share\Office12\Standard.WW\MyConfig.xml where Office12 is the root of the network installation point. If users run Setup interactively and choose the Customize installation option, they can select one or more languages to install on the Languages tab.
Important When you edit the Config.xml file to install more than language, you must also specify which of those languages Setup uses for the shell user interface (Shell UI). The Shell UI
20 includes core elements of Office that register with the operating system, such file extensions, Tool Tips, and right-click menu items. Failure to specify a Shell UI language in this scenario causes the installation to fail. For more information about managing the deployment of multiple languages, see Customize a multilanguage deployment of the 2007 Office system.
Installing language packs separately Because a language pack is also defined as a unique product, you can install language packs separately from Office. If you have already deployed a number of Office products in your organization—for example, standalone versions of Microsoft Office Outlook 2007, Microsoft Office Word 2007, and Microsoft Office OneNote 2007 — you can install the Japanese language pack as a separate product and distribute Japanese components for all those products at once. In this case, a separate entry appears in Add or Remove Programs for the Japanese language pack.
Note To install a language pack, users must first have an Office product installed. Although Setup can install the language pack as a separate product, a language pack by itself does not function as a complete 2007 Office system product. A core product is always required.
Installing Proofing Tools Proofing Tools allow users to enable additional languages for editing and to work with documents in multiple languages. Each language pack (and each language version) includes Proofing Tools for a set of companion languages. The enterprise edition of the Japanese language pack, for example, includes Proofing Tools for English. Proofing Tools for each language are located in the Proof.ll-cc folder at the root of the network installation point. Office 2007 network installation point Proofing.ja-jp Proof.ar—Japanese Proofing Tools Proof.en—English Proofing Tools You can distribute additional Proofing Tools in your organization. Proofing Tools for each language are installed as separate packages (MSI files). The entire set of Proofing Tools is included with the Microsoft Multi-language Pack. For more information about deploying Proofing Tools in your organization, see Deploy Proofing Tools for the 2007 Office system.
Adding languages after Office is installed If you deploy Office first and then acquire additional language packs, you can add languages in much the same way that you deploy multiple languages during the initial installation. To add languages after you install Office, you rerun Setup from the network installation point. By editing Config.xml for that product, you can specify that Setup add languages or that Setup match the language to the user's operating system language. In this case, Setup modifies the existing installation; it does not add the new language as a separate product.
21 For more information, see Add languages after deploying the 2007 Office system.
See Also Customize language settings for the 2007 Office system
22 II Planning for migration
In this section: Preparing for Migration to the 2007 Office system Assessing your environment with the Office Migration Planning Manager Migration considerations by application
23 Preparing for migration to the 2007 Office system
In this chapter: Plan and prepare for migration to the 2007 Office system Review migration issues for the 2007 Office system Determining the best migration strategy Collaborating with previous versions of Office and other programs FAQ: File format
See Also Assessing your environment with the Office Migration Planning Manager Migration considerations by application Migration reference Migrating to the 2007 Office system
24 Plan and prepare for migration to the 2007 Office system
The 2007 Microsoft Office system is a major release that offers many improvements and new features in response to customer needs. Changes such as the new file format and new Setup architecture require careful planning and preparation before upgrading. Your migration planning will include evaluating the files in your environment, identifying potential conversion issues, and reviewing migration considerations for each program within 2007 Office system. The Office Migration Planning Manager (OMPM) enables you to examine the files in your environment and decide whether to archive them, convert them in bulk with the Office File Converter available in OMPM, or convert them manually. You will also determine the approach to upgrade and migration within your organization. Planning a migration to the 2007 Office system includes the following: 1. Review top migration issues. For more information, see Review migration issues for the 2007 Office system. 2. Review differences between the 2007 Office system and Office 2003. For more information, see Differences in the 2007 Office system. Many of these issues are detected by the OMPM Office File Scanner. Others might require a difference in user behavior, or might require changes in custom solutions. 3. Review file format changes. For quick information about file format changes, see FAQ: File format. For more in-depth information about the new file formats, see File format reference. 4. Review collaboration issues for the 2007 Office system. For more information, see Collaborating with previous versions of Office and other programs. 5. Assess your environment with OMPM. This involves the following steps: a. Install and configure OMPM File Scanner. b. Distribute OMPM File Scanner. c. Prepare a SQL database for OMPM. d. Import OMPM log files into the database. e. Analyze reports from OMPM. 6. Plan an approach to migration. For more information, see Determining the best migration strategy.
25 Collaborating with previous versions of Office and other programs
While the best way to minimize compatibility issues is to standardize your environment on a single file format, many organizations will need to deploy the 2007 Microsoft Office system in a phased rollout, or will need to collaborate with other companies. For this reason, Microsoft Office Excel 2007, Microsoft Office Word 2007, and Microsoft Office PowerPoint 2007 contain features to ensure compatibility with previous versions of Office. You can use the Microsoft Office Compatibility Pack to allow backward compatibility, so that previous versions of Office can open and save files in the new file format. In addition, the openness of the new file format makes it more compatible with non-Office programs.
Using the Microsoft Office Compatibility Pack for backward compatibility To meet the needs of users upgrading to the 2007 Microsoft Office system, Microsoft offers updates and a compatibility pack for Office XP and Office 2003 that enable a user to open and save 2007 Office release XML files. (Conversion tools for Office 2000 are not available for the 2007 Office system Beta 2). For more information, see Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (http://go.microsoft.com/fwlink?LinkID=77512).
Features that are not supported in the Microsoft Office Compatibility Pack Some features in the 2007 Office system are not supported in previous versions of Office. Some data might be lost when a user opens a converted file in a previous Office application. Users are informed of this when they modify and save files that were created using the new file formats.
OMPM Office File Converter You can use the Office Migration Planning Manager (OMPM) Office File Converter in conjunction with the Microsoft Office Compatibility Pack to perform bulk file conversion tasks. For more information, see Migrate Word, Excel, and PowerPoint files to the 2007 Office system.
Viewers The 2007 Office system viewers enable sharing 2007 Office release files with users who do not have the 2007 Office system or the Microsoft Office Compatibility Pack installed on their computers. The viewers allow users to view and print, but do not allow edit operations. You can find these downloadable files on the Office Resource Kit Web site. Each viewer (one each for Office Word 2007, Office Excel 2007, and Office PowerPoint 2007) is a separate MSI package and must be installed separately.
26 The viewers coexist with previous versions of Office applications.
Setting default save options You can change the default file save options for Microsoft Office Word 2007, Microsoft Office Excel 2007, and Microsoft Office PowerPoint 2007 with Group Policy. For more information, see Use Group Policy to set default file save options.
Using compatibility mode The 2007 Office system offers a new feature, compatibility mode, to provide backward compatibility with previous versions of Office. Compatibility mode disables all features in the 2007 Office system that cannot be displayed by previous versions of Office programs. Compatibility mode also disables features that do not convert well when saved in the file formats used by previous versions of Office. The list of disabled features is dependent on the application and the content that is selected. Compatibility mode does the following: Optimizes the user experience in mixed environments for easier collaboration. Limits feature data loss due to limitations of the previous file formats. Compatibility mode is document-specific. For example, if a user opens two files at the same time, a PowerPoint 2003 file, which has compatibility mode on, and a Office PowerPoint 2007 file with compatibility mode off, compatibility mode is enabled for the first and disabled for the second.
Note By default, compatibility mode is on when a file from a previous version of Office is in use. For more information about compatibility mode, see Compatibility mode in the 2007 Office system.
Compatibility checker Compatibility checker is a dialog box that appears when there are features in a document that would be lost or degraded, either when a document is saved in an previous format or switched into compatibility mode. The dialog box lists all the features that are affected, and enables the user to cancel the operation, continue with the save, or switch into compatibility mode. Compatibility checker does not appear when: There are no identifiable issues in the document. The user has disabled compatibility checking in the document. If a user has chosen not to run the compatibility checker tool when a file is saved, it can be turned back on by running the compatibility checker manually from the File menu. The list of compatibility issues in the compatibility checker dialog box are grouped by: Minor issues. Changes in the visual appearance of content are small or there is a minor change in how a legacy Office application edits the content.
27 Major issues. Feature data is lost or severely degraded when it is saved to the binary format. Users of the 2007 Office system can run the compatibility checker on a file at any time to see what issues might exist.
Considerations for printing and viewing files Applications in the 2007 Office system retain the layout and sizing of documents that were created with previous versions of Office. This reduces the possibility of page-break issues, alignment issues for text and images, and sizing problems with charts and objects. However, potential issues remain that depend on the following: Printer hardware and configuration. Backward compatibility when printing or viewing files with the new file formats in previous versions of Office.
Printer hardware and configuration Printer hardware and configuration can affect the appearance of document output both to the screen and to the printer. The print layout of a file depends on the fonts, graphics, images, and configuration of the printer hardware. Printing between different brands or models of printers commonly results in slightly different output, which can cause different page breaks, margin changes, and color differences. When you format a large document with default printer settings set to a specific printer, you should use that same printer so that you reduce the possibility of unwanted page breaks or margin changes. The 2007 Office system offers improved text and graphic printing capabilities. Files in both the previous and new file formats benefit from these improvements when they are printed in the 2007 Office system. However, print quality depends on the features and resolutions supported by the printer.
Backward compatibility When a user creates a file in the 2007 Office system and opens it in a previous version of Office, some of the graphic content is converted to images instead of autoshapes (ready-made shapes that are included in Office applications). This happens because a previous version of Office cannot render the new graphic effects in the 2007 Office system. When opened, the file is converted to the binary file format supported by the application. The print quality of a new file in a previous version of Office is affected by the limitations of that version. In addition, backward compatibility can affect the view of a Office PowerPoint 2007 presentation. Some animations are changed or removed during the conversion if they are not supported in the previous version of PowerPoint. For example, a shape can have a color effect in the 2007 Office system that is removed during the conversion, because this effect is not supported in previous versions. Presentations with few or subtle animations are most likely not affected.
28 Compatibility with other programs You can perform the following actions with files in the new file formats without using an Office application: View content. Delete content. Edit content. Replace content. Copy content from one file to another. Identify the degree of security a file will have by examining the file name extension. Use search tools to examine the contents of a file. Programmatically find and manipulate content in a file without using Visual Basic for Applications (VBA) or the object model. The new file formats are not proprietary; they are available on a royalty-free basis to any user. Third-party developers can create programs that manipulate the XML files without using Office applications or the related Office object models. You can get free downloads of XML schema definitions on the Internet.
See Also Assessing your environment with the Office Migration Planning Manager File format reference Migration reference
29 FAQ: File format
The 2007 Microsoft Office system introduces a new file format based on open extensible markup language (XML) standards. The new file format enhances functionality, security, and programmability. This FAQ addresses questions you might have about the new file format.
What is the new file format? For an overview of the new XML file formats in the 2007 Office system, see File format reference. For a detailed, developer-oriented reference, see 2007 Microsoft Office System on MSDN (http://go.microsoft.com/fwlink/?LinkId=76286).
Why is there a new file format? The change in file formats is a direct result of customer feedback. External MVPs, developers, and IT administrators provided crucial feedback about their requirements, as follows: Provide a file format based on open standards. Make files easier to manipulate programmatically. Make files easier to search. Help make files more secure. Provide a way to identify whether a file has been tampered with or contains a virus. Make files less sensitive to corruption. Find a way to address data bloat.
How are users being prepared for the new file format? The design and development teams for 2007 Office system did the following: Worked closely with users to discuss their needs and gather requirements for the new file format. Announced the file format early in the development cycle. Supplied information about the upcoming changes, and provided more detailed documentation and support. Provided tools to help assess the impact of the file format change on IT environments. Created as seamless a transition as possible for users, both in migrating to the new file format and in collaborating with previous versions of Office.
30 How can users collaborate on files when they use different versions of Office? There are several ways that people using different versions of Office can collaborate. Users need to share files without encountering any issues with formatting, styles, printing, or feature incompatibility. Users should be able open files received from others, make changes, and send the updated file back regardless of the version of Office they are using. A set of tools is available for Office 2000, Office XP, and Office 2003 to allow these versions to recognize, open, modify, and save files that are in the new XML format. For more information about the updates and converters available for previous versions of Office, see Collaborating with previous versions of Office and other programs. In addition, the 2007 Office system minimizes file compatibility issues by including the following features: The ability to save files in 2007 Office system to the previous file formats. The ability for features that are only available in the 2007 Office system to successfully roundtrip, or go from the 2007 Office system to a previous version of Office, and then back again. Group Policy settings that allow you to control the default file formats for each Office application. Compatibility mode, which disables features that are not compatible with previous versions. A compatibility checker, which informs the user about any features in the document that might not be compatible with previous versions of Office.
Can previous versions of Office recognize the new file format? Yes. Updates and file converters for Office 2000, Office XP, and Office 2003 are available at Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (http://go.microsoft.com/fwlink?LinkID=77512). Also, applications in the 2007 Office system can save files to the previous file format. Feature incompatibility will still be an issue, however. Where possible, features available in the 2007 Office system will be emulated in previous versions, but if the previous version of Office cannot support a new feature, the new feature will be ignored.
How can I tell whether a file is from the 2007 Office release or from a previous version of Office? So that you can identify files in the new XML file format, files have different file extensions than their counterparts in previous versions of Office. Files that are saved in the 2007 Office system to the older format use the old extensions.
31 File sizes have increased with each new version of Office. Will this happen again with the 2007 Office system? Files created in the new XML formats are up to 75 percent smaller than those in previous versions of Office. For example, a 100-KB file with no graphics that is created by using Office 2003 is reduced to about 25 KB in size when saved in the 2007 Office system. These files take up less server space and consume less network bandwidth.
See Also Preparing for migration to the 2007 Office system Assessing your environment with the Office Migration Planning Manager Migrating to the 2007 Office system File format reference
32 Review migration issues for the 2007 Office system
As part of your migration planning, review the following topics for migration issues that are relevant to your environment: Top migration issues in Office 2007 Differences in the 2007 Office system Collaborating with previous versions of Office and other programs Migration considerations for Access 2007 Migration considerations for Excel 2007 Migration considerations for Word 2007 Migration considerations for Outlook 2007
33 Determining the best migration strategy
The timing and method of your migration to the new XML file formats in the 2007 Microsoft Office system depends on the following factors: When do you expect to deploy the 2007 Office system, and how long will it take to deploy the 2007 Office system to all users and all departments? If you need a rapid deployment, consider a single rollout. For more information, see Single rollout in this topic. If you plan to deploy the 2007 Office system over a long period of time, consider a phased rollout, so that you can plan your hardware, software, support, and training resources evenly over the time that the deployment takes. For more information, see Phased rollout in this topic. Do you plan to have long-term coexistence between the 2007 Office system and previous versions of Office, and how much collaboration do you expect to occur between different departments that continue to use previous versions of Office? If your organization requires long-term coexistence, or if you expect long-term collaboration on Office documents for users of the 2007 Office system and previous versions of Office, see Phased rollout in this topic. How many active Office documents are in use in your organization? If you have many files that require conversion or modification before they can be used with the 2007 Office system (for example, a custom Excel solution might require some changes before users can use it reliably with Microsoft Office Excel 2007), it might be a good idea to plan your deployment in stages. For more information, see Phased rollout in this topic. If you have many files and need to assess the impact of migrating them, you can use the Office Migration Planning Manager (OMPM). You can also use OMPM to convert files in bulk, if you determine that this method is best for your environment. For more information, see Assessing your environment with the Office Migration Planning Manager. If you expect long-term coexistence, where users need to collaborate on documents by using different versions of Office, plan on using Group Policy settings and educating your users about compatibility mode and compatibility checker. For more information, see Compatibility mode in the 2007 Office system. There are two recommended methods for preparing your organization to use the new file format: Single rollout Phased rollout In addition, some organizations might prefer to roll out the 2007 Office system on an as-needed basis, as new computers are added to the environment.
Single rollout A single rollout is recommended, if possible. If you distribute the 2007 Office system to all users at the same time, there are no special considerations for when users can start creating and using files with the new XML file formats. If your organization shares files with external users who are using previous versions of Office, you can either continue using the older file formats in the 2007 Office system or recommend that external customers apply the Microsoft Office Compatibility
34 Pack for Word, Excel, and PowerPoint 2007 File Formats, available at Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (http://go.microsoft.com/fwlink?LinkID=77512). If you perform a single rollout, documents generated after installation of the 2007 Office system will be in the new file format unless you use a Group Policy setting to specify using earlier file formats. If you plan a rapid deployment, and not all of your users are ready to migrate their files or applications to the new file formats, you might want to set default File Save options to the file formats in Office 2003 until all users are ready to use the new file formats. If you want your users to begin using the new file formats right away, you might consider converting their Word, Excel, and PowerPoint files with the Office File Converter that is available with the Office Migration Planning Manager. For more information, see Migrate Word, Excel, and PowerPoint files to the 2007 Office system.
Phased rollout A phased rollout is the next best option. If the 2007 Office system will be installed on a significant number of clients or will be phased into various departments, the key date that determines when you should install the 2007 Office system is linked to when you want to adopt the new file formats. To avoid this installation limitation, you can use Group Policy to decouple the deployment of the 2007 Office system from the enabling of the new file formats. If you are using a phased rollout, you need to determine: When your organization wants to begin using the new file formats. Whether users are willing to work in a mixed environment, with more than one version of Office in use. If users are willing to work in a mixed environment of old and new file formats, you need to make sure that everyone who is using previous versions of Office has the appropriate updates and converters, available at Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (http://go.microsoft.com/fwlink?LinkID=77512). If users are unwilling to work in a mixed environment, and your organization is targeting a specific date when all users must convert to the new file formats, use Group Policy to set the default file format as the binary format used in previous versions of Office. This allows you to set default file types created by users but does not block users from creating 2007 files with the new file formats. After the 2007 Office system is installed, and when you are ready to enable the new file format across the entire company, change the Group Policy setting to enable the new file formats as the default file types. This allows you to avoid updating and applying converters to computers running previous versions of Office. This can lower costs and allow continued collaboration throughout the deployment cycle. It is recommended, however, that you notify all users that they should not use the new file formats until instructed to do so. You can use the Office Migration Planning Manager to identify users' files and to determine issues that might arise during conversion. For more information, see Assessing your environment with the Office Migration Planning Manager. You can also convert Word, Excel, and PowerPoint files in
35 bulk with the Office File Converter that is available with the Office Migration Planning Manager. For more information, see Migrate Word, Excel, and PowerPoint files to the 2007 Office system.
As-needed rollout An as-needed rollout is not recommended but might be necessary in some environments. For example, an organization might deploy the 2007 Office system on an as-needed basis when it cannot plan for a major upgrade but is willing to purchase replacement computers that are pre- installed with the 2007 Office system. This approach is difficult to control, especially in an environment that does not have Active Directory directory service, which is required in order to set default options for saving files via Group Policy.
See Also Collaborating with previous versions of Office and other programs Assessing your environment with the Office Migration Planning Manager Migration considerations by application Migration reference
36 Assessing your environment with the Office Migration Planning Manager
In this chapter: Introduction to OMPM Install and configure OMPM File Scanner Distribute OMPM File Scanner Prepare a SQL database for OMPM Import OMPM log files into the database Analyze reports from OMPM
See Also Preparing for migration to the 2007 Office system Migration considerations by application Migration reference Migrating to the 2007 Office system
37 Introduction to OMPM
The Office Migration Planning Manager (OMPM) is a collection of tools that enables you to prepare for migration to the Microsoft 2007 Office system. OMPM checks for, and reports on, file properties to help you analyze your environment. You can download OMPM from 2007 Microsoft Office System Migration Guidance: Microsoft Office Migration Planning Manager (http://go.microsoft.com/fwlink?linkid=75727). For the most part, documents created in Office 2003 and earlier open and behave the same way in the 2007 Office release. However, there might be instances where files require manual intervention or analysis to ensure consistent behavior. For example, a custom solution built in Microsoft Excel 2003 might require modification because it relies on legacy Office features that are no longer supported in Excel 2007. OMPM includes the following features: The OMPM File Scanner (offscan.exe), a command-line tool that scans files for conversion issues. You can easily deploy this tool using an automated software deployment technology, such as SMS, or a login script. The OMPM File Scanner stores the scan results in XML log files on each computer that it scans. The OMPM File Scanner performs two types of scans: A light scan that quickly identifies the Office documents on a user’s computer or network file system. A deep scan that you can perform on Office documents to gather document properties that provide indicators of potential conversion issues. A set of utilities that automate the creation of a new database (either SQL Server 2000, SQL Server 2005, or SQL Express) and import the XML log files generated by the OMPM File Scanner. A Microsoft Access 2007–based reporting solution that provides different reports for your analysis and enables you to define file sets for automated processing. The Office File Converter (OFC) that allows you to convert specific files to the new 2007 Office release file formats in bulk. The Version Extraction Tool (VET) that allows you to extract saved versions of a file in Word 2003 (or earlier) to different files.
OMPM contents OMPM is contained in a self-extracting executable file, MigrationPlanningManager.exe. OMPM Components are contained in redistributable subfolders: Scan: The folder containing the OMPM File Scanner. Report: The folder containing OMPM Reports. To export file lists from OMPM Reports, the database folder and related components must also be available. Database: The folder containing scripts to provision and populate the OMPM database.
38 Tools: The folder containing tools such as the Office File Converter and Version Extraction Tool.
Installing OMPM To install OMPM, type the following at a command prompt: MigrationPlanningManager /extract:c:\ompm For help with OMPM, type the following at a command prompt: MigrationPlanningManager /?
OMPM requirements The following lists the requirements for running OMPM, both for the client systems that it scans and the administrator system from which it runs.
Client system requirements The OMPM File Scanner requires the following programs on the computers that it scans: Windows NT 4.0, Windows 2000 SP4, Windows XP SP2, or Windows 2003 SP1 Internet Explorer 5.0 or higher The following system components must exist on all computers running the OMPM File Scanner. If these files do not exist, install the files with a separate distribution job before you run the OMPM File Scanner. Data Access Objects 3.5 or higher (dao350.dll/dao360.dll). These files are included in Microsoft Access 97, Microsoft Windows 98, Microsoft Windows NT® 4.0 Option Pack, and Windows NT 4.0 Service Pack 4. Microsoft Scripting Runtime (sccrun.dll). This file is included in Microsoft Access 2000, Windows NT 4.0 Option Pack, Windows NT 4.0 Service Pack 5, and Microsoft Windows Scripting Host. Visual C Runtime (msvcrt.dll). Kernel32.dll. Msjet40.dll. Crypt32.dll. Ole32.dll. Oleaut32.dll. User32.dll. Advapi.dll. Msvcrt.dll. All computers that contain files to convert are required by the Office File Converter (OFC) to install the Microsoft Office Compatibility Pack. For more information, see Deploying the Microsoft Office Compatibility Pack.
39 The Version Extraction Tool (VET) requires installation of Microsoft .NET Framework Version 2.0 Redistributable Package (x86) (http://go.microsoft.com/fwlink/?LinkId=81886) and Microsoft Word 2003.
Administrator system requirements The administrator running OMPM requires the following: Computer and operating system A computer running Windows XP SP2 or Windows Server 2003 to use the database provisioning and data import tools in OMPM. Optional: A computer running Windows XP to create a self-extracting package with IExpress 2.0.
Note Use IExpress 2.0 to create a self-extracting package. Do not use a self-installing package. Database software SQL Server 2000 or SQL Server 2005 (recommended). SQL Server 2005 is recommended for enterprises working with large amounts of data. SQL Server 2005 provides enhanced database management and reports. The database should have a minimum of 4 GB available free disk space. Microsoft SQL Server 2005 Express Edition. This free, redistributable version of SQL Server 2005 is ideal for client applications that require an embedded database. You can use SQL Server 2005 Express Edition, instead of SQL Server 2005, for smaller-scale data collection. The database should have a minimum of 2 GB available free disk space. SQL Server 2005 Express Edition is available as a free download at SQL Server 2005 Express Edition (http://go.microsoft.com/fwlink/?LinkId=95582&clcid=0x409). Database tools and utilities Both SQL Server 2005 and SQL Server 2005 Express Edition include several command line utilities, such as Osql.exe and Bcp.exe. These must be available on the client computer from which the provisioning and import tools are run. SQLXML 3.0 SP3. SQLXML enables XML support for your SQL Server 2005 database. This module allows XML files that are collected by the OMPM File Scanner to be imported efficiently into a database server. SQLXML is a free download available at SQLXML 3.0 Service Pack 3 (SP3) (http://go.microsoft.com/fwlink?linkid=52919).
Note We recommend using the English editions of SQL Server 2005 or SQL Server 2005 Express Edition to use OMPM. While there are no known issues involving international editions, only the English edition is supported for these tools at this time. File share A file share is required to stage the XML log files collected by the OMPM File Scanner before the log files are imported into the database. The file share should have a minimum of 1 GB available
40 space. Any account that is operating the import scripts requires read/write/create access to the file share.
Note For performance reasons, it is optimal to have the import tools, log file share, and database on the same server. If this is not possible, the log file share and the database server should be on the same subnet to reduce network traffic. Other OMPM Reports requires the installation of Microsoft Access 2007 on the client computer from which the data will be examined. To export file lists from OMPM Reports, SQL Server Express or SQL Server and SQLXML 3.0 SP3 must be installed on the computer that runs OMPM Reports. To perform a deep scan with the OMPM File Scanner, Access 2002 or later must also be installed on the computer that runs the OMPM File Scanner.
Note Other than the requirement listed above, the OMPM File Scanner does not require the installation of any version of Office on any computer it scans. For scanning document storage systems such as Microsoft SharePoint Services, the OMPM File Scanner requires the Web-based Distributed Authoring and Versioning (WebDAV) interface. For more information about WebDAV, see About WebDAV (IIS 6.0) (http://go.microsoft.com/fwlink/?LinkID=81698). This is the only version of WebDAV that is supported for OMPM.
Note Use either the Windows Vista WebDAV client or a third-party WebDAV client for document libraries that are SSL-enabled. If you use the WebDAV client from previous versions of Windows, the scan of the document library fails.
How the OMPM File Scanner works The OMPM File Scanner gathers information about the computer and recursively scans the designated path for Office files. The OMPM File Scanner then records the results in an XML log file to the designated destination path. The OMPM File Scanner performs the following tasks in a single scan: Scans the computer for Office files within the folder structure defined by the SourcePath specified in the configuration file offscan.ini. Scans the computer for properties such as operating system, memory, and language ID. Scans for file property information such as file name, path, size, format, created date, modified date, and file owner. If this is a deep scan, scans for compatibility issues. Writes an XML log file to the destination path for each file that contains compatibility issues.
41 Adds the XML log files to a series of CAB files for later transfer to a SQL Server. Logs failures to the XML log files.
Note The OMPM File Scanner does not change file properties, except possibly Last Accessed Date.
Note The OMPM File Scanner does not transmit data to Microsoft Corporation.
Log and CAB files generated by the OMPM File Scanner On each computer that it scans, the OMPM File Scanner writes an XML log file to the destination folder that you specified in the accompanying offscan.ini file. This initial log file contains both scan and computer details. After this, the OMPM File Scanner creates an XML log file for each additional Office file that it scans. The filename for each log file is in the form of a GUID, with a prefix indicating the type of log file. The OMPM File Scanner creates four unique types of log files to record properties about the computer scanned, file scanned, scan summary, and errors. The following table shows a typical set of log files.
File Name Description
Scan_{40D1300A-F0BE-4D68-ADBF-36C78EE030A1}.xml Scan log (one per scan)
File_{F575D370-1E7A-486E-9FC6-4BB83C7770DD}.xml File properties log (one per unique file scanned)
Sum_{75C5A590-A789-4B16-A2EB-E3934BCB01B1}.xml Summary log
Err_{61CF0E6F-71E1-4878-9E9F-C1D35EBA3506}.xml Error log (one per unique error occurrence)
The individual log files are compressed into CAB files to make transport to the SQL Server database more efficient. To maximize disk space on the computer that is scanned, after OMPM File Scanner writes 10,000 log files, adds the log files to a CAB file, and then deletes the log files. Each CAB file contains up to 10,000 log files. When a CAB file reaches 10,000 log files, OMPM File Scanner creates a new CAB file for the next 10,000 files. CAB files use the file name from the ScanID GUID, with an index number appended. Three CAB files generated on the same computer might generate names such as the following: Computer1 {2FA87EDF-4393-4BCF-8829-8776F82DEDD5}00001.cab Computer1 {2FA87EDF-4393-4BCF-8829-8776F82DEDD5}00002.cab Computer1 {2FA87EDF-4393-4BCF-8829-8776F82DEDD5}00003.cab
42 Creating CAB files can be detrimental to performance if log files are saved across a network. Use the setting CABlogs=1 in the Offscan.ini file to disable the creation of CAB files.
Files scanned by the OMPM File Scanner The following table shows the file types that are scanned by the OMPM File Scanner, along with file types that are included in the light scan only.
Microsoft Office program Light and deep scan file types Light scan only
Access .mdb .mde .mdz .adp .ade .mdt .mda .accda .accdb .accdr .accdu .accde .accdt .accdc
Excel .xls .xlc .xlt .wk1 .xla .wk3 .xlm .wk4 .xlw .wj1 .htm .wj2 .html .wj3 .mhtml .fj3 .mht .fmt .fm3 .all .wks .wq1 .dbf
PowerPoint .ppt
43 Microsoft Office program Light and deep scan file types Light scan only
.pot .pps .ppa
Project .mpp .mpt
Publisher .pub
Visio .vsd, .vss .vst .vdx .vtx .vsx
Word .doc .dot .wiz
Files from Microsoft Office Outlook, Microsoft Office FrontPage, Microsoft Office OneNote, and Microsoft Office InfoPath are not included in either the light or deep scan.
Note The OMPM File Scanner does not scan documents that are password-protected or IRM- protected. In addition, the OMPM File Scanner does not scan embedded objects within documents, but does report that the document contains embedded objects.
44 Install and configure OMPM File Scanner
You have two options for distributing and running the OMPM File Scanner: Place all of the necessary OMPM File Scanner files on a central share and run the OMPM File Scanner from that share, scanning local computer hard drives or servers. This method allows you to change the OMPM File Scanner configuration files in the central location without having to redistribute them to every computer on the network. Create a distribution package that contains all necessary OMPM File Scanner files and distribute the package to every computer to be scanned. Before running the OMPM File Scanner, you must first edit the offscan.ini file with the appropriate parameters. For a list of file types that are scanned by the OMPM File Scanner, see Introduction to OMPM. The command to run the OMPM File Scanner is: offscan.exe The parameter for this command is as follows:
Parameter Description
-q Run the OMPM File Scanner in quiet mode. Optional.
Offscan.ini settings The following table shows the settings and values in offscan.ini.
Setting Description Possible values If value is If value is not valid missing
RunID= Tracking number Alphanumeric. End scan. End scan. for the current scan. Use this to group scans from different computers in the Reports. Required.
Description= Text used to Free-form text, Ignore describe the truncated to current scan. 255 characters. Optional.
45 Setting Description Possible values If value is If value is not valid missing
DestinationPath= Path where log Physical or End scan and files are placed. mapped drive display usage Supports or UNC information to environment e.g. console variables (see Note c:\scan\logs below). Required. Environment variables are also supported.
ScanMyDocuments Ensures the user's 1 - Scan My No special Ignore. My Documents Documents handling for folder is scanned wherever the My whether My folder is Documents Documents is 0 - do not scan folder. within the path My Documents specified in if the path is not SourcePath or under that redirected to indicated by another hard drive SourcePath. or network share. Optional.
ScanDesktop Ensures the user's 1 - Scan No special Ignore. Desktop folder is Desktop handling for scanned, whether wherever the Desktop Desktop is within folder is folder. the path specified 0 - do not scan in SourcePath or Desktop if the redirected to path is not another hard drive under that or network share. indicated by Optional. SourcePath.
DeepScan= Specify whether 0 - perform a Performs a Performs a light this is a deep scan. light scan light scan. scan. Optional. 1 - perform a deep scan
46 Setting Description Possible values If value is If value is not valid missing
CABLogs= Disable creation of 0 – do not allow Will not Will not create CAB files. creation of CAB create CAB CAB files. Optional. files files. 1 – allow creation of CAB files.
Verbose= Specify whether to 0 - do not print Does not Does not print print output to the output to the print output to output to the screen. Optional. screen the screen. screen. 1- print output to the screen
Recovery= Restart a failed 0 - do not Does not Does not attempt scan when you run restart failed attempt to to restart failed the OMPM File scans restart failed scans. Scanner again. 1 - restart failed scans. Optional. scans
LogOutput= Specify whether to 0 - do not write Does not Does not write write output to a output to a file write output output to a file. file. Optional. 1 - write output to a file. to a file
[FoldersToScan] Section lists folder Section Head. If missing trees to scan. Sub- and folders will also be ScanAllLocal scanned. Drives<>1, If only tblScans ScanAllLocalDrives and is specified, folders tblComputers on local drives will information be ignored (all will be written folders on all local and the scan drives will be will end. scanned unless excluded by [FoldersToExclude] ). Supports environment variables (see Note below). Optional.
[FoldersToExclude] Section lists folders Section Head. No folder will If FoldersToScan
47 Setting Description Possible values If value is If value is not valid missing
to exclude from the be excluded and scan. Sub-folders from the FoldersToExclude will also be scan. include the same excluded. If folders an error [FoldersToExclude] will be written to contains folders tblErrors and the that don't exist on scan will end. the computer, the Error is: scan will stop. "The same folder Supports is listed in environment FoldersToScan variables (see Note and below). Optional. FoldersToExclude in OFFSCAN.INI. Aborting scan."
Folder= Lists a folder to be Valid folder OMPM File OMPM File included in the path. Scanner Scanner scans all scan. All files within scans all local physical this folder and sub- local physical drives. folders will be drives. scanned. Optional.
[Application] Sections [Access] If section is If [Application] is containing specific [Excel] missing, the not a known value, settings for each application the section is [PowerPoint] Office application. document ignored. Optional. [Project] files will not [Publisher] be scanned. [Visio] [Word]
RetryCount Number of retries Integer. per file before moving to the next file. Optional.
RetryInterval Number of Integer. milliseconds to wait between retries. Optional.
RetryTimeout The number of Integer. sequential files to 0 - infinite
48 Setting Description Possible values If value is If value is not valid missing
retry before number of files. stopping the scan. Optional.
Ext= List of extensions For example, Store error If extension is not to be scanned for "doc" or "dot" (a nn0001 to valid, write error the application. comma- tblErrors 010014 to Required, if separated list (where nn = tblErrors. [Application] is without the Module present. For a list preceding "." Number) of file types that character). You If there are are scanned by the can add no values in OMPM File additional Ext= in any Scanner, see extension types [Application] Introduction to if you use other section, the OMPM. extensions for OMPM File particular Scanner will document write types, such tblScans and as .LET for tblComputers Word letter to log file and documents. end).
ScanDAO= Specify whether to 0 - do not Collect DAO Collect DAO collect data access collect DAO properties. properties. object (DAO) properties properties from the 1 - collect DAO Access databases properties that are scanned. Optional.
49 Setting Description Possible values If value is If value is not valid missing
AccessScan= Specify whether to 0 - do not Do not collect Do not collect collect Access collect Access Access Access properties. properties from the properties properties. Access databases 1 - collect that are scanned. Access To collect Access properties properties, the OMPM File Scanner must be running on a computer that has Access 95 or later installed on it. Optional.
DisableConvDialog= Specify whether to 0 - do not Do not Do not prevent the prevent the prevent the prevent the conversion dialog conversion dialog conversion conversion box from box from appearing dialog box from dialog box appearing. the next time a appearing from user opens a 1 - prevent the appearing. version of an conversion Access database dialog box from that is earlier than appearing Access 2002 or Access 2003 in either Access 2002 or Access 2003. If you set DisableConfDialog =1, the LastModified date of the Access database changes. Optional.
50 Setting Description Possible values If value is If value is not valid missing
MaxCopyFileSize= Specify the Integer. Defaults to Defaults to 50 MB. maximum file size 0 - infinite file 50 MB. in megabytes (MB) size that the OMPM File Scanner copies for the collection of Access properties. When collecting Access properties, the OMPM File Scanner makes a copy of the database, which it opens and scans. This preserves the LastModified date for the database. You can use this setting to limit the file size that is copied. Optional.
TempPath= Specify the folder Drive letter or Use the Use the folder path where the UNC path. folder path path that is OMPM File that is specified for the Scanner copies specified for TEMP variable in Access databases the TEMP the Microsoft before scanning variable in Windows them. Optional. the Microsoft operating system Windows that is running on operating your computer. system that is running on your computer.
Note The following properties support environment variables: [FoldersToScan], [FoldersToExclude], and [DestinationPath]. For example, you can specify %temp%, which resolves as the location to store temporary files. If the environment variable cannot be resolved due to a misspelling or other reason (for example, if you specified %temps%
51 instead of %temp%), the OMPM File Scanner treats the entry like a folder name and not an environment variable.
See Also Introduction to OMPM Distribute OMPM File Scanner Analyze reports from OMPM Migrate Word, Excel, and PowerPoint files to the 2007 Office system
52 Distribute OMPM File Scanner
You can use Systems Management Software (SMS), another software distribution program, or script to distribute the OMPM File Scanner. If you have SMS or other software distribution software currently deployed in your environment, use SMS to distribute and run the OMPM File Scanner. SMS encrypts the data that it transmits. Iif you are using another software distribution package, refer to your product documentation for information regarding whether it encrypts the data. If you are not using SMS, be aware that scanning files across a network can lead to potential security issues, in the same way that reading or editing any document across a network can create security issues.
Files to Distribute Whether you are using SMS or another software distribution system or script, include the following files that ship with OMPM in the distribution package for the computers that you want to scan: OFFSCAN.EXE – OMPM File Scanner program ACCSCAN.DLL – Application library modules OFFSCAN.INI – Configuration file MSVBVM50.DLL – Visual Basic 5.0 runtime version SYSTEM.MDW – Access system database Your distribution mechanism should copy these files to a folder on the computer to be scanned (for example C:\OFFSCAN).
Distributing the OMPM File Scanner with SMS Use SMS to run the OMPM File Scanner so that it scans with one of the following methods: Run the OMPM File Scanner from a server to scan workstation hard drives. Copy all relevant OMPM File Scanner files to each computer and run the OMPM File Scanner locally. Copy a script to each computer that starts the OMPM File Scanner from a file share. See Sample SMS deployment script for OMPM for help with packaging the OMPM File Scanner for SMS distribution.
Other ways to distribute the OMPM File Scanner For computers that are not always connected to the network, such as laptops and computers in branch offices, you can distribute all of the appropriate files via CD or user-initiated download. Use a login script for the OMPM File Scanner to do the following:
53 Distribute the OMPM File Scanner by using a login script. To accomplish this, use IExpress 2.0 to create a distribution package. For more information, see Use IExpress 2.0 to create a distribution package for OMPM. Run the OMPM File Scanner from a central share by using a login script. The OMPM File Scanner scans a set of files once per RunID. To scan the same set of files again, provide a different RunID in the offscan.ini file.
Collecting OMPM File Scanner log files When the scan is complete, the XML log files are compressed into CAB files on the local computer if you specify CABLogs=1 in the offscan.ini file. The default is to create CAB files. Use an SMS collection job to retrieve the CAB or XML files and store them in a central location. For optimum network performance, store the CAB or XML files in a folder on the same server on which your database is located. For offline computers, you can upload the resulting compressed CAB or XML files to a share folder, copy the files to a CD, or e-mail the files as an attachment, depending on which method best suits your environment.
54 Prepare a SQL database for OMPM
You can use SQL Server to create a database for use with OMPM. You can also use SQL Server 2005 Express Edition as your database server. SQL Server 2005 Express Edition is available as a download from SQL Server 2005 Express Edition (http://go.microsoft.com/fwlink/? LinkId=95582).
To provision a SQL database 1. At a command prompt, navigate to the folder where OMPM is installed, and navigate to the Database folder. 2. Type: CreateDB.bat
Parameter Description
ComputerName The name of the computer that is hosting the SQL Server.
SQLServerName The name of the SQL Server where the new database is created. Required.
DatabaseName The name of the database created. Required.
For example, if your computer name is COMPUTER1, the database server is SQLEXPRESS, and your new database name will be OMPM001, type the following at the command prompt: CreateDB.bat COMPUTER1\SQLEXPRESS OMPM001
Notes: You must have Database Operator permissions to run this script. To obtain help for this command, at a command prompt, type createdb.bat /?. Multiple databases can exist on the same server. DeleteDB.bat is an additional command-line utility included with OMPM that allows a user to delete a database.
55 Import OMPM log files into the database
The import tool automates the process of importing the XML log file data or CAB files directly into a database server. You can begin importing as soon as you have XML or CAB files generated by the OMPM File Scanner. You do not have to wait until all the data is collected. However, we recommend that you wait until all of the data from a specific computer is collected. You can run the import tool multiple times to add new information to the database when the data is collected.
Note You must install SQLXML 3.0 Service Pack 3 (SP3) on your computer before you import XML into your database. You can download SQLXML 3.0 SP3 from SQLXML 3.0 Service Pack 3 (SP3) (http://go.microsoft.com/fwlink?linkid=52919). Use the following procedure to import log files that contain scan data obtained by the OMPM File Scanner.
Import OMPM File Scanner data files into the database 1. At a command prompt, navigate to the folder where OMPM is installed, and navigate to the Database folder. 2. Type: ImportScans.bat
Import OMPM File Scanner action files into the database 1. At a command prompt, navigate to the folder where OMPM is installed, and navigate to the Database folder. 2. Type: ImportActions.bat
Parameter Description
ComputerName The name of the computer that is hosting the SQL Server.
SQLServerName The name of the SQL Server where the new database is created. Required.
DatabaseName The name of the database. Required.
PathToLogFiles The local (or UNC) path to the folder where the log files are
56 Parameter Description
stored. The operator must have read/write/create permissions to this location. Required. Note: The default path for scan data log files in offscan.ini is c:\OMPM\SCANDATA. The default path for action log files is c:\OMPM\ACTIONLOGS.
For example, if your computer name is COMPUTER1, the database server is SQLEXPRESS, the database name is OMPM001, and your log files are stored in c:\OMPM\SCANDATA, type the following at the command prompt: ImportScans.bat COMPUTER1\SQLEXPRESS OMPM001 c:\OMPM\SCANDATA When the log files are successfully imported, the contents move to the imported subfolder in the original
Important Do not run more than one import at the same time. Always allow one import to complete before you start the next import. Running more than one import at the same time could result in data corruption.
Notes: You must have Database Operator permissions to run these scripts. Because a subfolder is created, you must have read/write privileges to the storage location. To obtain help for this command, type the following at a command prompt: ImportScans.bat /? or ImportActions.bat /?. Files that were previously stored in
Fixing import failures If you encounter a fatal error when you import your scan data, the OMPM database may be corrupted. Because the database is populated with information from CAB files, you can use the CAB files to restore your data. If you still have all of the CAB files, you have not lost any data. The high-level process for fixing this situation is as follows: Delete the existing database. Create a new database. Move all of the CAB files out of the OMPMImported folder. Re-import the scan data and action CAB files. You can use the following procedure to delete and restore the OMPM database.
57 Delete and restore the OMPM database 1. At a command prompt, navigate to the OMPM\Database folder and type: DeleteDB.bat
58 Analyze reports from OMPM
You can use OMPM Reports to perform the following actions: Review OMPM File Scanner results to identify errors or to view coverage by computer. Manage issues. Create a list of files to convert and export the list to a file for use by the Office File Converter (OFC) or the Version Extraction Tool (VET). Review data compatibility issues between Access version 1997 or earlier and Access version 2000 or later.
Starting OMPM Reports 1. In the Reports folder where you installed OMPM, double-click OMPM.accdr. Click Yes at the security prompt. 2. If this is your first time using OMPM Reports, enter the location of an OMPM database to connect to. 3. In the Server: drop-down box on the OMPM Welcome page, select the SQL or SQL Express server that you created earlier. If the server is not the default for a computer, it must be specified as the named instance in the form
Review Scan Coverage and Errors 1. On the OMPM Welcome page, select Scan Coverage and Errors. This brings up the Scan Results page. 2. Select a Run ID at the top of the Scan Results page to view the results for that run of the OMPM File Scanner. 3. To view the scan results for a specific computer, select the computer in Scan results for each computer in the run selected above. The scan results appear in Scan errors for the run and computer selected above.
Note Only scanner coverage and errors are reported here. Use the Office 2007 Compatibility report for upgrade issues identified by the scanner.
59 Review Office 2007 Compatibility 1. On the OMPM Welcome page, select Office 2007 Compatibility. This brings up the Office 2007 Compatibility page. 2. You can load a filter that you previously saved by clicking the Load Filter… button at the bottom of the page. Otherwise, specify your file filter settings in Select a File Filter, along the left side of the page.
Note Filters apply to which files are shown, not which issues or created files are shown. For example, if you set Select Issues of Specified Type: to select all issues of level Red, all files with red issues appear. However, if those files also have yellow and green issues, reports of those issues also appear. 3. To invert the filter for a specific setting, check the box to the right of the setting. For example, if you select a scanner run, you see all files discovered during that scanner run. If you invert the filter for that setting, you see all files discovered during other runs, but not during the selected run. 4. To apply the filter, click the Apply Filter button at the top of the 2007 Office release Compatibility page. Use the tabs on the right side of the page to perform the following steps. 5. Select the Issue Summary tab to view a summary of the issues identified by the OMPM File Scanner by severity, type, and frequency. You can bring up the summary in a new window by clicking New Window at the bottom of the page. 6. To view issues and edit their severity level, click Manage Issues at the bottom of the Issue Summary page, and review or edit issues on the resulting Manage Issues dialog. If you review the impact of an issue and the issue is not important for your document set, you can also change the issue level in this dialog. You can use this to organize your files into processing groups of red, yellow, and green status. 7. Select the Computer Summary tab to view a summary of the issues for each computer that was scanned. You can bring up the summary in a new window by clicking New Window at the bottom of the page. To obtain a printable report, click Report View at the bottom of the page. 8. Select the Scanned Files tab to view files that match the criteria set by the filter you applied. You can bring up the summary for all files in a new window by clicking New Window at the bottom of the page. To obtain a printable report, click Report View at the bottom of the page. 9. Select the Created Files tab to view files that were created using the Office File Converter or Version Extraction Tool. You can bring up the summary for all files in a new window by clicking New Window at the bottom of the page. To obtain a printable report, click Report View at the bottom of the page. 10. To save the filter, click the Save Filter… button at the bottom of the page. 11. Export the files to an XML file for use by the Office File Converter or Version Extraction Tool by clicking the Export… button at the bottom of the page.
60 For more information about the filter criteria you can select, see OMPM Reports Filtering Reference.
Review Access Compatibility 1. On the OMPM Welcome page, select Access Compatibility. This brings up the Access Reporting page. 2. On the Access Reporting page, look at the date of the last analysis (next to Analyze). If you have run a scan since that date, or if you have never run Analyze, click Analyzer Settings on the Access Reporting page, specify the settings that you want, and click Analyze. If you don't need to configure the settings and want to start an analysis of the scan data, click Analyze on the Access Reporting page.
Note Clicking Analyze prompts you with the message "Analysis can take quite a long time and should not be canceled mid-run. Are you sure you want to continue?" If your scan data covers fewer than 100,000 databases, the analysis usually takes only a few minutes. If there are more than 100,000 databases, the analysis can take a long time, and you might prefer to run the analysis overnight. 3. To search the Access scan data by field, select QuickSearch on the Access Reporting page. This lists files that OMPM has analyzed. Use QuickSearch to find a specific database file by name, or a list of databases in a specific path or on a specific computer. 4. To view or print interactive reports for Access data, select Reports on the Access Reporting page. This brings up the View Reports tab. On the left navigation pane, you can choose from the following reports: Database and Issue Details. Use this report to get the list of issues for each database file. Database Issues Grouped by Issue. Use this report to find all the databases that are identified as having a specific issue. Executive Summary. This report provides an overview of issues for all analyzed databases, without the file-level details. Active versus Old Databases. This report lists analyzed databases and shows whether they are active or inactive, based on their LastModified property. Conversion Issue–Database is an MDE file. This report lists .mde files and .mdb files that have identical names. Conversion issue–Replicated database. This report lists databases that use replication. Conversion issue–Reserved name in Form/Report/Macro. This report lists databases that contain a reserved name in a form, report, or macro. 5. To view interactive charts that facilitate finding databases with certain attributes, select Charts on the Access Reporting page. This brings up the Database Charts screen, where you can choose from the following charts: Date Last Opened. Database count per year opened.
61 Database Rating. Database count by level of user intervention required. Access Version. Database count by version of Access. File Size. Database count by file size. Conversion Issues. Database count by conversion issue. Warning Level. Database count by warning level. 6. To view databases and database objects on a per-file basis, data, select File Details on the Access Reporting page. 7. To view database issues on a per-file basis, data, select Conversion Issues on the Access Reporting page.
62 Migration considerations by application
In this chapter: Migration considerations for Access 2007 Migration considerations for Excel 2007 Migration considerations for Word 2007
See Also Preparing for migration to the 2007 Office system Assessing your environment with the Office Migration Planning Manager Migration reference Migrating to the 2007 Office system
63 Migration considerations for Access 2007
With Microsoft Office Access 2007, you can open and use databases created in Access 2000, Access 2002, and Access 2003. Using the changes and improvements in Office Access 2007, you can also convert databases created with previous versions of Access into the new Office Access 2007 file format. Databases created with Access 97 or earlier must be enabled or converted for use with Office Access 2007. This topic discusses database migration considerations, including: Migration considerations for Access 2000, Access 2002, and Access 2003 Migration considerations for Access 97 and earlier Office Access 2007 in mixed environments Office Access 2007 and SQL Server Tools to help with your conversion project
Migration considerations for Access 2000, Access 2002, and Access 2003 Databases created using Access 2000, Access 2002, and Access 2003 do not need to be converted for use with Office Access 2007. You can open the databases and modify data and object design in Office Access 2007. You can convert databases from MDB file format to ACCDB file format to enable new functionality. Most functionality in previous versions of Access is available in Office Access 2007, with some exceptions.
Features available only in the new file format in Office Access 2007 The following features are available only with databases that are in Office Access 2007 ACCDB file format. To use these features with existing databases, you must first convert the databases to Office Access 2007 ACCDB file format. Complex data (multi-valued data types) Attachment Date type Append Only Memo fields Compressed image storage for any Picture property E-mail database as attachment Publish database to a Document Library in Microsoft Office SharePoint Server 2007 Full support for Linked Tables to Office SharePoint Server 2007 Offline support for Linked Tables to Office SharePoint Server 2007 Linked Tables to files in ACCDB format
64 Encrypt with database password
Features available only in MDB file format The following features are available only with databases that are in Access 2003 or earlier MDB file format. They are not available with Office Access 2007 ACCDB file format. Ability to open the database with previous versions of Access Object Level Security (also known as Workgroup Security) Database replication Encode database (replaced with Encrypt with database password)
Features no longer available in Office Access 2007 The following features are no longer available in Office Access 2007: Data Access Pages (DAPs) cannot be opened using Office Access 2007.You must use Access 2003 or earlier to create or make design changes to DAPs. To browse DAPs, you must use Internet Explorer. To browse Access 2000 DAPs, you must install Microsoft Office 2000 Web Components, which installs with Access 2000. To browse Access 2002 and Access 2003 DAPs, you must install Microsoft Office XP Web Components, available at Office XP Tool: Web Components (http://go.microsoft.com/fwlink/?LinkId=36954). Microsoft Office XP Web Components is not installed with Office Access 2007. Forms in PivotTable or PivotChart view still function correctly. Databases with references to OWC10.DLL point to the new OFFOWC.DLL. The new OFFOWC.DLL does not support all of the functionality in OWC10.DLL. In some cases, you might need to download and install the Microsoft Office XP Web Components. Toolbars used in previous Access versions are not used by default. They are used only if the following Startup options are configured: The Allow Built-in Toolbars option is disabled A default menu bar is specified. The user interface for toolbar and menu customizations is removed and replaced by the new ribbon. The toolbars and menus can be modified in previous versions of Access or by using the VBA object model or macros. The user interface for some early import and export formats is removed. There is no user interface to export to ASP or IDC/HTX. There is no user interface to import files from Lotus 1- 2-3/DOS (*.wj*) or Exchange. Code and macros created to work with these formats continue to work. For more information about features that have changed in Office Access 2007, see Changes in Access 2007.
65 Migration considerations for Access 97 and earlier When you upgrade from Access 97 and earlier, you must either enable or convert your database files (in MDB format) to open in Office Access 2007. When you open an Access 97 format MDB file for the first time, you can enable or convert the database.
Enabling a database By enabling a database, you make it compatible with Office Access 2007. You can open objects and edit data, but all object definitions are read-only. You can open enabled databases in Access 97 or Office Access 2007, but you can only make design changes in Access 97. You can make data changes in either Access 97 or Office Access 2007. This option is useful in mixed environments where a database must open in both Access 97 and Office Access 2007.
Converting a database Access 97 or earlier format databases are converted into Access 2002-2003 format by default. If a database is converted to Access 2002 or Access 2003, the database can only be opened by Access 2002 or Access 2003. To convert an Access 97 or earlier database to Office Access 2007 ACCDB file format, you must first convert it to Access 2002, Access 2003, or Access 2000. You can then convert the database to Office Access 2007.
MDE file limitations MDE files are MDB files with VBA source code compiled into computer code and VBA source code removed. Office Access 2007 cannot convert or enable an MDE file. To upgrade an MDE file, you must find the original MDB file and convert that file.
Access 2007 in mixed environments You can use Office Access 2007 databases with previous versions of Access if you save the database in MDB file format. Previous versions of Access cannot open databases in the ACCDB file format. You can change the default file format for databases created in Office Access 2007. The new database template feature requires the ACCDB file format. Previous versions of Access do not recognize new Office Access 2007 features. In general, previous versions of Access ignore new properties set in Office Access 2007, but these property values will appear again when the properties re-open in Office Access 2007. The following table shows new features in Office Access 2007 and how the features behave in previous versions of Access.
New Feature in Office Access 2007 Behavior in Access 2000 and Access 2003
ACCDB file format Cannot be opened.
Complex data Only available in ACCDB file format.
Attachments Only available in ACCDB file format.
66 New Feature in Office Access 2007 Behavior in Access 2000 and Access 2003
Append-only memo fields Only available in ACCDB file format.
Offline support for linked tables to Windows Only available in ACCDB file format. SharePoint Services
Linked tables to ACCDB database Only available in ACCDB file format.
Encrypt with database password Only available in ACCDB file format.
Linked Tables to Windows SharePoint Services Not all data types are fully supported. Some V3 columns may be read-only or might not appear.
Rich text Appears as plain text with HTML tags.
Date picker Does not appear.
Gridlines on layouts No gridlines appear.
Control layouts (stacked and tabular) Behave like independent controls.
Linked tables to Excel12 files Linked tables cannot be opened.
Macros embedded in event properties Event properties appear to be blank.
Control auto-resize and anchoring Controls do not automatically resize or move.
Tabbed document mode (SDI) Multiple windows (MDI).
Navigation pane Database container.
Custom groups in the navigation pane Does not appear.
Tables and Views mode Does not appear.
Ribbon Command bars.
Ribbon customizations Does not appear.
Saved imports and exports Does not appear.
Create data collection e-mail Does not appear.
Manage data collection replies Does not appear.
Alternating row color (alternate back color All rows appear the same color as the first row. property) The Alternate Back Color property is ignored.
Filtering and sorting improvements Previous filtering and sorting user interface.
Report browse mode Print Preview only.
Design in browse mode for forms and reports Only design via the property sheet.
Save Database As Does not appear.
Share database on SharePoint Does not appear.
Upsize database to SharePoint Does not appear.
67 New Feature in Office Access 2007 Behavior in Access 2000 and Access 2003
Access security and the Trust Center Prompts with security warnings and does not have the ability to trust a file based on its location.
Improved accessibility Datasheet, forms, and reports do not have the same support for accessibility aides.
New Sorting and Grouping task pane Sorting and grouping dialog box.
Property Sheet task pane Property sheet floating dialog box.
Data Source task pane Field list floating dialog box.
Creating schema in the datasheet Schema must be created in table design.
Getting Started experience Getting Started task pane.
Database templates Cannot be opened.
Office Center for Options Separate dialog boxes for Options, Startup, and AutoCorrect.
Editable value lists Value Lists do not have a user interface for editing and are not automatically inherited from the table.
Edit list items command for combo boxes and Does not appear. list boxes
SharePoint Site Manager Does not appear.
Slit views Appears as a single item form.
Datasheet user interface enhancements Record selectors and selection.
Search box in record navigation user interface Does not appear.
Customizable caption for the record navigation Always appears as Record. user interface
Handling VBA references VBA references are handled the same way in Office Access 2007 as in previous releases. References to other applications in 2007 Microsoft Office system, such as Microsoft Office Word 2007, Microsoft Office Excel 2007, or Microsoft Office Outlook 2007, reference their new type libraries in 2007 Office system when you make design changes in Office Access 2007. If you do not make design changes, the references are not automatically modified by Office Access 2007. If the references are upgraded and the database opens on a computer that does not have 2007 Office system installed, the database has a broken VBA reference. This can cause error
68 messages. VBA references are compatible with previous versions of a type library, but they are not guaranteed to work with future versions of a type library. To fix these databases, you must manually fix VBA references to point to the version of the Office applications installed on that computer. In general, when you are working with multiple versions of Office, the best practice is to test the database on the oldest version of Office and the oldest version of Microsoft Windows that you plan to support. Make sure all of the references are fixed. When the database is opened using a newer version of Office or Windows, the references still work.
Access 2007 and SQL Server Access creates front-end applications that leverage SQL Server as a backend data source. Access forms and reports can be optimized as efficiently as Visual Basic front-end for SQL Server. Office Access 2007 offers two ways to connect to SQL Server data: linking to SQL Server and Access Data Projects (ADPs). The preferred way to connect to SQL Server is MDB file format or ACCDB file format. This enables you to use the full flexibility of local tables and local queries, while leveraging the full power of SQL Server. In addition, MDB and ACCDB files link to multiple SQL Servers and a wide variety of other data sources. Office Access 2007 contains many new features available in both MDB and ACCDB file formats, but only a subset of those features are available in ADPs.
Linking to SQL Server Access leverages the flexibility of the Jet desktop database engine to link to SQL Server. Jet provides extensibility to connect to a variety of different data sources. Previous versions of Access used the version of Jet included with Microsoft Windows. Office Access 2007 uses its own version of Jet. From MDB or ACCDB files, Office Access 2007 enables you to create read/write Linked Tables to SQL Server tables or views. Jet also supports SQL Pass-Through Queries, which can send SQL commands directly to the SQL Server. This linking ability enables you to: Link to multiple SQL Servers or other data sources. Include local tables. Include ad hoc or local queries instead of putting the queries on the server. Jet optimizes the local queries to send as much of the query to the SQL Server as possible to minimize client-side query processing. You cannot directly modify the design of Linked Tables. You must use an ADP file or Enterprise Manager included in SQL Server to make schema changes or design changes.
Access Data Projects (ADPs) An Access Data Project is an OLE document file, like the .xls or.doc file formats. It contains forms, reports, macros, VBA modules, and a connection string. All tables and queries are stored in SQL Server. The ADP architecture was designed to create client-server applications. Because of this, there is a limit to the number of records that Access returns in any recordset. This limit is
69 configurable, but you typically must build enough filtering into your application so that you do not reach the limit. Access uses OLEDB to communicate with SQL Server. To provide the Jet-like cursor behavior desired for desktop applications, Access implements the Client Data Manager (CDM) as an additional layer between Access and OLEDB. Because of the layers required to get from Access to SQL Server in the ADP architecture, it is often easier to optimize MDB/ACCDB file solutions. However, there are some scenarios where a report might be generated significantly faster in an ADP file. To add these performance improvements and retain the flexibility of SQL Server, you can build the majority of the application in an MDB or ACCDB file and have the file load reports from a referenced ADP file. One advantage that ADP files have over files in MDB or ACCDB format is the ability to make design changes to SQL Server objects. ADP files include graphical designers for tables, views, stored procedures, functions, and database diagrams.
Access 2003 Conversion Toolkit You can use the Access 2003 Conversion Tool, available at Access 2003 Conversion Tool (http://go.microsoft.com/fwlink/?LinkId=49681), to analyze databases for upgrade and conversion to Access 2007.
Note This tool does not convert your databases. It only helps you with scoping and identifying known issues that have an impact on the conversion process.
70 Migration considerations for Excel 2007
Microsoft Office Excel 2007 provides users with many more robust, advanced features. Before a migration to Office Excel 2007, users should learn more about these differences to determine how the differences might affect the scope and pace of migration. The most significant functional differences and corresponding behaviors are summarized below. The Microsoft Office Migration Planning Manager (OMPM) helps with migration and migration planning. OMPM contains file scanning and conversion tools to help organizations take inventory of their documents, analyze the documents for readiness with the 2007 Microsoft Office system, and provide notification regarding compatibility issues that may affect migration. For more information about OMPM, see Assessing your environment with the Office Migration Planning Manager.
Changes in Office Excel 2007 The three fundamental differences between earlier versions of Office Excel and Office Excel 2007 include: New Open XML Formats. Significantly expanded grid. Results-oriented user interface that provides many single-click commands.
New file formats Microsoft Office Word 2007, Microsoft Office PowerPoint 2007, and Office Excel 2007 use the new Open XML Formats. The Open XML Formats are compact and robust file formats that enable better data integration between documents and back-end systems and that are distinct from the binary-based file formats of previous versions of Microsoft Office. The Open XML Formats is an open standard that was developed by Ecma International in collaboration with many technology vendors. The standard maximizes interoperability in a heterogeneous environment and enables technology providers to integrate files that are created in the 2007 Office system into their solutions. After installation of the 2007 Office system, users can continue to open, edit, and save workbooks that were generated in the earlier binary file format. These workbooks can be converted to the Open XML Formats. This enables better interoperability among applications from different vendors and makes the Open XML Formats a better long-term solution. Users click the Microsoft Office Button and click Convert to convert a workbook from an earlier format to the Open XML Formats. See File format reference for more information about the file formats.
Caution Users should consider existing links between workbooks before your organization converts existing workbooks to the Open XML Formats. Because earlier versions of
71 Office Excel cannot update links to workbooks that are saved in the Open XML Formats, all linked workbooks should be simultaneously converted.
Larger grid size Users can develop more elaborate and detailed workbooks with the larger grid that is available in Office Excel 2007. The larger grid allows more than 16,000 columns and 1 million rows. However, the larger grid is incompatible with earlier versions of Office Excel. Data that is entered into cells that are outside the previous grid boundaries (A1:IV65536) is permanently deleted when the workbook is saved as an Office Excel 97-2003 workbook. All formulas that reference cells that are outside the previous grid boundaries are also compromised. Users of Office Excel 2007 who plan to share workbooks with users who work with an earlier version of Office Excel should not enter data that is outside the grid boundary of the earlier version. As an alternative, users can use Compatibility Mode, which helps to mitigate these issues by regulating the larger grid size to match the grid size of earlier versions of Office Excel.
New user interface Office Excel 2007 takes advantage of the new Microsoft Office Fluent user interface to offer powerful productivity tools that are easily accessible. Most menus, toolbars, and task panes are replaced by the Office Fluent Ribbon, which organizes commands by object or scenario and groups the commands by tabs. The Office Fluent Ribbon provides access to more features, with fewer steps. After migration to Office Excel 2007, the new user interface is available even when a user works with workbooks that were created in earlier versions of Office Excel 2007.
Opening Excel 97–2003 workbooks in Office Excel 2007 Most of the features that are available in earlier versions of Office Excel still exist when a workbook is opened in Office Excel 2007. There may be times when workbooks perform differently than what users expect, either because a feature that is employed in the workbook is removed or changed, or because the formula is associated with the file format or the specific version of Office Excel that is used to create the workbook. This topic discusses features in the following areas in earlier versions of Office Excel that are either not available or are significantly changed in Office Excel 2007: Compatibility Tools Format Changes Visualization and Design Lists and PivotTables References and Names
72 Compatibility Tools Office Excel 2007 contains compatibility support for the most common features that were used in previous versions of Office Excel. Some functions that were seldom used in previous versions of Office Excel are deprecated or eliminated. Most of the features that users rely on regularly are still available in Office Excel 2007. Office Excel 2007 also contains compatibility safeguards to help prevent the loss of data when users move between different versions of Office Excel.
Compatibility Mode Compatibility Mode is tied to the Office Excel 97-2003 file format, which disables new features in Office Excel 2007 that are not compatible with earlier versions of Office Excel. For example, when a workbook that is opened in Office Excel 2007 is running in Compatibility Mode, the larger grid size is suppressed so that users cannot enter data, formulas, or references that are outside the smaller grid boundary of earlier versions of Office Excel. Users that open a workbook that is saved in the Office Excel 97-2003 file format (.xls) see that the workbook automatically functions in Compatibility Mode. Similarly, when users work with a new workbook that will be used in earlier versions of Office Excel, they can turn on Compatibility Mode (by saving the file in the Office Excel 97-2003 file format, and then closing and re-opening the file) to prevent the accidental use of functions and features that are incompatible with the earlier versions of Office Excel. This option is critical for users who plan to share workbooks with other users who have not yet migrated to Office Excel 2007. When users work in Compatibility Mode, they are still able to work with the Office Fluent user interface and to have access to most of the new features. Only features that are incompatible— such as the larger grid size—are turned off for that workbook. Similarly, when a user saves a new workbook to the Office Excel 97–2003 file format, that workbook is automatically placed into Compatibility Mode the next time the workbook is opened. To exit Compatibility Mode, users convert the workbook to one of the new file formats and then re-open the workbook. Users can accomplish this action in one step by using the Convert command: users click the Microsoft Office Button and click Convert.
Compatibility Checker The Compatibility Checker functions automatically by default when users save a workbook to the Office Excel 97-2003 file format. It scans for features and characteristics that are not supported by earlier versions of Office Excel. Users also have the option to disable the Compatibility Checker so that it does not run automatically when the workbook is saved to an earlier file format. The Compatibility Checker identifies two types of compatibility issues: features that are retained but that function differently in earlier versions of Office Excel, and functions that are disabled in Compatibility Mode and that are not functional in earlier versions of Office Excel. These issues display in a dialog box that enables the user to respond and take action before data or functions are lost. The Compatibility Checker lists issues that are identified in the workbook, summarizes the number of occurrences of each issue, identifies tools to help locate the issues, and provides additional help for the types of issues that are identified.
73 Format changes The Open XML Formats in Office Excel 2007 accurately mirror and represent the binary data formats of earlier versions of Office Excel. This means that users can still read and modify most workbooks that were created in earlier versions of Office Excel in Office Excel 2007. The more robust Open XML Formats accommodate more file types. Some file types are no longer in common use. Consequently, changes are made to the names and extensions as follows: Support is removed for some legacy file types. The names of Office Excel 97-2003 file formats are changed to help users avoid confusion. The new Office Excel 2007 file types are assigned new names and new file name extensions.
New and renamed file names and file name extensions New file name extensions are assigned to the new file formats that are available in Office Excel 2007. These new naming conventions help to avoid confusion when users work between versions of Office Excel. The new file name options are listed in the following table and can be viewed in the Save As dialog box.
File type File name extension
Office Excel 2007 Workbook .xlsx
Office Excel 2007 Macro-Enabled Workbook .xlsm
Office Excel 2007 Binary Workbook .xlsb
Office Excel 2007 Template .xltx
Office Excel 2007 Macro-Enabled Template .xltm
Office Excel 2007 Add-In .xlam
Support is removed for some file formats A number of the previous file formats are seldom, if ever, used. Support for these formats is removed from Office Excel 2007. Users can no longer open or save workbooks based on the following file formats after a migration to Office Excel 2007: WK1 (1-2-3) WK4 (1-2-3) WJ3 (1-2-3 Japanese) (.wj3) WKS (1-2-3) WK3 (1-2-3) WK1, FMT (1-2-3) WJ2 (1-2-3 Japanese) (.wj2)
74 WJ3, FJ3 (1-2-3 Japanese) (.wj3) DBF 2 (dBASE II) WQ1 (Quattro Pro/DOS) WK3, FM3 (1-2-3) Microsoft Excel Chart (.xlc) WK1, ALL(1-2-3) WJ1 (1-2-3 Japanese) (.wj1) WKS (Works Japanese) (.wks)
HTML file format for publishing only Due to limited use as a primary file format, Office Excel 2007 no longer stores Excel-only feature information in HTML file formats. The Save as HTML command is mainly used as a publishing format, and Microsoft continues to support the command as a way to create a document that is viewed in a Web browser. HTML files can still be opened in Office Excel 2007. Office Excel- specific features that are contained in the files and that were created in an earlier version of Office Excel are preserved. Users should save these files as a primary version of the document in one of the new file formats. Users should publish the files to HTML.
Microsoft Script Editor Integration with Microsoft Script Editor is removed from Office Word 2007, Office PowerPoint 2007, and Office Excel 2007 as part of the decision to move away from supporting HTML as a full-fidelity file format. This change means that script debugging components are no longer installed by default in Office Excel 2007. Microsoft Script Editor can still be installed with the Microsoft Office suites so that it can run as a standalone program to edit HTML files.
Visualization and design 2007 Office system provides users with many improvements in visualization and design tools. The biggest differences in Office Excel 2007 are in the following areas: AutoFormat and Style galleries Charting Shapes
AutoFormat Office Excel 2007 includes galleries and functions that are now called Table Style and PivotTable Style. These are significant improvements over the AutoFormat feature that was available in earlier versions of Office Excel. The AutoFormat feature is not included in the Office Fluent Ribbon. It can be added to the Quick Access Toolbar, which is an icon-driven tool set that appears above the Office Fluent Ribbon and that users can customize.
75 Charting Charting is now part of a shared Microsoft Office drawing layer with the 2007 Office system. This means that some of the charting features that are specific to earlier versions of Office Excel are not available in Office Excel 2007. In most cases, these features are replaced with more robust capabilities. Although some charting features are removed or changed, Office Excel 2007 users still have the ability to view charts the way they were created in earlier versions of Office Excel. Issues may arise if users attempt to make changes to charting features that are no longer available in Office Excel 2007. The specific charting features that are not available in Office Excel 2007 and ways to work around these differences are listed below. Resize multiple charts. Users no longer change the chart type of multiple charts simultaneously. Each chart is now changed individually. Press F11 to duplicate a populated chart sheet. Users no longer press F11 on a populated chart sheet to create a chart sheet with the same data. This action produces a blank chart sheet in Office Excel 2007. Direct rotation of 3-D charts. The mouse is used to directly manipulate the 3-D view of the chart in earlier versions of Office Excel. This is accomplished by using the 3-D Rotation dialog box in Office Excel 2007. Pattern fills. Pattern fills for shape objects are removed in favor of picture and texture fills. Existing files appear the same when they are loaded. The ability to create new shapes with the previous pattern fills is removed as part of the new drawing capabilities. Size with window. Earlier versions of Office Excel have a Size with Window command that automatically resizes charts on chart sheets when the window size changes. This feature is removed. The Zoom to Selection command is used to achieve similar results. Automatic text box creation when typing. A text box is no longer automatically created when a user types on a selected chart. A user can still insert text boxes by using the Insert Text Box command. Default paste behavior in Word and PowerPoint. The default choice for copying and pasting a chart from Office Excel 2007 to either Office Word or the Office PowerPoint presentation graphics program is changed to linked. This setting can change to picture or entire workbook through the Paste Options menu, which immediately displays after the user pastes the chart. Word table as a data source. Unlike in earlier versions of Office Word, a user does not use a table as data for a new chart in Office Word 2007. The user sees sample data rather than data in the selected Office Word table. The user copies and pastes the real data into the new chart to replace the sample data. Printed chart size. The Printed Chart Size option is removed from the Chart tab in the Page Setup dialog box. The behavior matches the Custom setting from Office Excel 2003 in Office Excel 2007. Drag data onto a chart. Users add data to a chart by selecting the data and dragging it onto the chart in earlier versions of Office Excel. This feature is no longer available in Office
76 Excel 2007. Office Excel 2007 still supports the other, more common methods of adding data to a chart. Direct manipulation of data points on charts. The user can drag data points on a chart in earlier versions of Office Excel, which changes the data source values on the worksheet. This seldom-used feature is removed from Office Excel 2007.
Shapes All programs in the 2007 Office system feature a new version of shapes, with new formatting capabilities, an upgraded user interface, integration with new Microsoft Office 2007 styles and themes, and compatibility with other features that do not exist in earlier versions of OfficeArt. With the 2007 Office system, the name OfficeArt is changed to SmartArt. Most of the shapes within that workbook automatically convert to the newer version of shapes when an Excel 97-2003 workbook opens in Office Excel 2007. This enables users to take advantage of features that are available in the SmartArt Shape galleries in Office Excel 2007. There are a few exceptions to the automatic upgrade, and in these instances OfficeArt Shapes remain whole and usable in their previous format. These features include: comments, forms controls (including dialog sheet backgrounds), Microsoft ActiveX objects, shapes used internally by Office Excel 2007 for various features (such as filter drop-down lists, auditing and circular reference arrows, and data validation ovals), OLE objects, camera tool objects, ink annotations, header pictures, organization charts, and legacy diagrams. It is important to note that non-upgraded shapes that are drawn in earlier versions of Office Excel cannot be grouped with shapes that are drawn in Office Excel 2007 or with shapes that are upgraded. Similarly, users cannot select upgraded and non-upgraded charts at the same time. As a result, object types are layered when users mix object types. The earlier versions of shapes are drawn on top of all later versions of shapes. The new version of charts cannot be shown on top of the previous version of dialog sheets. Although the charts still exist, users cannot view charts that are layered underneath the dialog sheets. Users must access the new shapes by using the Select Objects command. Users must use the Select Multiple Objects command in the Customize window to select shapes from an earlier version of Office Excel.
Lists and PivotTables Changes in Office Excel 2007 affect the following aspects of lists and PivotTables: AutoFilter. AutoFilterMode property. Lists are now called tables. Adding new records to tables. Table names. Office SharePoint Server lists and write-back to Office SharePoint Server 2007. PivotTables.
77 AutoFilter Filtering is used to display a subset of the data or a portion of the workbook and to hide the rest of the data or workbook from view. This feature is modified in Office Excel 2007 to enable easy access to the most common filtering tasks: filtering by more than two conditions and filtering by format.
AutoFilterMode property In Office Excel 2003, users could create macros to check the AutoFilterMode property when the selection was in a list (referred to as a table in Office Excel 2007) to determine if autofiltering was turned on in that list. In Office Excel 2007, the AutoFilterMode property works with worksheet autofilters and not with autofilters that are part of a table. This is due to properties of Office Excel 2007 that give each table its own AutoFilter object, which in turn enables multiple autofilters per worksheet through the use of tables. The AutoFilterMode property may not work correctly when users open an Office Excel 2003 workbook that contains macros that are used to check the AutoFilterMode property of a list (table). This does not affect documents or macros that are created in versions of Office Excel before Office Excel 2003. To correct this issue, users enable the AutoFilter task from the List object, instead of at the macro level.
Lists are now called tables The list feature was introduced in Office Excel 2003 as a way for users to easily track lists of data, such as contacts and orders. It is also the mechanism by which lists or data from an Office SharePoint Server site can display in Office Excel 2003. In Office Excel 2007, the name of this feature is changed to Table to match this feature in other Microsoft Office programs, such as Office Word and Office PowerPoint. Other changes to this feature make it a more robust organizational tool. When users work with workbooks that contain lists that were created in earlier versions of Office Excel, users will discover behavioral differences in the table features of Office Excel 2007. These differences are described below.
Adding new records to a table A special row that is used to add new records to a list appears at the bottom of a list in Office Excel 2003. Although this row is removed from tables in Office Excel 2007, it is extremely easy to add new records. In most cases, typing just below a table triggers Office Excel to add that row to the table. The user may need to use the Insert Row command in the Table menu when there is already data or another object just below the table.
Table name When users create a table, they also create a defined name for the same range in Office Excel 2007. This name is used to reference the table in formulas that use the new structured referencing feature.
78 Names used for PivotTables and tables in earlier versions of Office Excel may not meet the requirements for range names in Office Excel 2007. Users must change the names of these objects when the objects open in Office Excel 2007. This ensures that the objects are appropriate for use in formulas and elsewhere. The type of table names that are used for referencing are built on top of the existing Defined Name feature in Office Excel. Consequently, the table names inherit the same restrictions that defined names have, such as containing no spaces and having no support for certain characters. The table name that was previously only available through the object model does not share these same restrictions, so the two functions are separate.
Office SharePoint Server 2007 lists and write-back Office Excel 2003 supports a user's ability to connect to (read) and update (write) lists that reside on an Office SharePoint Server 2007 site. Lists that were created in Office Excel 2003 and that connect to an Office SharePoint Server 2007 site continue to function as they always have, even when the lists are opened in Office Excel 2007. Users can continue to update the Office SharePoint Server 2007 site. However, the update feature is removed from Office Excel 2007. This means that new tables that connect to an Office SharePoint Server 2007 site do not support the ability to write back. Users can still publish a table to an Office SharePoint Server 2007 site through a one-time write option. Links to the list are read-only after they are published. Users can update the Office SharePoint Server 2007 list by refreshing the table data in Office Excel, but users cannot update the data directly on the Office SharePoint Server 2007 site. In addition to these new behaviors, read/write connections to an Office SharePoint Server 2007 site are converted to a read-only connection when the workbook is saved to the new Office Excel 2007 file format. Users receive an alert message during the Save function. The message lets them cancel out of the operation and process uncommitted changes. Read-only connections to an Office SharePoint Server 2007 site behave the same as other external data queries. For example, users no longer view the ID column. The column only appears if it is part of the view for that list. Users can delete the ID column or any other column. Users can also insert columns in the middle or add them to the end. This enables users to build calculated columns by using existing columns. Users can also rename headers, change data values for ad-hoc analysis, insert or delete worksheet rows, and apply custom data validation rules. These exercises do not affect data on the Office SharePoint Server 2007 site, because users cannot save these modifications or update the Office SharePoint Server 2007 site. In other words, the experience of working with a table that is connected to an Office SharePoint Server 2007 site should be as comfortable as working with a normal workbook that operates in read-only mode.
PivotTables Many changes are made to the formulas and architecture of PivotTable dynamic views in Office Excel 2007. These changes enable users to do more with PivotTables, but the changes may also cause some issues when users migrate from earlier versions of Office Excel.
79 To ensure that PivotTables remain whole and functional, the version property of PivotTables is completely separate from the version property of Office Excel. PivotTables in Office Excel 2007 are version 12 (xlPivotTableVersion12). PivotTables that are created in earlier versions of Office Excel have a different version number. For example, version 10 PivotTables (xlPivotTableVersion10) are created in either Office Excel 2002 or Office Excel 2003. When users work in Office Excel 2007, the version of the PivotTable is determined by whether the user is working in Compatibility Mode. New PivotTables that are created in that workbook are created in version 10 if the current workbook is in Compatibility Mode. New PivotTables are created in version 12 when the current workbook is not in Compatibility Mode. When the user saves a workbook from Compatibility Mode to one of the new file formats, the PivotTables in that workbook are marked for upgrade. When each PivotTable is refreshed, it is upgraded to version 12 and new functionality is enabled for that PivotTable. It is important to note that version 12 PivotTables cannot be downgraded to version 10, even when the workbook is saved by using a previous file format. This means that a version 12 PivotTable that is created in Office Excel 2007 cannot be modified or refreshed when it is opened in an earlier version of Office Excel. However, the PivotTable maintains all functionality and can be modified or refreshed when it is re-opened in Office Excel 2007. If the user plans to share PivotTables with other users who are working in a previous version of Office Excel and those users need to refresh the PivotTables, it is important to make sure that the PivotTables are created as version 10 PivotTables. The simplest way to do this is by using Compatibility Mode. In addition to these versioning differences, other functional changes affect the behavior of PivotTables. The following features are either removed or are significantly deprecated in Office Excel 2007 due to a lack of interest from users. In some cases, these functions are replaced by more robust PivotTable tools.
Calculated members Calculated members that are defined in Microsoft Online Analytical Processing (OLAP) cubes do not display by default in version 12 PivotTables. This does not apply to calculated measures (calculated members in the Measures dimension). These always appear. Calculated members appear by default in Office Excel 2003. However, this feature can be controlled in the object model (PivotTable.ViewCalculatedMembers) in both Office Excel 2003 and Office Excel 2007. This setting is also added to the Display tab in the PivotTable Options dialog box in Office Excel 2007 so that it is easy to make calculated members appear when they are needed.
Filtering with SQL Server 2005 Analysis Services The new filtering features in OLAP PivotTables require support for sub-selects on the OLAP server. Microsoft SQL Server 2005 Analysis Services supports sub-selects, so that all of the new filtering options are available. Earlier versions of SQL Server Analysis Services do not support sub-selects. When users work with earlier versions, only the filtering features that are available in Office Excel 2003 PivotTables are available in Office Excel 2007 PivotTables.
80 OLAP Cube Wizard The OLAP Cube Wizard enables the user to create OLAP cube files from relational data sources and add hierarchical data organization to relational data in earlier versions of Office Excel. The relational data can be viewed in PivotTables and the data can be stored in a separate file. The OLAP Cube Wizard is removed from Office Excel 2007 because this feature was seldom used. Users can still create PivotTables based on relational data by using the more common methods of directly connecting to the relational data or by importing the data into an Office Excel workbook.
PivotTable Wizard The PivotTable Wizard is no longer the primary user interface for creating PivotTables in Office Excel 2007. Users can access a new, simpler one-step dialog box to create PivotTables for most purposes. Users can add the PivotTable and PivotChart Wizard to the Quick Access Toolbar. The following features are only available through the wizard: Server-defined page fields. Option to optimize memory. Ability to explicitly create a PivotTable based on another PivotTable. Multiple consolidation ranges.
Tracking customizations Version 12 OLAP PivotTables track customizations of items, even when those items are temporarily not visible in the PivotTable. This is true for formatting that is applied to items and to customized item labels. This is an improvement over Office Excel 2003, where custom labels and formatting were lost when the parent field collapsed. Office Excel 2007 stores and applies the parent field information after the collapse-and-expand operations. Office Excel 2007 stores customized labels when the field is removed from the PivotTable so that the customized labels still appear when the field is added back to the PivotTable at a later time.
References and names Though some features and functions are not altered in Office Excel 2007, users may experience formula issues when a workbook that was created in an earlier version of Office Excel is opened in Office Excel 2007. Cell references or names may become confused with the naming and reference conventions that were made possible by the larger grid. Users should be aware of the following possible issues in their existing workbooks.
Full row or column references All full row and full column references automatically consider the new cells in the larger grid size of Office Excel 2007 when a workbook from an earlier version of Office Excel is converted to the Office Excel 2007 file format. This is because the reference =A:A refers to cells A1:A65536 in earlier versions of Office Excel, but that same reference points to cells A1:A1048536 in the Office Excel 2007 format. Full row or column references are often used as a shortcut to capture all data in a range within that row or column. This can lead to issues when a user enters data that is not meant to be
81 included in that reference further down the column or row. In addition, the results of functions that reference full rows or columns can change when the functions are converted to Office Excel 2007. Examples include COUNTBLANK, ROWS, and COLUMN functions, which count the number of cells, rows, or columns in the reference.
Names and column header labels With the addition of over 16,000 columns, the column header labels in Office Excel 2007 now extend to XFD. Many names that could be defined in earlier versions of Office Excel (for example, USA1, FOO100, MGR4) are now valid cell references. Additionally, Office Excel 2007 now reserves names that begin with xl for internal use. When incompatible names are found during the conversion to the Office Excel 2007 file format, the user is alerted to the conflict and an underscore (_) is automatically added to the beginning of all incompatible names to make the names unique. External workbook references and functions that take strings references, such as INDIRECT, are not updated when they are converted to the Office Excel 2007 file format. These must be changed manually. Office Excel 2007 does not change defined names that are referenced through Microsoft Visual Basic for Applications (VBA) code. VBA code that references incompatible names does not work and must be updated by the user or an IT professional. This is accomplished by performing a find and replace action on the old name.
Opening Office Excel 2007 workbooks in earlier versions of Office Excel It is reasonable to expect that after a migration to Office Excel 2007, users will continue to share workbooks with other users who are still working with earlier versions of Office Excel. There are two ways to facilitate file sharing across versions of Office Excel. Users can use the Save As command to save the workbook in an earlier file format. Users of earlier versions of Office Excel can download the Compatibility Pack to open the Office Excel 2007 workbook in its earlier format. For more information about the Compatibility Pack, see Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (http://go.microsoft.com/fwlink?LinkID=77512). The workbook performs in the same way, whether the file is saved as an Office Excel 97-2003 workbook or whether the user opens the file with the Compatibility Pack. However, some of the features, functions, and data that are entered in an Office Excel 2007 workbook may not be visible or usable in earlier versions of Office Excel. Users can expect the following issues to arise when an Office Excel 2007 workbook is opened in earlier versions of Office Excel.
Conditional formatting Office Excel 2007 users benefit from many improvements to conditional formatting, including new and more robust visualization tools, the Office Fluent Ribbon user interface, and new conditional formatting rules. An increase to the number of formatting parameters that can be used simultaneously and some added PivotTable and table functionality also improve the conditional
82 formatting experience. When Office Excel 2007 workbooks are shared with other users who are working with earlier versions of Office Excel, it is important that users know how conditional formatting functions in the earlier versions.
Formatting is retained In general, all of the conditional formatting that is created in an Office Excel 2007 workbook is retained when the formatting is saved to the earlier file format. Because conditional formatting is another property that is assigned to the cell, it is not affected when the user alters data, font, borders, and so on. If the user does not alter the conditional formatting, the user can open and save the file in earlier versions of Office Excel with no loss of the new conditional formatting. Earlier versions of Office Excel cannot display the new data visualizations that are added, such as data bars, icon sets, and color scales. This does not mean the visualizations are lost. The visualizations remain available so that they can be viewed when the workbook is opened again in Office Excel 2007. But when the workbook is opened in the earlier versions, some of the visualizations are not visible and others may appear slightly different, because earlier versions of Office Excel may substitute a compatible visual quality when the new feature is not available. For example, more variations on the color blue are available in Office Excel 2007. When a file that references an unavailable blue is opened in an earlier version of Office Excel, the user still sees blue, but a different hue of blue. Users can edit files that contain new conditional formatting with earlier versions of Office Excel. Users can change cell values, sort ranges, add formatting, and perform a number of other tasks without changing the conditional formatting. In general, if the user does not make changes directly to the conditional formatting on a range, the formatting safely reappears as it was designed when the workbook is opened again in Office Excel 2007.
Designing formats for use in multiple versions Users who want to create workbooks to share across multiple versions of Office Excel and who want those workbooks to look the same no matter which version of Office Excel is used, should not use the new visualizations and new rules. The following list of new conditional formatting features affects the appearance of workbooks that are opened in earlier versions of Office Excel. Users should avoid these new features in the following circumstances: More than three conditions used for formatting. Earlier versions of Office Excel are limited to three conditions per cell. If more than three conditions are applied in an Office Excel 2007 workbook, only the first three conditions display when the workbook is opened in earlier versions of Office Excel. Conditional formatting that overlaps. Users can define overlapping conditional formatting in Office Excel 2007, but earlier versions of Office Excel do not evaluate all of the rules and these cells may show different formatting. New visualizations. Data bars, color scales, and icon sets cannot display in earlier versions of Office Excel.
83 Stop if True. Office Excel 2007 has a new conditional formatting option to process additional formatting rules, even when a previous condition is true. Earlier versions of Office Excel do not recognize this option, and stop after the first true condition. Top 10 or Compare to Average. Office Excel 2007 can apply conditions to subsets of values. Earlier versions of Office Excel do not have these conditional formatting options The earlier versions calculate the condition across all values. Non-contiguous formatting. Office Excel 2007 supports additional conditional formatting on ranges that are not adjacent to each other. This conditional formatting type is not supported in earlier versions of Office Excel.
Incompatible grid size Data (including cell data, charts, and all other objects) that is located in cells that are outside the grid boundaries of earlier versions of Office Excel (A1:IV65536) is permanently removed from the workbook when it is opened in or is saved to Office Excel 2003 and earlier file formats. Consequently, when workbooks are shared between earlier versions of Office Excel and the new Office Excel 2007, Microsoft strongly recommends that the user does not enter data or create references that point to data in cells that are outside the grid boundaries of earlier versions of Office Excel, because those cells will not exist when they are opened in earlier versions. Compatibility Mode helps to prevent this problem by regulating the larger grid of Office Excel 2007 for use across earlier versions of Office Excel. When a user saves a file that contains references to cells that are outside the A1:IV65536 range into an earlier file format, Office Excel 2007 provides the option to recalculate the workbook when it is opened again. The user can also be prompted with a recalculate cells alert. This recalculates all cell formulas and references based on actual data in the workbook. Cells with references that are outside the A1:IV65536 range change to #REF!. The user should take one of the following actions when the alert appears: Respond yes to this alert to make sure that users who view the workbook see cell values that accurately reflect the data in the workbook. For example: a cell that referenced A100000 and displayed the value of that cell now shows #REF!, because cell A100000 no longer exists. Respond no to this alert to send a snapshot of the values that appear in the A1:IV65536 range, even if some of the values are no longer valid because data was lost. For example, a cell that referenced A100000 and displayed the value of that cell still displays that value even though cell A100000 no longer exists, because Office Excel did not recalculate the cell reference.
Incompatible tables and lists The table feature (formerly list) was first introduced with Office Excel 2003. The table data appears in the workbook when an Office Excel 2007 workbook is opened in a version of Office Excel that is earlier than Office Excel 2003, but none of the surrounding table functionality is available. The workbook, including the data inside the table, can be modified and the table should remain intact when the workbook is re-opened in Office Excel 2007. However, structural changes
84 made to the workbook in versions of Office Excel that are earlier than Office Excel 2003, such as inserting or deleting cells and columns, may cause the table—but not the data—to be lost when the file is opened in Office Excel 2007.
External data queries An external data query that is created in Office Excel 2007 still functions as an external query in earlier versions of Office Excel, but the table functionality is not present. The external data query can still be refreshed and changed without the table functionality. Further, the table functionality should reappear when the file is opened in Office Excel 2007, but some types of modification may cause the table to be lost. In those cases, the data and the external data functionality remain.
New security features Office Excel 2007 includes the following new features to secure data: Trust Center and the Message Bar. Trusted Locations. Disallowing empty macros. Change in security levels. Programmability enhancements. Interaction between Office Excel 2007 and Internet Explorer.
Trust Center and the Message Bar Trust Center is a new feature in the 2007 Office system that hosts all security settings for each program in a location that is common across all programs in the 2007 Office system. In addition to combining all security options in one central location, Trust Center includes the Message Bar, which replaces security prompts when an Excel workbook is opened. This Message Bar is similar to the pop-up blocker message that is used in the Windows Internet Explorer Internet browser. All potentially dangerous content is blocked or disabled in the workbook without prompts by default. No security decisions are made when a workbook is opened. For example, documents with macros, ActiveX controls, and data links no longer prompt the user about the possible security concern. These features are disabled. However, users are notified when something is blocked, because the Message Bar appears in the program window. The user can click the bar to take action, including allowing the blocked content if the user’s Group Policy settings allow it. In the past, users had to make this decision before they were able to see the document and with access to little or no information about the spreadsheet. This new security model enables users to read a document and edit content while the document is protected. Macros are only enabled if necessary and only after Trust Center and Group Policy have determined that the document is what the user is expecting. Office Excel 2007 users should become familiar with these new security features. Macros, ActiveX controls, data links, and other robust features are commonly used in workbooks.
85 Trusted Locations Trusted Locations is a new feature that provides additional management capabilities for IT administrators and enhanced security for users. Trusted Locations are defined folders from which documents that contain active content (macros, ActiveX controls) run without being subjected to further security review, such as the Message Bar. With the 2007 Office system, administrators can better manage the types of active content that can run and the conditions under which the active content is permitted to run. Group Policy can prohibit running macros from all other locations. It is important to note that these Trusted Locations must be properly managed. Only documents that are known to be safe should be placed in Trusted Locations. Any document that is stored in the folders is completely trusted and does not display security warnings before the document performs potentially harmful actions, such as running macros or connecting to data.
Empty macros Users could retain comments or declarations in Excel VBA—or macro—code in Office Excel 2003. Users can no longer save macro code that contains only comments and declaration statements in Office Excel 2007. The user must add a subroutine or function to the Excel VBA code to retain these features.
Change in security levels Four levels of macro security settings are available in Office Excel 2003: low, medium, high, and very high. Users access Trust Center to find new macro security settings in the 2007 Office system. These new settings are more descriptive than the previous settings and are more flexible regarding security settings that are specific to Office Excel 2007.
Programmability issues All documents that are saved in Open XML Formats are considered to be macro-free files and cannot contain code by default. This behavior ensures that malicious code that resides in a default document can never run unexpectedly. While documents can still contain and use macros in the 2007 Office system, users must save documents as a macro-enabled document type. This safeguard does not affect a developer’s ability to build solutions, but it does enable organizations to use documents with more confidence. Macro-enabled files employ the same file format as macro-free files, but the files contain additional parts that macro-free files do not. The additional parts depend on the type of automation that exists in the document. A macro-enabled file that uses VBA contains a binary part that stores the VBA project. Any Office Excel 2007 workbook that utilizes macros that are created in previous versions of Office Excel or any Office PowerPoint presentation that contains action buttons are also saved as macro-enabled files. If a code-specific part exists in a macro-free file, whether it is placed there accidentally or maliciously, the programs in the 2007 Office system do not allow the code to run—without exception. Users can now determine if code exists within a Microsoft Office document before the document opens. Previously, this could not be easily accomplished unless the file was opened in a Microsoft
86 Office program. Users can now inspect the package file for the existence of code-based parts and relationships without running Microsoft Office programs and potentially risky code. If a file looks suspicious, users can remove the parts of the file that are capable of running code. This ensures that the code cannot cause harm.
Interaction between Office Excel 2007 and Internet Explorer When a user navigated to a Microsoft Office document from within Internet Explorer in earlier versions of the Microsoft Office suites, the document opened with the program that was hosted inside the Internet Explorer program. Many developers used this functionality to create a more integrated interaction between their Web programs and the data that was produced by those programs, such as creating a workbook and then instructing Internet Explorer to navigate to that workbook. However, this caused confusion for users who wanted to work with documents from the Web (Internet or intranet), because the full Office Excel user interface was not available from within Internet Explorer. This default behavior is changed in the 2007 Office system. The program does not open inside Internet Explorer. Instead, the appropriate Microsoft Office program launches and opens the document. This provides a more consistent experience; however, it may cause unexpected behavior in custom applications that use Internet Explorer. Although this is the default behavior, users can choose to revert to the earlier hosted behavior if that is what they prefer.
87 Migration considerations for Word 2007
This topic discusses migration considerations for Microsoft Office Word 2007, including: Migrating files to the new file format Migrating AutoText entries Migrating customizations Migrating Add-ins Migrating AutoCorrect entries Migrating the data key
Migrating files to the new file format The file format for documents created in Office Word 2007 is changed. For more information about new file formats in the 2007 Microsoft Office system, see File format reference. For more information about migrating files to new file formats, or for coexisting with different versions of Word, see Planning for migration and Migrating to the 2007 Office system.
Migrating AutoText entries Office Word 2007 handles AutoText entries differently than in previous versions of Word. In previous versions of Word, AutoText entries are stored in the Normal.dot template or in user templates. Office Word 2007 replaces the Normal.dot template with the new Normal.dotm template, which supports new file formats and other features in the 2007 Office system and also contains different styles and formatting. Instead of storing AutoText entries in the new Normal.dotm template by default, Office Word 2007 stores the entries as a separate template in the Document Building Blocks directory. The Document Building Blocks directory is new to Office Word 2007. Companies can create a template and store it in the Document Building Blocks directory. This avoids any interaction with the Normal template. You must manually migrate your auto text entries to use them in Office Word 2007. Use the following procedure.
Migrate AutoText entries to Word 2007 1. Copy the old Normal template from the %APPDATA%\Templates directory to the %APPDATA%\Document Building Blocks directory. During installation, the old Normal template was renamed from Normal.dot to Normal11.dot. (By default, %APPDATA% is C:\Documents and Settings\
88 4. Open AutoText.dotx in Office Word 2007, and go to the Building Blocks Organizer. To do this, click Insert, click Quick Parts, and click Building Blocks Organizer…. 5. In Building Blocks Organizer, you can move AutoText entries to the Quick Parts gallery or a gallery you prefer. To do this, select an AutoText entry, click Edit Properties…, select the appropriate gallery in the Gallery: dropdown box, and click OK. Perform the following procedure to make AutoText entries available while you compose e-mails.
Migrate AutoText entries to the NormalEmail.dotm template 1. Copy AutoText.dotx (in %APPDATA%\Document Building Blocks) to Temp.dotx (in the same directory). 2. Open NormalEmail.dotm in Office Word 2007 and go to Building Blocks Organizer. To do this, click Insert, click Quick Parts, and click Building Blocks Organizer…. 3. In Building Blocks Organizer, move all the AutoText entries from the Temp template to the NormalEmail template. To do this, select an AutoText entry, click Edit Properties…, select NormalEmail in the Save in: dropdown box, and click OK. 4. When you finish moving all AutoText entries, close Office Word 2007 and delete %APPDATA%\Document Building Blocks\Temp.dotx.
Migrating customizations Customizations to previous versions of Word do not automatically migrate to Office Word 2007 during installation. These customizations include: Settings Styles Add-ins Macros Toolbars AutoText entries AutoCorrect entries Many features relating to these customizations are significantly redesigned in Office Word 2007. Settings from earlier versions of Word do not automatically migrate to Office Word 2007. Users can take advantage of the new features more easily. In previous versions of Word, customizations are stored in the Normal template (Normal.dot). This template stores customizations such as custom toolbars, default font changes, style customizations (including user-created styles), macros, AutoText, and AutoCorrect entries. The installation process for Office Word 2007 renames Normal.dot to Normal11.dot. The default for Office Word 2007 is the new Normal.dotm template. By default, Normal11.dot and Normal.dotm are stored in C:\Documents and Settings\
89 Note Some customizations for previous versions of Word, such as some changes to the user interface, might not apply to Office Word 2007 and will not have an effect in Office Word 2007.
Migrate the contents of Normal11.dot to Normal.dotm 1. Exit Office Word 2007 if it is currently open. 2. In My Computer (or Computer if you are using Microsoft Windows Vista), navigate to C:\Documents and Settings\
Migrating Add-ins If add-ins from a previous version of Word are no longer available after you upgrade to Office Word 2007, see the Knowledge Base article Add-ins may not be available after you upgrade to Word 2007 (http://go.microsoft.com/fwlink/?LinkId=80909).
Migrating AutoCorrect entries To migrate AutoCorrect entries from a previous version of Word, see the Knowledge Base article How to move AutoCorrect entries in Word 2007 from one computer to another computer (http://go.microsoft.com/fwlink/?LinkId=81188).
Migrating the data key The data key stores the settings for frequently used options. The data key cannot be migrated from a previous version of Word to Office Word 2007.
See Also File format reference Planning for migration Migrating to the 2007 Office system Changes in the 2007 Office system Changes in Word 2007, Excel 2007, and PowerPoint 2007 Changes in Word 2007
90 III Planning for Outlook 2007
In this section: Planning for installing and upgrading Outlook 2007 (Office Resource Kit) Planning for security and protection in Outlook 2007 (Office Resource Kit)
91 Planning for installing and upgrading Outlook 2007 (Office Resource Kit)
In this chapter: Outlook 2007 deployment overview Determine when to install Outlook 2007 Install Outlook 2007 by using the Office Customization Tool Plan an upgrade to Outlook 2007 How Outlook 2007 works with different Exchange Server versions Plan a Cached Exchange Mode deployment in Outlook 2007 Plan Outlook 2007 Offline Address Book deployment Considerations when installing Outlook 2007 in a Terminal Services Environment
92 Outlook 2007 deployment overview
A close review of your organization's messaging requirements will help you plan the optimal Microsoft Office Outlook 2007 deployment. This topic provides an overview of issues to consider when you deploy Office Outlook 2007. Most areas are covered in more detail in other Office Resource Kit topics, which are listed in See Also.
Determining your organization's needs Your organization's messaging environment helps to shape your Office Outlook 2007 deployment. Factors to consider include whether you are upgrading Outlook, installing the application for the first time, planning for roaming or remote users, or choosing a combination of these and other factors.
Upgrade or initial installation If you are upgrading to Office Outlook 2007 from an earlier version of Outlook, consider whether you will migrate previous settings, modify user profiles, and use new customization options. The Office Customization Tool (OCT) provides options for migrating users' current settings and for making other customizations, such as defining new Microsoft Exchange servers and customizing new features. User settings are migrated automatically by default, except for security settings. If you are deploying Outlook on client computers for the first time, each user needs an Outlook profile to store information about e-mail messaging server connections and other important Outlook settings. You use the Office Customization Tool or deploy an Outlook Profile (PRF) file to define profile settings for your users.
Migrating data If your organization uses a different mail client, you might need to migrate data from those clients to Office Outlook 2007. Importers provided in Outlook (for example, for Eudora Light) might be helpful. Importers cannot be configured to run automatically; you use them to migrate data individually for each user.
Remote and roaming users Special customizations are required to deploy Outlook to remote users and roaming users, and to set up Outlook for multiple users on the same computer. You might want to configure features such as Outlook Anywhere (RPC over HTTP) and Cached Exchange Mode for remote users. These features enhance the user experience when Outlook is used over slower or less reliable connections. With Outlook Anywhere, you can configure connections that enable users to connect more securely from the Internet (HTTP) to Exchange servers in your organization without using a Virtual Private Network (VPN) connection. Cached Exchange Mode is an Outlook feature that uses a local copy of users' mailboxes. This feature
93 enables users to have more reliable access to their Outlook data, whether they are connected to a network or they are working offline. Roaming users should have the same messaging environment on each computer to which they roam. This includes the type and version of the operating system, Outlook version, and Outlook installation location on the computer. For multiple users sharing the same computer, use Microsoft Windows logon features on the computer's operating system to manage user logon verification. Make sure that each user runs the same version of Outlook so that conflicts do not arise among shared files. Conflicts can occur when one version of Outlook attempts to write a file to a file folder location that is shared by other versions of Outlook used on the same computer. To learn more about setting up multiple Outlook users on the same computer, see the Outlook Help topic Using Outlook on a computer you share with other people.
Multilingual requirements The 2007 Microsoft Office system provides broad support for deploying in international or multilingual environments. An 2007 Office system product consists of the language-neutral core package plus one or more language-specific packages. In addition to the Proofing Tools included in each language version, you can download and deploy Proofing Tools for other languages to help multilingual groups work with and edit files in a variety of languages. Office Outlook 2007 supports Unicode throughout the product to help multilingual organizations seamlessly exchange messages and other information in a multilingual environment.
Client and messaging server platforms Some features of Office Outlook 2007 (for example, Cached Exchange Mode) require Microsoft Exchange Server as a messaging platform. While Office Outlook 2007 works well with earlier versions of Exchange, some features of Office Outlook 2007 require specific versions of Exchange. Because of this and other enhanced integration with Exchange throughout Office Outlook 2007, you might gain the greatest benefit by combining Office Outlook 2007 with the latest version of Exchange. Deployment customization decisions for Office Outlook 2007 depend on which version of Exchange Server you are using. If you currently use Exchange Server as your messaging server and you have not upgraded to Exchange 2003 or later, consider coordinating your Exchange Server upgrade with your deployment timing for Office Outlook 2007. Exchange Server 2000 is the minimum version for using Exchange Server with Office Outlook 2007.
Choosing when and how to install Outlook You have options for when and how you install Office Outlook 2007. For example, consider whether it would be best for your organization to: Install or upgrade Outlook for different groups of users in stages, or at one time. Install Outlook as a stand-alone application. Install Outlook before, with, or after the 2007 Office system.
94 Each organization has a different environment and might make different choices about timing Office Outlook 2007 upgrades. For example, you might have a messaging group that is responsible for upgrading Outlook and a separate group that plans deployment for other Office applications. In this case, it might be easier to upgrade Outlook separately from the rest of Office, rather than attempting to coordinate deployment between the two groups.
Note Office Outlook 2007 cannot coexist with previous versions of Outlook. If you need to use previous versions, do not install Office Outlook 2007.
Customizing Outlook settings and profiles You can customize your Outlook installation to handle Outlook user settings and profiles in two ways. You can: Specify Outlook user settings in the Office Customization Tool (OCT). Specify options for managing new and existing Outlook profiles in the OCT or use an Outlook Profile (PRF) file. For example, you can enable Outlook users to migrate their current profiles and settings while default profiles and settings are defined for new Outlook users. You can also modify existing profiles and establish new default profiles for new Outlook users. When you customize Outlook by using the OCT, you save your choices and other installation preferences in the customization file that is applied during Setup. Later, you update settings and profile information by opening the file in the OCT and saving a new copy of the file.
Configuring subscriptions and other sharing features Office Outlook 2007 includes new features so you can easily subscribe to new sources of content and share the features with users inside and outside your organization. Content sources include Windows SharePoint Services 3.0 (WSS) contacts, tasks, and calendars, along with local and Internet-based calendars (iCals). Really Simple Syndication (RSS) is another sharing feature that enables users to subscribe to internal or Internet-based sources of syndicated content (XML files) to avoid having to check a site for new information. You can deploy specific RSS Feeds or calendar subscriptions to users, configure settings to manage how users can share these subscriptions or content, specify how often the servers update users' copies of the data, and more.
Using Outlook with Terminal Services Microsoft Terminal Services enables you to install a single copy of Office Outlook 2007 on a Terminal Services computer. Instead of running Outlook locally, multiple users connect to the server and run Outlook from that server. To achieve the optimal results when you use Outlook with Terminal Services, pay close attention to how you customize your Outlook configuration. For example, Cached Exchange Mode cannot be configured with Terminal Services. Note that Outlook might be part of an environment that includes other applications provided on the same Terminal Services computer.
95 Collaboration Data Objects dependencies Collaboration Data Objects (CDO) must be downloaded and then installed locally. You can download CDO at Collaboration Data Objects version 1.2.1.
Security and privacy considerations Outlook includes many security and privacy features.
The new Trust Center for Office The new Trust Center for the 2007 Office system provides a central location for security and privacy options. The Very High, High, Medium, and Low security levels that were used in earlier versions of Office are replaced with a more streamlined security system. For more information, see Overview of security in the 2007 Office system.
Limiting viruses and junk e-mail messages for your users Office Outlook 2007 includes features designed to help minimize the spread of viruses and to help users avoid junk e-mail. In Office Outlook 2007, you can configure virus-prevention and other security settings in Group Policy to support the needs of your organization. You can also use the Outlook Security Template to configure settings, as in earlier releases of Outlook. With either configuration method, you can, for example, modify the list of file types that are blocked in e-mail messages. The Object Model (OM) Guard that helps prevent viruses from using the Outlook Address Book to propagate themselves is updated. Outlook checks for up-to-date antivirus software to help determine when to display address book access warnings and other Outlook security warnings. Office Outlook 2007 has several features to help users avoid receiving junk e-mail messages. Office Outlook 2007 includes a Junk E-mail Filter for users that replaces the rules used in previous versions of Outlook to filter mail. Messages caught by the filter are moved to the Junk E- mail folder, where they can be viewed or deleted later. Office Outlook 2007 includes a new Postmarking feature that can help the Junk E-mail filter determine valid e-mail messages. Junk e-mail senders can include a Web beacon in HTML e-mail messages that includes external content. When users open or view the e-mail, their e-mail address is verified as valid. This increases the likelihood that they will receive more junk e-mail messages. Office Outlook 2007 reduces the likelihood that users will become targets for future junk e-mail by blocking automatic picture-downloads from external servers by default. Office Outlook 2007 helps protect against issues created by phishing e-mail messages and deceptive domain names. By default, Outlook screens phishing e-mail messages—e-mail that appears to be legitimate but is designed to capture personal information, such as a user's bank account number and password. Outlook also helps prevent e-mail messages from deceptive users by warning about suspicious domain names in e-mail addresses. Office Outlook 2007 supports Internationalized Domain Names (IDN) in e-mail addresses, which allows people to register and use domain names in their native languages instead of online English. IDN support allows phishers to send homograph attacks: a situation in which a look-alike domain name is
96 created using alphabet characters from different languages, not just English, with the intention of deceiving users into thinking they are visiting a legitimate Web site.
Configuring cryptographic features Outlook provides cryptographic features for sending and receiving security-enhanced e-mail messages over the Internet or local intranet. You can customize features in an Office Outlook 2007 deployment to set cryptographic options that are appropriate for your organization. You can also implement additional features to help enhance security in e-mail messaging. For example, you can provide security labels that match your organization's security policy. An Internal Use Only label might be implemented as a security label to apply to mail messages that should not be sent or forwarded outside your company.
Restricting permission on e-mail messages Information Rights Management (IRM) helps users prevent sensitive e-mail messages and other 2007 Office system content, such as documents and worksheets, from being forwarded, edited, or copied by unauthorized people. In Office Outlook 2007, users can use IRM to mark e-mail messages with Do not forward, which automatically restricts permission for recipients to forward, print, or copy the message. In addition, you can define customized Office-wide IRM permission policies for your organization's needs and deploy the new permission policies for users to use with e-mail messages or other Office documents.
Outlook 2007 and e-mail protocols and servers Office Outlook 2007 can be used with a wide variety of e-mail servers and services. The primary e-mail servers and services supported by Outlook include: Simple Mail Transfer Protocol (SMTP) Post Office Protocol version 3 (POP3) Internet Mail Access Protocol version 4 (IMAP4) Messaging Application Programming Interface (MAPI) for Microsoft Exchange Server (version 2000 and later) MSN/Hotmail DAV/HTTP Protocol Other messaging and information sources, including Hewlett-Packard OpenMail and Banyan Intelligent Messaging. Use of these additional service providers is made possible by the way that Office Outlook 2007 uses the MAPI extensibility interface.
Note The Microsoft Office Outlook Connector for IBM Lotus Domino replaces the Microsoft Outlook 2002 Connector. The current version of the Outlook Connector does not work with Microsoft Office Outlook 2007 because of changes in the application programming interfaces (APIs) in Outlook. Microsoft continually evaluates customer requests for the Outlook Connector, but there is no planned release for an updated tool at this time.
97 Users can use Office Outlook 2007 without an e-mail server to use the Contacts, Tasks, and Calendar features in a stand-alone configuration.
See Also Office Customization Tool in the 2007 Office system Install Outlook 2007 by using the Office Customization Tool Determine when to install Outlook 2007 Plan an upgrade to Outlook 2007 Configuring Really Simple Syndication (RSS) in Outlook 2007 Plan for configuring security settings in Outlook 2007 Plan for e-mail messaging cryptography
98 Determine when to install Outlook 2007
You can install Microsoft Office Outlook 2007 before, with, or after an installation of other applications in the 2007 Microsoft Office system. You can also deploy Office Outlook 2007 to different groups of users at different times. Each installation strategy has requirements, advantages, and disadvantages.
Note Installing Office Outlook 2007 without the 2007 Office system limits Office Outlook 2007 functionality in the following ways: 1) The Office Outlook 2007 e-mail editor has fewer features, and 2) Internet Fax functionality is not available. For details about how functionality is limited, see Impact of deploying Outlook 2007 without Word 2007.
Installing Outlook with Office You can install Office Outlook 2007 as part of your overall upgrade to the 2007 Office system. Office Outlook 2007 is included in most editions of the Microsoft Office System of products. Install Office Outlook 2007 with the 2007 Office system to eliminate the extra steps involved in creating separate application deployments.
Installing Outlook before Office You might install Office Outlook 2007 in the following scenarios before you deploy other applications in the 2007 Office system: To test custom solutions that rely on previous versions of Office applications (such as Microsoft Word 2003 or Microsoft Excel 2003) before you install the current version. When your messaging support group has the resources to install Office Outlook 2007 now, but the desktop applications support group must install the rest of Office later.
Note Office Outlook 2007 cannot coexist with previous versions of Outlook. If users or tools require a previous version, do not install Office Outlook 2007. To install Office Outlook 2007 before you install the 2007 Office system: Customize Office Setup to install only Office Outlook 2007 from a network installation point. Later, create or update a Setup customization file with the Office Customization Tool (OCT) that installs 2007 Office system from the same network installation point. For details about installing 2007 Office system applications in stages, see Stage deployment of applications in the 2007 Office system.
99 Advantages of installing Outlook before Office If you deploy Office Outlook 2007 promptly, users can begin to use new features without waiting for testing or technical support to become available for a complete upgrade.
Disadvantages of installing Outlook before Office Installing Office Outlook 2007 before you install the rest of the 2007 Office system has several disadvantages: When you deploy the other 2007 Office system applications later, you must customize the installation process to preserve your original Office Outlook 2007 settings. The Office Outlook 2007 editor has reduced functionality unless Office Word 2007 has also been installed. When you use the same network installation point for Office Outlook 2007 and the 2007 Office system, you must take extra steps to modify the installation options.
Installing Outlook after Office You can wait to install Office Outlook 2007 until after you have installed the 2007 Office system. If any of the following scenarios describe your organization, you might consider delaying your deployment of Office Outlook 2007: You plan to coordinate your Office Outlook 2007 deployment with a future upgrade of Microsoft Exchange Server. You want to convert Lotus Notes to a Microsoft Exchange Server solution before you upgrade to Office Outlook 2007. Your desktop support group has the resources to upgrade to the 2007 Office system now, but the messaging support group must wait to deploy Office Outlook 2007. To install Office Outlook 2007 after you have installed the 2007 Office system: Customize Office Setup to install only Office Outlook 2007 from a network installation point. Later, create or update a Setup customization file with the OCT that installs 2007 Office system from the same network installation point. For details about installing 2007 Office system applications in stages, see Stage deployment of applications in the 2007 Office system.
Advantages of installing Outlook after Office In many organizations, it makes sense to coordinate an Office Outlook 2007 deployment with an upgrade of a mail server, rather than with an upgrade of other desktop applications. For example, if you plan to upgrade to a new version of Microsoft Exchange Server, you might plan an Office Outlook 2007 upgrade to follow immediately afterward—independently from an upgrade of other 2007 Office system applications—to take advantage of features that work together between the e-mail server and client.
100 Disadvantages of installing Outlook after Office When you install Office without Office Outlook 2007, you must use the Office Customization Tool to customize Setup. This ensures that previous versions of Outlook are not removed from users' computers. Regardless of when or how you install Office Outlook 2007 separately from the 2007 Office system, you must perform extra steps to manage customizations to the installation process.
Staging an Outlook deployment Some groups in your organization might be ready to immediately upgrade to Office Outlook 2007, while other groups might need more time. The following situations might warrant a staged deployment of Office Outlook 2007: Your normal policy is to stage upgrades to help ensure a smooth rollout of new software throughout your organization. You have remote systems support groups (for example, in regional sales offices) that require autonomy in scheduling upgrades for their areas. Some groups want to wait until after a project deadline before making changes to their local computers. You have limited resources for staging and upgrading systems throughout your organization.
Advantages of staging a deployment Staging your Office Outlook 2007 deployment gives you more flexibility in managing your upgrading resources. In addition, pilot users immediately become familiar with the new features and productivity enhancements of Office Outlook 2007. In most scenarios, there are no significant technical problems when users work with different versions of Outlook. Office Outlook 2007 users can communicate seamlessly with users of Outlook 2003 and Office 2003. However, if users have set up delegate access in Outlook, the person granting delegate permission and the delegate should use the same version of Outlook.
Disadvantages of staging a deployment You must consider the logistics of scheduling and managing a staged deployment. Your organization might require extra resources to support users on different versions of the same product; for example, you might need additional help desk staff training. For details about installing 2007 Office system applications in stages, see Stage deployment of applications in the 2007 Office system.
101 Install Outlook 2007 by using the Office Customization Tool
The Office Customization Tool (OCT) helps you configure how Microsoft Office Outlook 2007 is installed on users' computers. This tool enables you to include custom settings and Outlook profile configurations in a Setup customization file that is applied when Office Outlook 2007 is installed from a network installation point.
Customizing Outlook by using the Office Customization Tool You can use the OCT to customize the following aspects of your installation of a network installation point for Office Outlook 2007: Specify installation states for Outlook features Specify Outlook user settings Customize profiles and (optionally) export profile settings to a PRF file Configure Send/Receive settings for Microsoft Exchange accounts After your initial installation, you also use the OCT to modify and deploy updates to customizations.
Specifying installation states for Outlook features You use the Set Feature Installation States page in the OCT to specify how and when Office Outlook 2007 features are installed. For example, for the feature Microsoft Outlook for Windows, you might set the installation state to Run all from My Computer. In this case, all Office Outlook 2007 features are installed on the user's computer. Or you might set some features to install locally with Run from My Computer, and others to install when the user first gains access to the feature with Installed on First Use. Another common option, Not Available, Hidden, Locked, sets some features to not install and to not appear in the feature tree if users change the installation state of the parent feature.
Specifying Outlook user settings There are three ways to use the OCT to customize Outlook user settings for your installation: Use the Modify user settings page in the OCT to customize Outlook user settings. This option might be more time-consuming than using the User State Migration Tool, especially if you have a large number of user settings. Use Group Policy to specify settings to enforce. Typically, if you use the OCT to define a default setting for options, you can also use Group Policy to lock down those options.
102 Customizing Outlook profiles Using the OCT, you can create Outlook profiles and modify the settings in existing Outlook profiles. For example, you can keep all existing Outlook user profiles and specify a default configuration for new profiles. Your options for configuring profiles include: Specifying Exchange server connections Defining account information, such as adding POP3 or LDAP accounts Saving the configuration in an Office Outlook 2007 profile file (PRF file) For more information about how to customize Outlook profiles, see the Outlook profile section of the Office Customization Tool reference.
Configure Outlook Send/Receive settings You can also use the OCT to define Outlook Send/Receive settings. A Send/Receive group contains a collection of Outlook accounts and folders. You specify the tasks that are performed on each group during a Send/Receive in Outlook. You also specify different options for Send/Receive groups when Outlook is online and offline. For more information about how to customize Send/Receive settings, see the Specify Send/Receive groups section of the Office Customization Tool reference.
See Also Office Customization Tool in the 2007 Office system Customize Outlook 2007 profiles with an Outlook Profile (PRF) file
103 Plan an upgrade to Outlook 2007
Microsoft Office Outlook 2007 is compatible with earlier versions of Outlook. Upgrading typically involves no more than customizing settings and then deploying Outlook on users' computers.
Note This topic is for Outlook administrators. If you are experiencing difficulty upgrading Outlook on your computer, see Upgrade Your Installation in the Microsoft Office Outlook 2007Help and Support page on Office Online. This topic discusses the following items: Issues to consider when planning an upgrade, including planning for cryptographic and security needs, Microsoft Exchange Server upgrades, and so on. Upgrading from an earlier version of Outlook, including configuring Outlook user profiles, upgrading with Cached Exchange Mode already configured, upgrading from an Outlook Internet- only (IMO) installation, choosing fax support, and supporting forms. Upgrading from other mail and scheduling programs, including a table listing migration paths supported by Office Outlook 2007.
Note You cannot import MS Mail files to Office Outlook 2007, and you cannot share information between Office Outlook 2007 and Schedule+.
Issues to consider when planning an upgrade To prepare for an upgrade, you must decide on the following issues: Which cryptographic and security settings do you want your users to have? For more information, see Plan for e-mail messaging cryptography and Set consistent Outlook 2007 cryptography options for an organization. If you use Microsoft Exchange 2000 as your messaging server, should you upgrade to Exchange 2003 or Exchange 2007 before deploying Office Outlook 2007? For more information, see How Outlook 2007 works with different Exchange Server versions. Should you upgrade all users in your organization at once or in stages? If you plan to upgrade in stages, keep in mind that Outlook users might need to exchange e-mail messages and scheduling data with users of other Microsoft e-mail and calendar applications, which can complicate support issues. If you plan to install the 2007 Microsoft Office system, should you upgrade to Office Outlook 2007 at the same time, or later? If users upgrade to Office Outlook 2007 before upgrading to other Office applications, their e-mail editor will have limited functionality. For more information about staging your Outlook deployment (by upgrading groups of users in stages, or by separating the Office Outlook 2007 installation from the Office installation), see Determine when to install Outlook 2007.
104 Should you make changes to Outlook user profiles as part of your upgrade? For example, you might define a new Exchange server or enable new features of Office Outlook 2007. For more information about customizing Outlook profiles, see Install Outlook 2007 by using the Office Customization Tool and Apply an Outlook Profile (PRF) File to configure Outlook 2007 profiles. Does your organization use fax features or Outlook forms from earlier version of Outlook? For more information, see Upgrading from an earlier version of Outlook later in this topic. How should you create and store a backup of your existing installation? Before upgrading to any new release, it is wise to back up your existing data. For more information about backing up Outlook files, see Back up Outlook data with the Microsoft Outlook Personal Folders Backup tool. How will your users learn about the new interface and features of 2007 Office system? To help them get started, you might direct them to Office Online demos such as The new Microsoft Office user interface demo which allows users to try the new interface interactively. Another helpful resource for transitioning to the ribbon user interface is Interactive: Word 2003 to Word 2007 command reference guide. (Guides are also available for Microsoft Office Excel 2007 and Microsoft Office PowerPoint 2007.) Will any discontinued features or changed functionality affect when and how you upgrade? For a list of changes from earlier versions of Microsoft Outlook, see Discontinued features and modified functionality in Outlook 2007. A more technical discussion of changed functionality is included in Changes in Outlook 2007.
Upgrading from an earlier version of Outlook You can install Office Outlook 2007 over any previous installation of Outlook. As in other 2007 Office system applications, user settings stored in the registry are migrated. If a MAPI profile already exists on a user's computer, you typically can configure your deployment to continue to use the profile. However, if you are upgrading from an Internet Mail Only (IMO) installation of Outlook 2000 or earlier, you might need to re-create user profiles.
Note Office Outlook 2007 cannot coexist with previous versions of Outlook on the same computer. If you determine that users need a previous version, do not install Office Outlook 2007. When you upgrade users from an earlier version of Outlook, you must make choices about configuring user profiles, consider Cached Exchange Mode issues, and be aware of fax and forms changes.
Configuring user profiles in Office Outlook 2007 You can configure e-mail services by using the Office Customization Tool and then saving your customizations in a Setup customization file. For example, you can define Microsoft Exchange Server connections, add POP3 accounts, or specify other e-mail support.
105 When you create a customization file for Outlook, you have several choices for retaining, creating, or modifying user profiles. For example, you can create new default profiles for new Outlook users and keep existing profiles for current Outlook users. You can modify Outlook user profiles during an upgrade to configure a number of user options and other features for your users, including defining default categories and default calendar subscriptions and Really Simple Syndication (RSS) feeds. You can modify the default profile on the user’s computer or define changes to profiles with a name you specify. For more information about configuring Outlook profiles, see Install Outlook 2007 by using the Office Customization Tool.
Upgrading with Cached Exchange Mode enabled Cached Exchange Mode is an Outlook feature that can help to provide an improved experience for users who work offline or who experience a slow or unavailable connection to the Microsoft Exchange server. Cached Exchange Mode works by downloading copies of users' Exchange mailboxes to a local file – the user's Offline Folder (OST) file. If users have large Exchange mailboxes and have OST files already configured for Outlook, and you do not already have Cached Exchange Mode enabled in your current version, you might need to take steps to help avoid errors when those users upgrade to Office Outlook 2007 with Cached Exchange Mode enabled. When Cached Exchange Mode is deployed or enabled for users without an existing OST file, Outlook creates a new OST file. Office Outlook 2007 (and Outlook 2003) OST files are Unicode (by default) and do not have a 2-gigabyte (GB) storage limit, unlike Outlook files created with Outlook 2002 or earlier. This means that large Exchange mailboxes can typically be successfully downloaded into an Office Outlook 2007 or Outlook 2003 OST file. However, when Outlook — in Cached Exchange Mode — tries to synchronize Exchange mailboxes for users with existing OST files from versions earlier than Outlook 2003, it might be difficult to update the OST. For help with this issue, see Plan a Cached Exchange Mode deployment in Outlook 2007.
Upgrading from Outlook 2000 IMO When you upgrade users to Office Outlook 2007 from an Internet Mail Only (IMO) installation of an earlier version of Outlook, you might need to re-create some Outlook user profiles. Users might also encounter the following issues; a work-around is provided when available.
Address book might need to be imported manually After you upgrade users from Outlook 2000 IMO to Office Outlook 2007, members of Microsoft Windows Address Book distribution lists in their Outlook 2000 Address Book might be absent from Office Outlook 2007. To work around this behavior, manually import the Windows Address Book data.
106 To manually import Windows Address Book data 1. On the File menu in Office Outlook 2007, click Import and Export. 2. Click Import Internet Mail and Addresses, and then click Next. 3. Click Outlook Express 4.x, 5.x, 6.x, and then click Next. 4. Choose how you want to handle entries that would duplicate any current Outlook contacts, and then click Finish.
Rules might not work properly After users upgrade to Office Outlook 2007 from Outlook 2000 IMO with multiple POP accounts, rules that are based on the through the specified account option might not function. To work around this problem, re-create the rules in Office Outlook 2007.
To create a rule for POP accounts in 2nd_Outlook12 1. On the Tools menu in Office Outlook 2007, click Rules and Alerts. 2. Click New Rule. 3. Click Start from a blank rule, and then click Next. 4. Under Which condition(s) do you want to check?, select the through the specified account check box, and then click the underlined value to enter the specified POP account. 5. Click Next. 6. Under What do you want to do with the message?, click Move it to the specified folder, and then click the underlined value to enter the specified folder. 7. Click Next. 8. Click Next. 9. Click Finish.
Error for unsupported fax software might not appear When you upgrade users from Outlook 2000 in IMO mode with the Symantec Winfax Starter Edition installed and configured to Office Outlook 2007 , the following error message should appear but might not: Setup has detected that you have one or more of the following features installed: - cc:Mail - Microsoft Mail - Net Folders - Microsoft Fax - WinFax Starter Edition (SE) These features are no longer supported in Outlook. If you continue the upgrade, you will no longer be able to use them. Would you like to continue the upgrade to Outlook? This error message should appear, and Symantec Winfax Starter Edition should be included as one of the features that is no longer supported.
Choosing fax support in Office Outlook 2007 Integrated fax support is not provided in Office Outlook 2007. However, you can use third-party MAPI fax providers or Microsoft Windows fax support.
107 WinFax — an earlier faxing program that was integrated with Outlook — is uninstalled by Office Outlook 2007. If the viewer is currently on a user's computer, it is uninstalled as part of the upgrade process.
Supporting forms in Office Outlook 2007 If you have custom solutions that depend on Electronic Forms Designer, note that Electronic Forms Designer is not supported in Office Outlook 2007.
Upgrading from other mail and scheduling programs You can upgrade to Office Outlook 2007 from other e-mail and scheduling programs. The process can be simplified with the use of the import feature in Outlook. The following table lists migration paths supported by Office Outlook 2007.
Software program Version
Outlook Express 4.x, 5.x, 6.x
Eudora Pro, Eudora Light 2.x, 3.x, 4.x, 5.x
Note You cannot import MS Mail files to Office Outlook 2007, and you cannot share information between Office Outlook 2007 and Schedule+.
See Also Determine when to install Outlook 2007
108 How Outlook 2007 works with different Exchange Server versions
Microsoft Office Outlook 2007 works well with a variety of e-mail servers, and you can take advantage of an even richer feature set by using Outlook with the latest version of Microsoft Exchange Server. Features of Office Outlook 2007 that work better with Microsoft Exchange 2007 include scheduling meetings, Offline Address Book (OAB) downloads, automatic configuration of Exchange server accounts, and enhanced Out of Office functionality. In addition, some features of Office Outlook 2007 require or work better with Microsoft Exchange Server 2003 or later.
Note Using Office Outlook 2007 with Microsoft Exchange Server 5.5 is not supported.
Features supported with Exchange Server 2007 and Exchange Server 2003 The following table shows how Office Outlook 2007 features are supported by different versions of Exchange Server.
Office Outlook 2007 feature Exchange Exchange 2007 Server 2003
Instant Search X
Exchange Server on which the user's mailbox resides is automatically X X (see note found. below)
Outlook Anywhere (RPC over HTTP) connections are automatically X configured.
Exchange Server settings are automatically detected over the Internet. X
Exchange servers are automatically found in multi-forest environments. X
Exchange servers can share information across forests. X
Cross-forest mailbox moves do not require extra administrator steps. X
Free/Busy information is always up-to-date for users with Exchange X 2007 Availability service.
Tentative calendar booking is managed on the Exchange Server. Users X do not need to run Outlook for others to see their Free/Busy status.
Scheduling Assistant helps users choose the most convenient times for X meetings, including easy checking for conference room availability.
109 Office Outlook 2007 feature Exchange Exchange 2007 Server 2003
Public Folder replication on the server is not required to schedule X meetings across forests.
Out of Office improvements: separate internal/external Out of Office X messages, external replies can be limited to Contacts folder entries, HTML formatting for reply messages, scheduling Out of Office replies during a specified time period only.
Support for Offline Address Book (OAB) Version 4 enhances OAB X download support, including HTTP download distribution points that do not require Public Folders, interrupted downloads restart where they were interrupted (instead of at the beginning), trickle download to help with low bandwidth scenarios.
Other OAB V4 features, including client-side indexes for sorting OAB X for multilingual scenarios when the user's computer and Exchange Server use different languages, more efficient, client-side search index, smaller file for full OAB download, incremental Update Downloads using more efficient, smaller binary updates.
Support for Yomi names in OAB. X
Address Book can be searched hierarchically and by name. X
Partial item downloads in Cached Exchange Mode are more efficient. X This helps with synchronizing in multiple client scenarios, including Outlook Web Access.
If a user's mailbox is full in Cached Exchange, Outlook no longer X generates non-delivery reports (NDRs) when you are sending. Instead, the user receives an error message that the mailbox is full, and the messages stay in the Outbox until the user resolve the quota issue. (Requires Exchange Server 2003 SP2 and later.)
Shared calendars/PIM data is cached for offline access. X X
Connection Sharing to reduce the number of open connections against X X the server.
Scenarios that previously caused synchronizations to fail are now X X managed so synchronization can continue.
Updates are check-pointed. If a download of new information is X X interrupted—for example, by a connection failure—Outlook can resume the update at the point where the failure occurred, instead of starting over from the beginning.
110 Note For Exchange Server 2003 and earlier versions of Exchange, the server can be found automatically only if the client machine is joined to a domain and the Exchange server topology is installed within the same Active Directory organization as the user object.
Features supported only with Exchange Server 2003 or later Using Office Outlook 2007 with an Exchange Server 2003 or later messaging server has a number of advantages. For example, the following Outlook features, which were introduced in Microsoft Outlook 2003 and are also available in Office Outlook 2007, work only with Exchange Server 2003 or later. Cached Exchange Mode using Download Headers Cached Exchange Mode automatically downloads only headers when the user's operating system perceives that the user's connection mode is slow. Cached Exchange Mode using Download Headers and then Full Items With this option, all item headers are downloaded first, followed by item bodies and other detailed information. Users can click item headers to immediately see specific items (headers, item bodies, and attachments). Outlook Anywhere (RPC over HTTP) connection support You can configure user accounts to connect to an Exchange server over the Internet. This feature enables users to use the Office Outlook 2007 client for security-enhanced access to their Exchange Server accounts when they are traveling or are working outside their organization's firewall. Kerberos authentication Outlook can use Kerberos authentication with Exchange Server 2003. The Kerberos network security protocol uses cryptography to help provide mutual authentication for a network connection between a client and a server, or between two servers. Performance tracking support Office Outlook 2007 provides information about client processing that Exchange can use to help locate networking or server issues. For more information, see Exchange Server 2003 documentation.
Enhancements that work better with Exchange Server 2003 or later Exchange Server 2003 and later versions of Exchange Server provide support for certain Outlook features, and Office Outlook 2007 works better with Exchange Server 2003 or later in several ways for other features. Several of these features were introduced in Outlook 2003—most notably for synchronization processing, user synchronization status reports, and junk e-mail filtering. Instant Search and automatic Exchange server discoverability are new in Office Outlook 2007. Synchronization processing between Outlook and Exchange is enhanced in a number of ways, starting in Outlook 2003. For example, data exchanged between the Outlook client and Exchange Server 2003 servers is compressed, and the data buffer size is larger. In addition, the buffers are
111 packed, so more compressed data is included in each buffer. With these features, more data can be transferred with fewer server calls. This is especially beneficial when users are synchronizing across networks that charge by the byte of data that is transmitted. When large information sets are downloaded—for example, when users update their mailboxes after they have been on vacation—cost can be significantly lowered and the transaction can be shortened with these improvements. Another feature that users will notice is better status information about Cached Exchange Mode synchronization. With Exchange Server 2003 or later, the Outlook status bar shows detailed information about synchronization, such as: How many bytes have not been downloaded for the current folder How many items have not been downloaded in the current folder Approximately how long it will be until the current folder is synchronized Folder status, such as Up to Date and Last updated at date and time. When it is used with Exchange Server 2003 or later, the Headers Only mode in Outlook provides a 256-byte plain text preview that includes part of the message body, rather than showing just the message header information. This message preview can help remote users to make better decisions about whether to download a whole message—which, for example, might include a large attachment. Using Outlook with Exchange Server 2003 or later also helps to provide a better experience for users in filtering junk e-mail messages. The Junk E-mail Filter in Outlook provides some support for Outlook users with Cached Exchange Mode on versions of Exchange Server earlier than Exchange Server 2003. The experience is much improved with Exchange Server 2003 or later. To learn more about how Outlook junk e-mail filtering is supported with different versions of Exchange Server, see Configure junk e-mail settings in Outlook 2007. Several features that are new in Office Outlook 2007 also work better with Exchange 2007. Instant Search works better with Exchange 2007 when you use Outlook in Online mode with a mailbox server, because Outlook can use the index on Exchange Server 2007 for searching. To enable Instant Search when you use Outlook with earlier versions of Exchange, you must configure Outlook to index user mailboxes for each Exchange client. This extra step is required because indexing in Outlook on the user's computer cannot be fully optimized, unlike the server indexing service that is implemented for Exchange Server 2007. If users are configured to use Cached Exchange Mode, Office Outlook 2007 indexes the search locally, regardless of the Exchange server version. In addition, Office Outlook 2007 automatically detects the user's Exchange server with Exchange Server 2007. Automatic detection is also enabled under the following circumstances for earlier versions of Exchange: when the user's computer is joined to a domain and when Exchange is in the same domain as the user account.
Note You can configure Microsoft Exchange Server settings for Outlook profiles as part of your Office Outlook 2007 deployment. For more information about using the Office Customization Tool to customize Outlook profiles, see Specify Exchange settings in Office Customization Tool in the 2007 Office system.
112 Additional resources Additional information regarding how Outlook and Exchange versions work together is listed below. Office Outlook 2007 includes the ability to automatically configure user accounts. To learn how the discovery mechanisms work and how to modify an XML file to configure AutoDiscover for your organization, download the Outlook Automatic Account Configuration whitepaper. For a description of how Office Outlook 2007 and Exchange 2007 features work together to provide a better experience for users, see Better together: do more with Microsoft Office Outlook 2007 and Exchange Server 2007. For a chart comparing features in Exchange Server 2007, Exchange Server 2003, and Exchange Server 2000, see Exchange Server Version Comparison. To learn more about Offline Address Book (OAB) Version 4, see OAB Version 4 in Exchange Server 2003 Service Pack 2.
113 Plan a Cached Exchange Mode deployment in Outlook 2007
When Microsoft Office Outlook 2007 is configured for Cached Exchange Mode, the user can enjoy a better online and offline experience because a copy of the user's mailbox is stored on the local computer. When an Office Outlook 2007 account is configured to use Cached Exchange Mode, Office Outlook 2007 works from a local copy of a user's Exchange mailbox stored in an Offline Folder file (OST file) on the user's computer, along with the Offline Address Book (OAB). The cached mailbox and OAB are updated periodically from the Exchange server. Consider the following when you plan an Office Outlook 2007 deployment: Benefits of configuring Cached Exchange Mode Features your organization uses that might impact the effectiveness of using Cached Exchange Mode Synchronization, disk space, and performance issues Management of Cached Exchange Mode in slow connection scenarios Staging an initial Cached Exchange Mode deployment Upgrading current Cached Exchange Mode users to Office Outlook 2007 Deploying Cached Exchange Mode to users who already have OST files Using Group Policy to enforce Cached Exchange Mode settings Additional resources
How Cached Exchange Mode can help improve the Outlook user experience The primary benefits of using Cached Exchange Mode are the following: Shielding the user from network and server connection issues Facilitating switching from online to offline for mobile users By caching the user's mailbox and the OAB locally, Outlook no longer depends on on-going network connectivity for access to user information. In addition, users' mailboxes are kept current. If a user disconnects from the network—for example, by removing a laptop from a docking station —the latest information is automatically available offline. In addition to using local copies of mailboxes to improve the user experience, Cached Exchange Mode optimizes the type and amount of data sent over a connection with the server. For example, if On Slow Connections Download Headers Only is configured, Outlook changes the type and amount of data sent over the connection.
114 Note Outlook checks the network adapter speed on the user's computer to determine a user's connection speed, as supplied by the operating system. Reported network adapter speeds of 128 KB or lower are defined as slow connections. There might be circumstances when the network adapter speed does not accurately reflect data throughput for users. For more information about adjusting the behavior of Outlook in these scenarios, see the section Managing Outlook behavior for perceived slow connections later in this topic. Outlook can adapt to changing connection environments by offering different levels of optimization, such as disconnecting from a corporate local area network (LAN), going offline, and then reestablishing a connection to the server via a slower dial-up connection. As your Exchange server connection type changes—for example, to LAN, wireless, cellular, or offline—transitions are seamless and never require changing settings or restarting Outlook. For example, users might have a laptop computer at work with a network cable connection to a corporate LAN. In this scenario, users have access to headers and full items, including attachments. Users also have quick access and updates to the computer running Exchange Server. If users disconnect their laptops from the LAN, Outlook switches to Trying to connect mode. Users can continue to work uninterrupted with their data in Outlook. If they have wireless access, Outlook can reestablish a connection to the server and then switch back to Connected mode. If the users later connect to the Exchange server by using dial-up access, Outlook recognizes that the connection is slow and automatically optimizes for that connection by downloading only headers and by not updating the Offline Address Book. In addition, Office Outlook 2007 includes optimizations to reduce the amount of data sent over the connection. Users do not need to change settings or restart Outlook during this scenario. In addition to the Outlook 2003 Trying to connect and Connected modes, a new mode, Need Password, is introduced in Office Outlook 2007. The mode displays when Outlook is in a disconnected state but is not offline. This can happen, for example, when a user clicks Cancel in a credentials authentication dialog box. When Outlook is disconnected but is not offline, a user- initiated action (such as clicking Send/Receive) causes Outlook to prompt again for the password and to display Connected mode, even though Outlook is disconnected and is waiting for a password.
Outlook features that can reduce the effectiveness of Cached Exchange Mode Some Outlook features reduce the effectiveness of Cached Exchange Mode because they require network access or bypass Cached Exchange Mode functionality. The primary benefit of using Cached Exchange Mode is that the user is shielded from network and server connection issues. Features that rely on network access can cause delays in Outlook responsiveness that users would not otherwise experience when they use Cached Exchange Mode. Some Outlook features can require network access to retrieve information, such as looking up free/busy information. This can cause a delayed response, even when users have fast
115 connections to Exchange data. The delays can occur unpredictably, rather than only when the feature is accessed by the user. In addition, the following features might rely on network access and can cause delays in Outlook unless users have fast connections to Exchange data: Delegate access, when folders are not cached locally (local cache is the default) Opening another user's calendar or folder that are not cached locally (local cache is the default) Using a public folder that is not cached See Managing Outlook folder sharing in Synchronization, disk space, and performance considerations later in this topic. In Office Outlook 2007, shared folders that users access in other mailboxes are downloaded and cached in the user's local OST file when Cached Exchange Mode is enabled. Only shared Mail folders are not cached. For example, if a co-worker shares a calendar with a user and the user opens it, Office Outlook 2007 starts caching the folder locally so that the user has offline access to the folder and is insulated from network issues. However, if a manager delegates access to his or her Inbox to a team member, accessing the folder is an online task and can cause response delays. We recommend that you disable or do not implement the following features, or combination of features, if you deploy Cached Exchange Mode: Instant Messaging integration If users right-click the Person Names Smart Tag in an e-mail message header, Outlook checks for free/busy status for that person. You can use Group Policy to disable Instant Messaging integration. For more information, see Configuring Instant Messaging integration options in Outlook 2007. The toast alert feature with digital signatures on e-mail messages Outlook must check a network server to verify a digital signature. By default, Outlook displays a toast message that contains a portion of an e-mail message when new messages arrive in a user's Inbox. If the user clicks the toast message to open a signed e-mail message, Outlook uses network access to check for a valid signature on the message. Multiple Address Book containers The Address Book typically contains the Global Address List (GAL) and user Contacts folders. Some organizations configure subsets of the GAL, which display in the Address Book. These subset address books can also be included in the list that defines the search order for address books. If subset address books are included in the search order list, Outlook might need to access the network to check these address books each time a name is resolved in an e-mail message that a user is composing. Custom properties on the General tab in Properties dialog box for users The Properties dialog box appears when you double-click a user name (for example, on the To line of an e-mail message). This dialog box can be configured to include custom properties unique to an organization, such as a user's cost center. If you add properties to this dialog box, however, we recommend that you not add them to the General tab. Outlook must make a remote procedure call (RPC) to the server to retrieve custom properties. Because the General tab shows by default when the Properties dialog box is accessed, an RPC would be performed each time the user accessed the Properties dialog box. As a result, a user running Outlook in Cached Exchange Mode might experience noticeable delays when he or
116 she accesses this dialog box. To help avoid such delays, you should create a new tab on the Properties dialog box for custom properties, or include custom properties on the Phone/Notes tab. Installing certain Outlook add-ins can affect Cached Exchange Mode. Some add-ins can access Outlook data by using the object model to bypass the expected functionality of Headers Mode (Download Headers Only) in Cached Exchange Mode. For example, full Outlook items—not just headers—download if you use Microsoft ActiveSync technology to synchronize a hand-held computer, even over a slow connection. In addition, the update process is slower than if you download the items in Outlook, because one-off applications use a less-efficient type of synchronization.
Synchronization, disk space, and performance considerations There are a number of issues to consider when you deploy Cached Exchange Mode. The way Cached Exchange Mode works to maintain a current local copy of a user's Exchange mailbox and other information can affect other Outlook features and behavior. In some cases, you can improve how Cached Exchange Mode works with other Outlook features for your whole organization or for a group of users (for example, users who work remotely).
Send/Receive synchronization considerations Cached Exchange Mode works independently of existing Outlook Send/Receive actions to synchronize users' OST and OAB files with Exchange Server data. Send/Receive settings update users' Outlook data in the same way they did in earlier versions of Outlook. Users who synchronize Outlook data by pressing F9 or clicking Send/Receive might not realize that manual synchronization is no longer necessary. In fact, network traffic and server usage can be affected if users repeatedly execute Send/Receive requests to Exchange Server. To minimize the effects, inform users that manual Send/Receive actions are unnecessary in Cached Exchange Mode. This might be especially helpful for remote users who typically used Outlook in offline mode with earlier Outlook versions and used Send/Receive to synchronize their data or just before they disconnected from the network. This type of data synchronization now occurs automatically with Cached Exchange Mode. Another way to manage the issue is to disable the Send/Receive option for users. However, sometimes this can create problems for users, such as when you upgrade current Outlook users with POP accounts and existing customized Send/Receive groups to Office Outlook 2007. In this situation, disabling the Send/Receive option means users cannot download POP e-mail messages.
Offline Address Book considerations Cached Exchange Mode allows Outlook to access the local Offline Address Book (OAB) for user information, instead of requesting the data from Exchange Server. Local access to user data greatly reduces the need for Outlook to make remote procedure calls (RPCs) to Exchange, and shields the user from much of the network access required in Exchange online mode or in previous versions of Outlook.
117 After users have a current OAB installed on their computers, only incremental updates to the OAB are needed to help protect against unnecessary server calls. Outlook in Cached Exchange Mode synchronizes the user's OAB with updates from the Exchange Server copy of the OAB every 24 hours. You can help control how often users download OAB updates by limiting how often you update the Exchange Server copy of the OAB. If there is no new data to synchronize when Outlook checks, the user's OAB is not updated.
Note Although users with a No Details OAB can use Outlook with Cached Exchange Mode, we recommend that you install a Full Details OAB on users' computers. We also recommend that users use the Unicode OAB. The ANSI OAB files do not include some properties that are in the Unicode OAB files. Outlook must make server calls to retrieve required user properties that are not available in the local OAB, which can result in significant network access time when users do not have a Full Details OAB in Unicode format.
Offline File Folders (OSTs) considerations When you deploy Cached Exchange Mode for Outlook, be aware that users' OST files can increase 50 to 80 percent over the size of the mailbox reported in Exchange Server. The format Outlook uses to store data locally for Cached Exchange Mode is less efficient than the server data file format. This results in the use of more disk space when mailboxes are downloaded to provide a local copy for Cached Exchange Mode. When Cached Exchange Mode first creates a local copy of a user's mailbox, the user's current OST file, if one exists, is updated. When users have relatively small mailboxes—for example, less than 500 megabytes (MB) of Exchange Server data—this works fine. However, ensure that users with larger mailboxes have Unicode-formatted OST files before you deploy Cached Exchange Mode. Unicode is an Outlook file format that was first provided in Outlook 2003. Unicode OST files can store up to 20 gigabytes (GB) of data, instead of the limit of 2 GB on non-Unicode (ANSI) Outlook files. By creating Unicode OST files, you can help to avoid error messages for users. Error messages result when Outlook runs out of OST file space when it attempts to create a local copy of the user's mailbox for Cached Exchange Mode. Outlook with Cached Exchange Mode also works better when there is plenty of free space in the user's OST file; for example, when only 5 to 10 percent of a 20 GB OST file is used. Also be sure that users' OST files are located in a folder with sufficient disk space to accommodate users' mailboxes. For example, if users' hard drives are partitioned to use a smaller drive for system programs (the system drive is the default location for the folder that contains the OST file), specify a folder on another drive with more disk space as the location of users' OST files. For more information about deploying OST files in a location other than the default location, see "To configure a default OST location by using Group Policy" in Configure Cached Exchange Mode Group Policy settings in Outlook 2007.
Managing performance issues Many factors influence a user's perception of Cached Exchange Mode performance, including hard disk size, CPU speed, and the expected level of performance. For example, offline users
118 might find that Cached Exchange Mode provides better performance, while users who formerly accessed Exchange in online mode might perceive reduced Outlook performance. One factor that can contribute to reduced performance is a large OST file. If the user's OST file grows too large (for example, larger than 1 GB), Outlook with Cached Exchange Mode performance degrades. To improve response time in Outlook, users should either reduce the size of their mailbox (for example, by archiving older files) or disable Cached Exchange Mode. To help prevent large OST files, you can set a limit on the mailbox size in Exchange Server. You might also choose to disable synchronizing shared non-mail folders or disable synchronizing users' Public Folder Favorites if you previously enabled the option in your deployment of Cached Exchange Mode.
Managing Outlook folder sharing In Office Outlook 2007, shared folders that users access in other mailboxes are downloaded and cached in the user's local OST file when Cached Exchange Mode is enabled. Only shared Mail folders are not cached. For example, if a co-worker shares a calendar with another user and the user opens it, Office Outlook 2007 starts caching the folder locally so that the user has offline access to the folder and is insulated from network issues. However, if a manager delegates access to his or her Inbox to a team member, accessing the folder is an online task and can cause response delays. You can configure this option in the Office Customization Tool (OCT) when you customize your Cached Exchange Mode deployment. If users in your organization typically open many shared calendars and people work together on networks with reliable links to their Exchange servers, you might want to disable this feature. Leaving the feature enabled can cause OST files to become large, which can adversely affect Outlook performance when Cached Exchange Mode is used.
Public Folder Favorites considerations Cached Exchange Mode can be configured to download and synchronize the public folders included in users' Favorites folders for Outlook Public Folders. By default, Public Folder Favorites are not synchronized. However, you might want to enable this option if your organization uses public folders extensively. You can configure an option to download Public Folder Favorites in the OCT when you customize your Cached Exchange Mode deployment. If users' Public Folders Favorites folders include large public folders, their OST files can also become large. This can adversely affect Outlook performance in Cached Exchange Mode. Before you configure Cached Exchange Mode to enable this option, ensure that users are selective about the public folders that are included in their Public Folder Favorites. Also ensure that users' OST files are large enough, and are in folders with enough disk space, to accommodate the additional storage requirements for the public folder downloads.
Managing Outlook behavior for perceived slow connections Outlook is configured to determine a user's connection speed by checking the network adapter speed on the user's computer, as supplied by the operating system. If the reported network adapter speed is 128 KB or lower, the connection is defined as a slow connection.
119 When a slow connection to a user's Exchange server is detected, Outlook helps users have a better experience by reducing the amount of less-critical information that is synchronized with the Exchange server. Outlook makes the following changes to synchronization behavior for slow connections: Switches to downloading headers only Does not download the Offline Address Book or OAB updates Downloads the body of an item and associated attachments only when requested by the user Outlook continues to synchronize with personal digital assistants (PDAs), and some client-side rules may run.
Note Synchronizing PDAs while using Cached Exchange Header Only Mode is not recommended. When you synchronize a hand-held computer—for example, by using ActiveSync—full items are downloaded in Outlook, and the synchronization process is less efficient than with regular Outlook synchronization to users' computers. The Headers Only mode of synchronization is designed for Outlook users with dial-up connections or cellular wireless connections to minimize network traffic when there is a slow or expensive connection. There might be circumstances when the network adapter speed does not accurately reflect data throughput for users. For example, if a user's computer is on a local area network for fast access to local file servers, the network adapter speed is reported as fast because the user is connected to a local area network (LAN). However, the user's access to other locations on an organization's network—including the Exchange server—might use a slow link, such as an ISDN connection. For a scenario like this, where users' actual data throughput is slow although their network adapters report a fast connection, you might want to configure an option to change or lock down the behavior of Outlook—for example, by disabling automatic switching to downloading only headers and configuring Outlook to download only headers. Similarly, there might be connections that Outlook has determined are slow in which users actually have high data throughput. In this scenario, you might also disable automatic switching to downloading only headers. The setting you configure to change the behavior of Outlook for reported connection speed is the On slow connections, download only headers check box. You can configure this option in the OCT, or lock down the option by using Group Policy. For more information about customizing this setting, see Configure Cached Exchange Mode Group Policy settings in Outlook 2007.
Options for staging a Cached Exchange Mode deployment Stage the rollout over time if you plan to upgrade a large group of users from a deployment of Outlook without Cached Exchange mode (Outlook XP or earlier, or Outlook 2003 without Cached Exchange Mode) to Office Outlook 2007 with Cached Exchange Mode enabled. This helps your organization's Exchange servers manage the requirements of creating or updating users' OST files.
120 Caution If most users are updated to use Cached Exchange Mode at once and then start Outlook at the same time (for example, on a Monday morning after a weekend upgrade), the Exchange servers will have significant performance issues.These performance issues can sometimes be mitigated; for example, if most of the users in your organization have current OST files. But in general, staging deployment of Cached Exchange Mode over a period of time is recommended. The following scenarios include examples of how you could deploy Cached Exchange Mode to avoid a large initial performance impact on the Exchange servers and—in some cases—minimize the time users spend waiting for the initial synchronization: Retain Outlook OST files while deploying Cached Exchange Mode. Since existing OST files are merely updated with the latest mailbox information when Outlook with Cached Exchange Mode starts for the first time, retaining these files when you deploy Cached Exchange Mode can help reduce the load on your organization's Exchange servers. Users who already have OST files will have less Outlook information to synchronize with the server. This scenario works best when most users already have OST files that have recently been synchronized with Exchange Server. To retain OST files while you deploy Outlook with Cached Exchange Mode, do not specify a new Exchange server when you customize Outlook profile information in the OCT. Alternatively, when you customize Outlook profiles, clear the Overwrite existing Exchange settings if an Exchange connection exists (only applies when modifying the profile) check box.(If you specify an Exchange server when you configure and deploy Outlook with this option enabled, Outlook replaces the Exchange service provider in the MAPI profile, which removes the profile's entry for existing OST files.) Provide seed OST files to remote users, and then deploy Cached Exchange Mode after users have installed the OST files you provide. If most users in your organization do not currently have OST files or are not using Cached Exchange Mode, you can deploy Office Outlook 2007 with Cached Exchange Mode disabled. Then, before the date on which you plan to deploy Cached Exchange Mode, you provide initial or "seed" OST files to each user with a snapshot of the user's mailbox; for example, by providing or mailing to the user a CD that contains the file with installation instructions. You might also want to provide a recent version of your organization's Office Address Book (OAB) with Full Details. You configure and deploy Cached Exchange Mode when users confirm that they have installed the files.
Note For more information about creating initial OST files, see Providing an initial OST file for an Outlook Cached Exchange Mode deployment. The article describes creating initial OST files for Microsoft Office Outlook 2003; the process works similarly for Office Outlook 2007. When you update your Outlook deployment to use Cached Exchange Mode later, the Exchange server updates users' existing OST files and there is much less data to synchronize than there would be if a new OST and OAB were created for each user. Creating individual CDs for each user's OST file can be time consuming, so this procedure might be most useful for select groups of remote users who would otherwise spend a lot of time waiting for the initial mailbox and OAB synchronization, perhaps at a high cost, depending on their remote connection scenario.
121 Deploy Outlook with Cached Exchange Mode to groups of users at a time. You can balance the workload on your Exchange servers and the local area network by upgrading groups of users to Cached Exchange Mode over a period of time. The network traffic and server-intensive work of populating OST files with users' mailbox items and downloading the OAB are mitigated by rolling out the new feature in stages. The way that you create and deploy to groups of users depends on your organization's usual deployment methods. For example, you might create groups of users in Microsoft Systems Management Server (SMS), to which you would deploy an SMS package that updates Outlook to use Cached Exchange Mode. You would deploy SMS to each group over a period of time. To balance the load as much as possible, choose groups of users whose accounts are spread across groups of Exchange servers.
Upgrading current Cached Exchange Mode users to Office Outlook 2007 Upgrading users to Office Outlook 2007 with Cached Exchange Mode already enabled in Outlook 2003 is straightforward. If you do not change Cached Exchange Mode settings, the same settings are kept for Office Outlook 2007. There is no change to the OST or OAB file format, and you do not need to re-create these files during an upgrade. The ability to share non-mail folders is a new feature that is enabled by default for Cached Exchange Mode in Office Outlook 2007. Existing profiles with Cached Exchange Mode have this setting enabled when users are upgraded. This could be problematic if: Users in your organization use ANSI OST files. Users' OST files are close to the size limit. Your organization shares a large amount of data. When these factors are all present, downloading shared non-mail folders can create performance issues and other problems. You can disable this option when you deploy Outlook to help prevent problems with downloading non-mail folders. In addition, be aware that caching for shared non-mail folders works differently from other caching for Cached Exchange Mode. With shared non-mail folders, replication to the local OST file starts only when the user clicks the shared folder. Once a user has activated caching for the folder by clicking it, Outlook updates the folder just like other Outlook folders are synchronized in Cached Exchange Mode. However, if the user does not navigate to the folder at least once every 45 days (the default value), the local data will be not be updated further until the user clicks the folder again. You can configure the Synchronizing data in shared folders option in Group Policy or use the OCT to change the number of days before Outlook stops caching inactive non-mail folders. For more information about this setting, see Configure Cached Exchange Mode Group Policy settings in Outlook2007.
122 Deploying Cached Exchange Mode to users who already have OST files Some Microsoft Outlook users who connect to Microsoft Exchange in online mode might have OST files. There are several issues to consider when you configure Cached Exchange Mode for these users: Users with large Exchange mailboxes If users with existing OST files have large Exchange mailboxes, they might experience errors when Outlook attempts to synchronize their mailboxes to their OST files. To help prevent this, you can first configure a Group Policy setting that requires new Outlook files to be Unicode-formatted, since Outlook Unicode files do not have the 2-GB size limit that Outlook ANSI files do. Then, when Outlook is deployed with Cached Exchange Mode, Outlook creates a new Unicode OST file for users that currently have ANSI OST files. Users' existing OST and OAB files are not removed. Users without a Full Details Offline Address Book (OAB) For users who have not downloaded a Full Details Offline Address Book (OAB), a Full Details OAB is downloaded when Cached Exchange Mode synchronizes for the first time. Existing OAB files, including files for a No Details OAB, are not removed. Depending on several factors—including the version of Exchange Server you are using, your Exchange server Unicode settings, and the Outlook client Unicode settings—the new OAB files might be Unicode. If Unicode OAB files are created and users have ANSI OAB files (with Full Details or No Details), the ANSI OAB files are not removed. If the Exchange Server version and settings support Unicode, you can require that new Outlook files are Unicode. For more information about configuring the default format for new Outlook files to be Unicode, see "To specify Unicode for new Outlook files" in Configure Cached Exchange Mode Group Policy settings in Outlook 2007.
Using Group Policy to enforce Cached Exchange Mode settings By using Group Policy, you can help prevent users from enabling Cached Exchange Mode in Outlook, enforce download options for Cached Exchange Mode, or configure other Cached Exchange Mode options. For example, you can specify the default times between Exchange server synchronizations when data changes on an Exchange server. Those changes will be downloaded. You can also specify the default times when data changes on the client computer. Those changes will be uploaded. You can configure these options as defaults by using the Modify user settings page in the Office Customization Tool, or lock down the settings by using Group Policy. Steps for locking down settings by using Group Policy are provided in Configure Cached Exchange Mode Group Policy settings in Outlook 2007.
Additional resources Refer to the resources listed below for additional information relevant to planning a Cached Exchange Mode deployment.
123 When you use Microsoft Office Outlook 2003 or 2nd_Outlook12 with Microsoft Exchange Server-based systems, you can use Cached Exchange Mode and other features to enhance the user experience regarding issues such as high latency, loss of network connectivity, and limited network bandwidth. Download the Client Network Traffic with Exchange 2003 white paper to learn about these new enhancements. You can make changes to your configuration that improve the user experience in areas such as high latency, loss of connectivity, and limited bandwidth. For more information, download the Enabling a Superior Client Experience with Outlook 2003 whitepaper. Office Outlook 2007 includes the ability to automatically configure user accounts. Download the Outlook Automatic Account Configuration whitepaper to learn how the discovery mechanisms work and how to modify an XML file to configure AutoDiscover for your organization.
124 Plan Outlook 2007 Offline Address Book deployment
When you use Microsoft Outlook with Microsoft Exchange Server, Outlook uses the Offline Address Book (OAB) to provide offline access to directory information from the global address list (GAL) when users work offline or are configured to use Cached Exchange Mode. When a user starts Outlook in Cached Exchange Mode for the first time, the user's Exchange mailbox is synchronized to a local offline folder (OST) file, and the offline address list from the Exchange server typically is synchronized to a collection of OAB files on the user's computer. When you plan to configure users to use Cached Exchange Mode, you can take steps to help avoid network delays when users start Outlook and Outlook begins caching information locally on their computers. More information about staging a Cached Exchange Mode deployment is included in Plan a Cached Exchange Mode deployment in Outlook 2007. Detailed information about deploying and managing the OAB with Microsoft Exchange 2003 is included in the Offline Address Book Best Practices Guide on TechNet's Exchange TechCenter. The guide focuses on Microsoft Office Outlook 2003 and Microsoft Exchange Server 2003. Much of the information is also helpful for understanding and working with the OAB when you deploy Microsoft Office Outlook 2007. The following chapters are particularly important for understanding how Outlook and Exchange versions and service packs work together to provide the best experience with the OAB, and for following best practices when you deploy the OAB. There is also a resources section with links to helpful additional information. Deployment Scenarios for Outlook 2003. This topic discusses a variety of offline address book best practices to use when you deploy Outlook 2003. This topic also discusses offline address book best practices to use when you upgrade from Microsoft Exchange Server 5.5, perform site consolidations and mergers, and stage Offline Address Book deployments. Improvements for Offline Address Books. This topic describes recent improvements that have been made to offline address books. Both Exchange Server 2003 and Outlook 2003 introduced Offline Address Book v3(a), which included improvements to the offline address book. Service Pack 1 (SP1) for Exchange Server 2003 and Service Pack 1 (SP1) for Outlook 2003 included additional enhancements to the offline address book. Exchange Server 2003 SP2 and Outlook 2003 SP2 introduce Offline Address Book version 4 (OAB v4). OAB v4 includes significant performance improvements and other improvements over previous versions of the Offline Address Book. Offline Address Book Best Practices Guide Resources. This section includes links to Knowledge Base articles and other technical articles, WebCasts, and related Web sites that might help you understand how to work with the OAB.
See Also Administering the offline address book in Outlook 2003 and Outlook 2007
125 Considerations when installing Outlook 2007 in a Terminal Services environment
In this article: Outlook features that are disabled with Terminal Services Enabling remote sound Unlocking registry settings By using Microsoft Windows Terminal Services, you can use Microsoft Office Outlook 2007 without upgrading every computer in your organization. Users can work in the latest 2007 Microsoft Office system environment even when their computers have limited hard disk space, memory, or processing speed. Windows Terminal Services allows you to run Microsoft Windows–based programs on a server and display the programs remotely on client computers. For example, you can install a single copy of Office Outlook 2007 on a Windows Terminal Services computer. Instead of running Outlook locally, multiple users can connect to the server and run Outlook from the Windows Terminal Services computer.
Note Learn more about installing applications in the 2007 Office system in Deploy the 2007 Office system in a Windows Terminal Services environment. There are some limitations when you use Terminal Services with Outlook. For example, you cannot use Outlook with Cached Exchange Mode when you run Outlook on Windows Terminal Services.
Outlook features that are disabled with Terminal Services You cannot use the following Outlook features when you run Outlook in a Terminal Services environment: Offline store (OST) files. Features that rely on the OST (for example, Cached Exchange Mode and Offline mode) are not supported with Terminal Services. Forms Designer and the Microsoft Visual Basic Scripting Edition (VBScript) editor. You can view a custom form, but you cannot design a new form or revise an existing form. Changing the Time Zone from within Outlook. Changing this setting in Outlook updates a system setting. Changing Zone security settings from within Outlook. Changing this setting in Outlook updates a system setting. Changing the status of a Microsoft Exchange Client Extension.
126 You cannot change the status; however, if the Exchange Client Extension is already on, the extension should work correctly. Adding stationery that was not included with Outlook as part of the Terminal Services installation. Outlook animations are disabled. Examples of Outlook animations include Send/Receive animation and the Search Folder creation icon.
Enabling remote sound By default, when 2007 Office system is used over a Remote Desktop Protocol (RDP) session, the New Mail sound uses the Default Beep sound and not the New Mail Notification sound. To establish the correct sound, first ensure that the audio is enabled on the Terminal Services computers. For more information, see HOW TO: Use Group Policy to Permit Users to Redirect and Play Audio in a Remote Desktop Session to Terminal Services in Windows Server 2003 (http://go.microsoft.com/fwlink/?LinkId=105038) or You Do Not Hear Any Sound During a Terminal Server Session (http://go.microsoft.com/fwlink/?LinkId=105039). Next, configure the settings for remote computer sound on the Remote Desktop Connection (RDC) client, as shown in the following procedure.
Configure the settings for remote computer sound on the RDC client 1. Click Start, point to All Programs, point to Accessories, point to Communications, and then click Remote Desktop Client. 2. In the Remote Desktop Connection dialog box, click Options. 3. Click the Local Resources tab. 4. In the Remote Computer Sound section, click Bring to this Computer in the drop- down list. 5. Click Connect to use the new settings. 6. Click Start, point to Control Panel, click Sound, and then click the Sounds tab. 7. In the Program section, locate Windows\Default Beep and assign a *.WAV file; you can reassign the Windows Notify.wav file from the New Mail Notification to the Windows\Default Beep. 8. Click OK.
Unlocking registry settings By default, Windows Terminal Services clients do not have write access to the registry on the Windows Terminal Services computer, except to the registry hive under HKEY_CURRENT_USER. To run some Outlook features, you might need to give users write access to some keys and subkeys. For example, unlock the subkey HKEY_CLASSES_ROOT\CLSID to allow users to use the custom MAPI forms for Office Outlook 2007.
127 Planning for security and protection in Outlook 2007 (Office Resource Kit)
In this chapter: Use Outlook 2007 to help protect messages Plan for e-mail messaging cryptography How users manage cryptographic digital IDs in Outlook 2007 Plan for configuring security settings in Outlook 2007 How administrator and user security settings interact in Outlook 2007 Plan for Outlook 2007 security in special environments Plan for limiting junk e-mail in Outlook 2007
128 Use Outlook 2007 to help protect messages
You have two main options for helping to protect messages in Microsoft Office Outlook 2007 from unauthorized use, tampering, or change: 1) cryptographic messaging using the S/MIME standard, and 2) Information Rights Management (IRM). While both of these options can help protect messages your users send and receive, they work differently and are each best suited for different scenarios. S/MIME is a standard for sending digitally signed and encrypted e-mail messages. Using S/MIME in Outlook is the preferred way to: Sign a message to prove the identity of the sender. S/MIME is the only option the 2007 Microsoft Office system supports for digital signatures. It is not possible to tamper with an IRM message, and in this way it is similar to a signed message. But IRM protection is more limited because there are no authorities that attest to the identities of the senders, and the Outlook user interface does not show information about the identity of the sender. Help ensure that Internet e-mail messages are not vulnerable to attackers that use software to monitor and intercept e-mail traffic over the Internet. The focus is on the Internet, as that is where point-to-point encryption is most valuable and where interoperability standards are most important. The biggest value in using S/MIME is when users send and receive e-mail messages outside corporate boundaries, where they are not protected by the corporate firewall. Another feature that can help to protect messages in Outlook is IRM. IRM gives organizations and information workers greater control over sensitive information. IRM is the preferred way to help to: Protect e-mail conversations containing sensitive information by restricting the ability to forward or copy the messages in an e-mail thread. The reasons to use IRM have little to do with whether an unauthorized person outside the organization—for example, a hacker on the Internet—will intercept the communication. Instead, IRM is used most efficiently when the sender is concerned that the intended recipient will share the information inappropriately. Prevent people from using out-of-date information by enforcing message expiration. With IRM, expiration dates on messages are enforced, unlike expiration dates set on messages without IRM. The biggest value for IRM is within the corporation, where employees need to share information while maintaining some control over who has access to this information IRM is especially helpful in ensuring that this information does not leak outside the corporate firewall.
See Also Plan for e-mail messaging cryptography
129 Plan for e-mail messaging cryptography
Microsoft Office Outlook 2007 supports security-related features to help users send and receive cryptographic e-mail messages. These features include cryptographic e-mail messaging, security labels, and signed receipts.
Note To obtain full security functionality in Outlook, you must install Outlook with local administrative rights.
Cryptographic messaging features in Outlook Outlook supports cryptographic messaging features that enable users to do the following: Digitally sign an e-mail message. Digital signing provides nonrepudiation and verification of contents (the message contains what the person sent, with no changes). Encrypt an e-mail message. Encryption helps to ensure privacy by making the message unreadable to anyone other than the intended recipient. Additional features can be configured for security-enhanced messaging. If your organization provides support for these features, security-enhanced messaging enables users to do the following: Send an e-mail message with a receipt request. This helps to verify that the recipient is validating the user's digital signature (the certificate that the user applied to a message). Add a security label to an e-mail message. Your organization can create a customized S/MIME V3 security policy that adds labels to messages. An S/MIME V3 security policy is code that you add to Outlook. It adds information to the message header about the sensitivity of the message. See Security Labels and signed receipts later in this topic.
How Outlook implements cryptographic messaging The Outlook cryptography model uses public key encryption to send and receive signed and encrypted e-mail messages. Outlook supports S/MIME V3 security, which allows users to exchange security-enhanced e-mail messages with other S/MIME e-mail clients over the Internet or intranet. E-mail messages encrypted by the user's public key can be decrypted using only the associated private key. This means that when a user sends an encrypted e-mail message, the recipient's certificate (public key) encrypts it. When a user reads an encrypted e-mail message, the user's private key decrypts it. In Outlook, users are required to have a security profile to use cryptographic features. A security profile is a group of settings that describes the certificates and algorithms used when a user sends messages that use cryptographic features. Security profiles are configured automatically if the profile is not already present when: The user has certificates for cryptography on his or her computer. The user begins to use a cryptographic feature.
130 You can customize these security settings for users in advance. You can use registry settings or Group Policy settings to customize Outlook to meet your organization's cryptographic policies and to configure (and enforce, with Group Policy) the settings you want in the security profiles. These settings are described in the table in Set consistent Outlook 2007 cryptography options for an organization.
Digital IDs: A combination of public/private keys and certificates S/MIME features rely on digital IDs, which associate a user's identity with a public and private key pair. The combination of a certificate and private/public key pair is called a digital ID. The private key can be saved in a security-enhanced store, such as the Microsoft Windows certificate store, on the user's computer or on a Smart Card. Outlook fully supports the X.509v3 standard, which requires that public and private keys are created by a certificate authority such as VeriSign, Inc. Users can obtain digital IDs by using public World Wide Web-based certificate authorities such as VeriSign and Microsoft Certificate Server. For more information about how users can acquire a digital ID, see the Outlook Help topic Get a Digital ID. As an administrator, you can provide digital IDs to a group of users. Outlook also continues to support working with Microsoft Exchange Key Management Server to obtain or provide digital IDs. When certificates for digital IDs expire, users typically must obtain updated certificates from the issuing certificate authority. If your organization relies on Microsoft Exchange Key Management Server for certificates, Outlook automatically manages certificate update for users.
Security labels and signed receipts Outlook includes support for S/MIME V3 Enhanced Security Services (ESS) extensions about security labels and signed receipts. These extensions help you to provide security-enhanced e- mail communications within your organization and to customize security to fit your requirements. If your organization develops and provides S/MIME V3 security policies to add custom security labels, the code in the security policies can enforce attaching a security label to an e-mail message. Here are two examples of security labels: An Internal Use Only label might be implemented as a security label to apply to mail that should not be sent or forwarded outside your company. A label can specify that certain recipients cannot forward or print the message, if the recipient also has the security policy installed. Users can also send security-enhanced receipt requests with messages to verify that the recipients recognize the user's digital signature. When the message is received and saved (even if it is not yet read) and the signature is verified, a receipt implying that the message was read is returned to the user's Inbox. If the user's signature is not verified, no receipt is sent. When the receipt is returned, because the receipt is also signed, you have verification that the user received and verified the message.
131 Classes of encryption strengths There are two classes of encryption key strengths available from Microsoft: high (128-bit) and low (40-bit). Microsoft provides 128-bit encryption capabilities in Windows 2000 and Windows XP, the operating systems required for the 2007 Microsoft Office system. Ensuring that users have software versions that support high encryption helps to provide a high level of security-enhanced e-mail messaging.
Additional resources The Outlook Security Labels application programming interface (API) creates security label policy modules that define the sensitivity of message content in your organization. For a detailed description of creating policy modules and code samples, see the MSDN article Creating Security Label Policy Modules. Public key cryptography can help you maintain security-enhanced e-mail systems. For more information about the use of public key cryptography in Outlook, search for the Outlook 98 Security whitepaper in the Knowledge Base search page of the Microsoft Product Support Services Web site. Microsoft Exchange Key Management Server version 5.5 issues keys for Microsoft Exchange Server security only. Microsoft Exchange Key Management Server 5.5 Service Pack 1 supports both Exchange security and S/MIME security. For more information, see the Microsoft Exchange Server version 5.5 Resource Guide in the Microsoft BackOffice Resource Kit, Second Edition.
132 How users manage cryptographic digital IDs in Outlook 2007
Microsoft Office Outlook 2007 provides ways for users to manage their digital IDs—the combination of a user's certificate and public and private encryption key set. Digital IDs help to keep users' e-mail messages secure by letting them exchange cryptographic messages. Managing digital IDs includes: Obtaining a digital ID. For more information about how users can acquire a digital ID, see the Outlook Help topic Get a Digital ID. Storing a digital ID, so you can move the ID to another computer or make it available to others. Providing a digital ID to others. Exporting a digital ID to a file. This is useful when the user is creating a backup or moving to a new computer. Importing a digital ID from a file into Outlook. A digital ID file might be a user's backup copy or might contain a digital ID from another user. Renewing a digital ID that has expired. A user who performs cryptographic messaging at more than one computer must copy his or her digital ID to each computer.
Places to store digital IDs Digital IDs can be stored in three locations: The Microsoft Exchange Global Address Book A Lightweight Directory Access Protocol (LDAP) directory service A Microsoft Windows file
Microsoft Exchange Global Address Book Users who enroll in Exchange Advanced Security store their certificates in their organization's Global Address Book. Alternatively, users use their LDAP provider to open the Global Address Book. Only certificates generated by Microsoft Exchange Server Advanced Security or by Microsoft Exchange Key Management Server (KMS) are automatically published in the Global Address Book. Externally generated certificates can be manually published to the Global Address Book by clicking the Publish to GAL button in the Trust Center under the Tools menu option.
133 Internet directory service (LDAP) External directory services, certificate authorities, or other certificate providers can publish their users' certificates through an LDAP directory service. Outlook allows access to these certificates through LDAP directories.
Windows file Digital IDs can be stored on users' computers. Users export their digital ID to a file by using the Import/Export option in the Trust Center under the Tools menu option. They can encrypt the file when they create it by providing a password.
Providing digital IDs to others In order for a user to exchange cryptographic e-mail messages with another user, they must have each other's public key. Users provide access to their public key through a certificate. There are several ways to provide a digital ID to others; for example, users can: Use a certificate to digitally sign an e-mail message. Provide a certificate by using a directory service, such as the Microsoft Exchange Global Address Book.
Provide a certificate in a digitally signed e-mail message A user provides his or her public key to another user by composing an e-mail message and digitally signing the message by using a certificate. When Outlook users receive the signed message, they right-click the user's name on the From line and click Add to Contacts. The address information and the certificate are saved in the Outlook user's contacts list.
Obtain a certificate from a directory service Another alternative is for a user to automatically retrieve another user's certificate from an LDAP directory on a standard LDAP server when he or she sends an encrypted e-mail message. To gain access to a certificate this way, users must be enrolled in S/MIME security with digital IDs for their e-mail accounts. A user can also obtain certificates from the Global Address Book. To do this, the user must be enrolled in Microsoft Exchange Server Advanced Security.
Importing digital IDs Users can import a digital ID from a file. This is useful, for example, if a user wants to send cryptographic e-mail messages from a new computer. Each computer from which the user sends cryptographic e-mail messages must have the user's certificates installed. Users import digital IDs from a file by using the Import/Export option in the Trust Center under the Tools menu option.
134 Renewing keys and certificates A time limit is associated with each certificate and private key. When the keys provided by the Microsoft Exchange Key Management Server approach the end of the designated time period, Outlook displays a warning message and offers to renew the keys. Outlook prompts the user, offering to send the renewal message to the server on each user's behalf. If users do not choose to renew a certificate before it expires, or if they use another certificate authority rather than KMS, the user must contact the certificate authority to renew the certificate.
135 Plan for configuring security settings in Outlook 2007
You can customize many of the security-related features in Microsoft Office Outlook 2007, including limiting automated access to address books and managing users' access to attachments.
Caution Outlook is configured with high security-related settings by default. High security levels can result in limitations to Outlook functionality, such as restrictions on e-mail message attachment file types. Be aware that lowering any default security settings might increase the risk of virus execution or propagation. Use caution and read the documentation before you modify these settings.
Specifying how security settings are enforced in Outlook A new feature in Office Outlook 2007 allows you to configure security options by using new Group Policy settings, instead of modifying security settings by using the Outlook security template and publishing the settings to a form in a top-level folder in Exchange Server public folders. To use Group Policy to configure security options, you must configure the new Outlook Security Mode setting. For more information about specifying the method used to customize security settings in Outlook, see Specify the method Outlook uses to manage virus prevention features. To continue using the Exchange Server security form for Outlook security settings, you must also configure the new Group Policy setting. Default security settings in the product are enforced if you do not enable the setting.
Choosing between the Exchange Server security form and Group Policy security settings Office Outlook 2007 supports both the Exchange Server security form and Group Policy security settings. You can choose the option that is best for your environment. Following are sample environments in which you can use the security form, Group Policy, or either one.
Scenario for using the security form An Exchange Server environment with public folders. Client computers must use Outlook 2000 with the security update, Outlook 2002, Outlook 2003, or Office Outlook 2007.
136 Scenarios for using Group Policy security settings A Microsoft Exchange 2007 environment without public folders. All client computers use Outlook. An Exchange 2007 environment without public folders. Client computers with Office Outlook 2007 use Group Policy security settings, and client computers with other versions of Outlook depend on default security or the security form. An environment without Exchange Server. All client computers use Outlook.
Scenarios for using security form or Group Policy security settings An Exchange Server environment in which Exchange Server is being upgraded to Exchange 2007. Client computers use Office Outlook 2007. An Exchange Server environment in which client computers are being upgraded from Outlook 2002 or Outlook 2003 to Office Outlook 2007.
Caveats to consider when customizing security settings There are three caveats to consider when you customize Group Policy security settings for Outlook: Customized settings configured using Group Policy might not be active immediately. You can configure Group Policy to refresh automatically (in the background) on users' computers while users are logged on, at a frequency that you determine. To ensure that new Group Policy settings are active immediately, users must log off and log back on to their computers. Outlook checks security settings only at start up. If security settings are refreshed while Outlook is running, the new configuration is not used until the user closes and restarts Outlook. No customized settings are applied in Personal Information Manager (PIM)-only mode. In PIM mode, Outlook uses the default security settings. No administrator settings are necessary or used in this mode.
Customizing options for junk e-mail and ActiveX controls In addition to modifying how Outlook manages virus-prevention security options, you can also customize junk e-mail and ActiveX control features. You can customize the following Junk E-mail options: read as plain text, automatic picture download, and HTML mail zones. For more information about modifying these settings, see Configure junk e-mail settings in Outlook 2007.
137 You can also customize how Outlook runs ActiveX controls in one-off forms. For more information about customizing how ActiveX controls behave in one-off forms, see Customize Active X and custom forms security settings in Outlook 2007.
Updated Object Model Guard The Object Model (OM) Guard that helps prevent viruses from using the Outlook Address Book to propagate themselves is updated. Outlook checks for up-to-date antivirus software to help determine when to display address book access warnings and other Outlook security warnings.
138 How administrator and user security settings interact in Outlook 2007
Security settings defined by the user through the Microsoft Office Outlook 2007 user interface work as if they are included in the Group Policy settings you define as the administrator. When there is a conflict between the two, settings with a higher security level override settings with a lower security level. The following list describes specific interactions between Group Policy security settings and security settings that a user defines in Outlook. Display Level 1 attachments. When this Group Policy is set, all file types that were set to Level 1 security are set to Level 2 security. If a user wants to block a file type, the user can customize the list in Outlook to block access to specific types of attachments. Add file extensions to block as Level 1. If you use this Group Policy setting to create a list of Level 1 file types, the list overrides the default list provided with Outlook and overrides user's settings for Level 1 file types. Even if you allow users to remove file types from the default Level 1 group of excluded file types, users cannot use Group Policy to remove file types that were added to the list. For example, if the user wants to remove the file types EXE, REG, and COM from the Level 1 group, but you use the Add Level 1 file extensions Group Policy setting to add EXE as a Level 1 file type, the user can only remove REG and COM files from the Level 1 group in Outlook. Remove file extensions blocked as Level 1. The user's list is combined with the list you set in Group Policy to determine which Level 1 items are set to Level 2. Add file extensions to block as Level 2. If a user changes Level 1 files to Level 2 files, and those file types are listed in Group Policy as Level 2 extensions, the files are treated as Level 2 attachments. Remove file extensions blocked as Level 2. There is no interaction with this setting. Allow users to demote attachments to Level 2. This setting allows a user to change a Level 1 attachment to Level 2. If you do not configure this Group Policy setting, the default behavior in Outlook is to ignore the user's list.
See Also Attachment file types restricted by Outlook 2007
139 Plan for Outlook 2007 security in special environments
When you use Group Policy to configure security settings for Microsoft Office Outlook 2007, there are issues to consider when your environment includes one or more of the following: Users who access their mailboxes by using a hosted Exchange Server. Users with administrative rights on their computers. Users who access Exchange mailboxes by using Outlook Web Access.
Users with a hosted Exchange Server environment If users access mailboxes by using a hosted Exchange Server, you might use the Exchange Server security form to configure security settings or use the default Outlook security settings. In hosted environments, users access their mailboxes remotely; for example, by using a virtual private network (VPN) connection or by using RPC over HTTP. Since Group Policy is deployed by using Active Directory and in this scenario, the user's local computer is not a member of the domain, Group Policy security settings cannot be applied. Also, by using the Exchange Server security form to configure security settings, users automatically receive updates to security settings. Users cannot receive updates to Group Policy security settings unless their computer is in the Active Directory domain.
Users with administrative rights Restrictions to Group Policy settings are not enforced when users log on with administrative rights. Users with administrative rights can also change the Outlook security settings on their computer and can remove or alter the restrictions you have configured. This is true not just for Outlook security settings, but for all Group Policy settings. While this can be problematic when an organization intends to have standardized settings for all users, there are mitigating factors: Group Policy overrides local changes at the next logon. Changes to Outlook security settings revert to the Group Policy settings when the user logs on. Overriding a Group Policy affects only the local computer. Users with administrative rights affect only security settings on their computer, not the security settings for users on other computers. Users without administrative rights cannot change policies. In this scenario, Group Policy security settings are as secure as settings configured by using the Exchange Server security form.
140 Users with an Outlook Web Access environment Outlook and Outlook Web Access (OWA) do not use the same security model. OWA has separate security settings stored on the OWA server.
141 Plan for limiting junk e-mail in Outlook 2007
Microsoft Office Outlook 2007 includes features that can help users avoid receiving and reading junk e-mail messages, including the Junk E-mail Filter and disabling automatic content download from external servers.
Note This topic is for Outlook administrators. To configure Outlook junk e-mail options on your computer, see Junk E-mail Filter options. The filtering manager helps users avoid reading junk e-mail messages. The filter is on by default and the protection level is set to Low, which is designed to filter the most obvious junk e-mail messages. The filter replaces the rules for processing junk e-mail messages in previous versions of Outlook (prior to Microsoft Outlook 2003). The filter incorporates technology built into the software to evaluate e-mail messages to determine if the messages are likely to be junk e-mail, in addition to filtering lists that automatically block or accept messages to or from specific senders. Automatic picture download settings help reduce the risk of Web beacons activating in e-mail messages by automatically blocking the download of pictures, sounds, and other content from external servers in e-mail messages. Automatic content download is disabled by default. Configure junk e-mail settings in Outlook 2007 contains more information about configuring how external content is downloaded. This topic discusses how the Outlook Junk E-mail Filter works, and how you can configure the Junk E-mail Filter to meet the needs of your organization. For example, you can configure the filter to be more aggressive, though this might also cause it to filter more legitimate messages. Rules that are not part of junk e-mail management are not affected.
Overview: the Outlook Junk E-mail Filter The Junk E-mail Filter contains two parts: Three Junk e-mail Filter lists: Safe Senders, Safe Recipients, and Blocked Senders. State-of-the-art technology developed by Microsoft Research. This technology evaluates whether an unread message should be treated as junk e-mail based on several factors, including the message content and whether the sender is included in Junk E-mail Filter lists. All settings for the Junk E-mail Filter are stored in each user's Outlook profile. You can override the profile settings by using policies for all options except the Junk E-mail Filter lists. However, you can create and deploy initial lists of Safe Senders, Safe Recipients, and Blocked Senders for your users. The Junk E-mail Filter is provided for a subset of Outlook account types. The types are listed in the following section, Supported account types. The filter works best when it is used with Microsoft Exchange Server 2003 and later accounts, as described in detail later in this topic. When Outlook users are upgraded to Office Outlook 2007 , existing Junk E-mail Filter lists are maintained, unless you deploy new lists to users.
142 Supported account types Office Outlook 2007 supports junk e-mail filtering for the following account types: Microsoft Exchange Server e-mail accounts in Cached Exchange Mode Microsoft Exchange Server e-mail accounts when mail is delivered to a Personal Folders file (PST file) HTTP accounts POP accounts MSN Hotmail accounts IMAP accounts The following account types are not supported for Outlook junk e-mail filtering: Microsoft Exchange Server e-mail accounts in Online (MDB) mode Third-party MAPI providers Information about what junk e-mail filtering options are available with Exchange Server is included in the next section, Support in different versions of Exchange Server. In scenarios in which POP e-mail messages are downloaded into an Exchange Online (MDB) mailbox, Outlook blocks junk e-mail messages for the user's POP e-mail; however, Outlook does not block Exchange Online junk e-mail messages.
Support in different versions of Exchange Server Junk E-mail Filter behavior depends on the Exchange Server version you use for messaging. Later versions of Exchange Server support more filtering options than earlier versions do. The following list details Junk E-mail Filter behavior with different versions of Exchange Server. Versions earlier than Exchange Server 2003 If users use Cached Exchange Mode or download to a Personal Folders file (PST file): Users can create and use the Junk E-mail Filter lists, which are available from any computer that users use. If users work online: The Junk E-mail Filter is not available. Exchange Server 2003 and later versions of Exchange If users use Cached Exchange Mode or download to a PST file: The Junk E-mail Filter lists that are available from any computer are also used by the server to evaluate mail. This means that if a sender is on a user's Blocked Senders list, mail moves to the Junk E-mail folder on the server and is not evaluated by Office Outlook 2007. In addition, Office Outlook 2007 uses Microsoft Research technology to evaluate e-mail messages. If users work online: The Junk E-mail Filter lists that are available from any computer are also used by the server to evaluate mail. This means that if a sender is on a user's Blocked Senders list, mail moves to the Junk E-mail folder on the server and is not evaluated by Office Outlook 2007.
143 Upgrading from a previous installation of Outlook before Outlook 2003 When a user's previous version of Outlook (earlier than Outlook 2003) is upgraded to Office Outlook 2007, the rules that previously handled junk e-mail messages are removed. The existing rules and files used by the old filter are not migrated. The existing rules are handled as follows: Rules created by the old filter With the previous rules filter for junk e-mail messages, users could create up to three client- side rules for their mailbox: Adult Content Rule, Junk E-mail Rule, and Exception List. Outlook removes these rules from the user's mailbox when Outlook 2003 starts for the first time on the user's computer. This means that Outlook 2003 always disables the previous junk e-mail filter. Files that contain the Adult Senders list and the Blocked Senders list These text files are left on the user's computer, but Outlook no longer uses the files.
Configuring the Junk E-mail Filter user interface You can specify several options to configure how the Junk E-mail Filter works for your users, including the following: Set the Junk E-mail Filter protection level. Permanently delete suspected junk e-mail messages or move the messages to the Junk E-mail folder. Trust e-mail messages from users' Contacts. The default values for the Junk E-mail Filter are designed to help provide a positive experience for users. However, you can configure these settings to different defaults and set other options and policies when you deploy Outlook to your organization, such as defining an alternative URL for the location of filter updates. Junk e-mail settings are set only once. When the user first starts Outlook 2003, the settings are configured in the profile that the user chooses. Other profiles the user has, or may create later, do not include the settings that you have configured. Instead, default settings are used. Default values for the Junk E-mail Filter settings are: Junk E-mail: Set to LOW Permanently delete: Set to OFF Trust my Contacts: Set to ON You can use the Office Customization Tool to configure these options to specify default values for users, or the options can be enforced by Group Policy. For more information about configuring options for the Junk E-mail Filter, see Configure junk e-mail settings in Outlook 2007.
Providing default Junk E-mail Filter lists You can deploy default Junk E-mail Filter lists to your users. The Junk E-mail Filter uses these lists as follows:
144 Safe Senders list E-mail messages received from the e-mail addresses in the list or from any e-mail address that includes a domain name in the list are never treated as junk e-mail. Safe Recipients list E-mail messages sent to the e-mail addresses in the list or to any e-mail address that includes a domain name in the list are never treated as junk e-mail. Blocked Senders list E-mail messages received from the e-mail addresses in the list or from any e-mail address that includes a domain name in the list are always treated as junk e-mail. If a domain name or e-mail address is on both the Blocked Senders list and the Safe Senders list, the Safe Senders list takes precedence over the Blocked Senders list. This reduces the risk that mail that users want might be treated as junk e-mail by mistake. The lists are stored on the server and are available if users roam. To deploy the Junk E-mail Filter lists, you create the lists on a test computer and distribute the lists to your users. The lists you provide are default lists; they cannot be locked down by policy. For more information about deploying default lists, see Create and deploy Junk E-mail Filter lists in Outlook 2007.
See Also Configure junk e-mail settings in Outlook 2007 Create and deploy Junk E-mail Filter lists in Outlook 2007
145 IV Planning for Group Policy for the 2007 Office system
In this section: Group Policy overview (2007 Office)
146 Group Policy overview (2007 Office)
Group Policy is an infrastructure that administrators can use to implement specific computing configurations for users and computers. Policy settings can also be applied to member servers and domain controllers within the scope of an Active Directory forest. Administrators use Group Policy to define configurations once and then rely on the operating system to enforce that state. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to selected Active Directory directory service containers — sites, domains, or organizational units (OUs). The settings within GPOs are evaluated by the affected targets using the hierarchical nature of Active Directory. The Group Policy infrastructure consists of a Group Policy engine and several individual extensions. These extensions are used to configure Group Policy settings, either by modifying the registry through the Administrative Templates extension, or setting Group Policy settings for security settings, software installation, folder redirection, Internet Explorer Maintenance, wireless network settings, and other areas. Each Group Policy extension consists of two extensions: A server-side extension of the Group Policy Object Editor Microsoft Management Console (MMC) snap-in, used to define and set the policy settings applied to client computers. A client-side extension that the Group Policy engine calls to apply policy settings. The 2007 Microsoft Office system system policy settings are contained in Administrative Template (.adm) files. For more information, see the Administrative Templates section. The following sections provide an overview of Group Policy concepts. For more detailed information, see Group Policy Collection (http://go.microsoft.com/fwlink/?LinkId=80200) on the Microsoft TechNet site. In this topic Local and Active Directory-based Group Policy Group Policy processing Group Policy application Targeting the application of Group Policy Objects Administrative Templates extension User Preferences and True Policies Group Policy Management Tools Office Customization Tool and Group Policy
Local and Active Directory-based Group Policy Every computer has a local GPO that is always processed, regardless of whether the computer is part of a domain or is a stand-alone computer. The local GPO cannot be blocked by domain-
147 based GPOs. However, settings in domain GPOs always take precedence, since they are processed after the local GPO. Although you can configure local Group Policy objects on individual computers, maximum benefits of Group Policy are realized in a Windows 2000 or Windows Server 2003-based network with Active Directory installed. Administrators can implement Group Policy settings for as broad or as narrow a part of their organization as necessary. To do this, administrators link GPOs to sites, domains, and OUs. GPO links affect users and computers as follows: GPOs linked to a site apply to all users and computers in the site. GPOs linked to a domain apply directly to all users and computers in the domain and by inheritance to all users and computers in child OUs. Group Policy is not inherited across domains. GPOs linked to an OU apply directly to all users and computers in the OU and, by inheritance, to all users and computers in child OUs. When a GPO is created, it is stored in the domain. When the GPO is linked to an Active Directory container, such as an OU, the link is a component of that Active Directory container. The link is not a component of the GPO. Administrators must have GPO creation privileges to create a GPO. By default, only domain administrators, enterprise administrators, and members of the Group Policy creator owners group can create Group Policy objects. You must have edit permissions for the GPO that you want to edit. For more detailed information about Group Policy infrastructure, see Group Policy Collection (http://go.microsoft.com/fwlink/?LinkId=80200) on the Microsoft TechNet site. The Windows Vista and Windows Server® 2008 operating systems introduce new functionality for managing local GPOs that gives stand-alone computer administrators the ability to apply multiple Group Policy objects to users of stand-alone computers.
Multiple local GPOs: changes in Windows Vista and Windows Server 2008 Windows Vista and Windows Server 2008 provide support for managing multiple local GPOs on stand-alone computers. This capability is useful for managing environments that involve shared computing on a single computer, such as libraries or computer labs. You can assign multiple local GPOs to local users or built-in groups. In a workgroup environment, each computer maintains its own policy settings. This feature works with domain-based Group Policy, or it can be disabled through a Group Policy setting. Administrators can use multiple local GPOs to do the following: Apply different levels of local Group Policy to local users on a stand-alone computer. This capability is ideal for shared computing environments where domain-based management is not available. Manage Group Policy based on groups of administrators and non-administrators. For example, if administrators want to set up computers in a computer lab to configure a secure environment, they can create highly managed policy settings for User groups and lightly managed policy settings for built-in Administrator accounts. This obviates the need for local
148 administrators to explicitly disable or remove Group Policy settings that interfere with their ability to manage the workstation before they perform administrative tasks. Windows Vista administrators can also turn off local Group Policy settings without explicitly enabling domain- based Group Policy. Domain administrators can disable the processing of local Group Policy objects on clients running Windows Vista by enabling the Turn off Local Group Policy objects processing policy setting in a domain Group Policy object. This setting is accessed under Computer Configuration\Administrative Templates\System\Group Policy. Windows Vista provides three layers of local Group Policy objects: local Group Policy, Administrator and Non-Administrators Group Policy, and user-specific local Group Policy. These layers of local Group Policy objects are processed according to the following order: Local Group Policy Administrators and Non-Administrators Group Policy User-specific local Group Policy For detailed information about using the multiple local GPOs feature in Windows Vista, see the Step-by-Step Guide to Managing Multiple Local Group Policy Objects on the Microsoft TechNet Web site.
Group Policy processing The local GPO is processed first, and the organizational unit to which the computer or user belongs (the one that it is a direct member of) is processed last. Group Policy settings are processed in the following order: Local GPO. Each computer has a Group Policy object that is stored locally. This GPO processes for both computer and user Group Policy. Site. GPOs linked to the site to which the computer belongs are processed next. Processing is done in the order specified by the administrator, on the Linked Group Policy Objects tab for the site in Group Policy Management Console (GPMC). The GPO with the lowest link order is processed last and has the highest precedence. For information about Group Policy Management Console, see the Group Policy Management Tools section. Domain. Multiple domain-linked GPOs are processed in the order specified by the administrator, on the Linked Group Policy Objects tab for the domain in Group Policy Management Console. The GPO with the lowest link order is processed last and has the highest precedence. Organizational units. GPOs linked to the organizational unit that is highest in the Active Directory hierarchy are processed first, and then GPOs that are linked to its child organizational unit are processed, and so on. GPOs linked to the organizational unit that contains the user or computer are processed last. The processing order is subject to the following conditions: Windows Management Instrumentation (WMI) or security filtering applied to GPOs. Any domain-based GPO (not local GPO) can be enforced by using the Enforce option, so that its policy settings cannot be overwritten. Because an Enforced GPO is processed last,
149 no other settings can write over the settings in that GPO. If more than one Enforced GPO exists, the same setting in each GPO may be set to a different value. In this case, the link order of the GPOs determines which GPO contains the final settings. At any domain or organizational unit, Group Policy inheritance can be selectively designated as Block Inheritance. However, because Enforced GPOs are always applied and cannot be blocked, blocking inheritance does not prevent the application of policy settings from Enforced GPOs.
Policy inheritance Policy settings in effect for a user and computer are the result of the combination of GPOs applied at a site, domain, or OU. When multiple GPOs apply to users and computers in those Active Directory containers, the settings in the GPOs are aggregated. By default, settings deployed in GPOs linked to higher level containers (parent containers) in Active Directory are inherited to child containers and combine with settings deployed in GPOs linked to the child containers. If multiple GPOs attempt to set a policy setting with conflicting values, the GPO with the highest precedence sets the setting. GPOs that are processed later have precedence over GPOs that are processed earlier.
Group Policy application Group Policy for computers is applied at computer startup. Group Policy for users is applied when users log on. In addition to the initial processing of Group Policy at startup and logon, Group Policy is applied subsequently in the background on a periodic basis. During a background refresh, a client-side extension reapplies the policy settings only if it detects that a change occurred on the server in any of its GPOs or its list of GPOs. For software installation and folder redirection, Group Policy processing occurs only during computer startup or user logon.
Synchronous and asynchronous processing Synchronous processes can be described as a series of processes in which one process must finish running before the next one begins. Asynchronous processes can run on different threads simultaneously, because their outcome is independent of other processes. Administrators can use a policy setting for each GPO to change the default processing behavior so that processing is asynchronous instead of synchronous. Under synchronous processing, there is a time limit of 60 minutes for all of Group Policy to finish processing on the client computer. Client-side extensions that have not finished processing after 60 minutes are signaled to stop. In this case, the associated policy settings might not be fully applied.
Fast Logon Optimization feature The Fast Logon Optimization feature is set by default for both domain and workgroup members. The result is the asynchronous application of policy when the computer starts up and when the user logs on. This application of policy is similar to a background refresh. It can reduce the length
150 of time it takes for the logon dialog box to appear and the length of time it takes for the desktop to become available to the user.
Notes: Logon Optimization is not enabled and policies are processed synchronously when the user logs on for the first time, the user has a roaming profile, the user has a HomeDir, and the user has a logon script specified in the User object. Folder Redirection and Group Policy Software Installation require a synchronous application of policy. Under these conditions, computer startup can still be asynchronous. However, since logon is synchronous, logon does not exhibit optimization. Client computers running Windows XP Professional, Windows XP 64-bit Edition (Itanium), and Windows Server 2003 operating systems support Fast Logon Optimization in any domain environment. For servers, startup and logon processing always behaves as if this policy setting is enabled. Administrators can disable the Fast Logon Optimization feature with the Always wait for the network at computer startup and logon policy setting, which is accessed in the Computer Configuration\Administrative Templates\System\Logon node of Group Policy Object Editor. When this policy setting is enabled, logons are performed in the same way as they are for Windows 2000 clients. This means that Windows XP waits for the network to be fully initialized before users are logged on. Group Policy is applied synchronously in the foreground.
Slow links processing Some Group Policy extensions are not processed when the connection speed falls below specified thresholds. The default value for what Group Policy considers a slow link is any rate slower than 500 Kilobits per second (Kbps). The default settings for processing Group Policy over slow links are as follows.
Setting Default
Security Settings ON (cannot be turned off)
IP Security ON
EFS ON
Software Restriction Policies ON
Wireless ON
Administrative Templates ON (cannot be turned off)
Software Installation OFF
Scripts OFF
Folder Redirection OFF
IE maintenance ON
151 Administrators can use a policy setting to override the default setting. To specify settings for Group Policy slow link detection for computers, use the Group Policy slow link detection policy setting in the Computer Configuration\Administrative Templates\System\Group Policy node of Group Policy Object Editor. To set this option for users, use the Group Policy slow link detection policy setting in User Configuration\Administrative Templates\System\Group Policy. For more information about managing Group Policy over slow links, see Specifying Group Policy for Slow Link Detection (http://go.microsoft.com/fwlink/?LinkId=80435) on the Microsoft TechNet site.
Group Policy refresh interval By default, Group Policy is processed every 90 minutes, with a randomized delay of up to 30 minutes — for a total maximum refresh interval of up to 120 minutes. For security settings, after you have edited security settings policies, the policy settings are refreshed on the computers in the organizational unit to which the Group Policy object is linked: When a computer restarts. Every 90 minutes on a workstation or server and every 5 minutes on a domain controller. By default, security policy settings delivered by Group Policy are also applied every 16 hours (960 minutes), even if a GPO has not changed.
Triggering a Group Policy refresh Changes made to the Group Policy object must first replicate to the appropriate domain controller; therefore, changes to Group Policy settings might not be immediately available on users’ desktops. In some scenarios, such as application of security policy settings, it may be necessary to apply policy settings immediately. Administrators can trigger a policy refresh manually from a local computer without waiting for the automatic background refresh. To do this, administrators can type gpupdate at the command line to refresh the user or computer policy settings. You cannot use GPMC to trigger a policy refresh. The gpupdate command triggers a background policy refresh on the local computer from which the command is run. The gpupdate command is used in Windows Server 2003 and Windows XP environments. The application of Group Policy cannot be pushed to clients on demand from the server. For more information about using gpupdate, see Refresh Group Policy settings with GPUpdate.exe (http://go.microsoft.com/fwlink/?LinkId=80461) on the Microsoft TechNet Web site.
Targeting the application of Group Policy Objects The primary method for specifying which users and computers receive the settings from a GPO is the GPO link to sites, domains, and organizational units. You can change the default order in which GPOs are processed by changing the link order, blocking policy inheritance, enforcing a GPO link (previously known as no override), and disabling a GPO link.
152 Administrators can use security filtering and WMI filtering to modify the set of users and computers to which to apply a GPO. Administrators can also use the Loopback processing feature to ensure that the same set of policy settings is applied to any user that logs on to a specific computer.
Changing the GPO processing order Administrators can use one of the following methods to change the order in which GPOs are processed: Change the link order. The GPO link order in a site, domain, or OU controls when links are applied. Administrators can change the precedence of a link by changing the link order, moving each link up or down in the list to the appropriate location. The link with the higher order (1 is the highest order) has the higher precedence for a site, domain, or organizational unit. Block inheritance. Using block inheritance for a domain or OU prevents GPOs linked to higher sites, domains, or organizational units from being automatically inherited by the child- level Active Directory container. By default, child-level containers inherit all GPOs from the parent. However, it is sometimes useful to block inheritance. Enforce a GPO link. Administrators can specify that the settings in a GPO link take precedence over the settings of any child object by setting that link to Enforced. GPO links that are enforced cannot be blocked from the parent container. If GPOs contain conflicting settings and do not have enforcement from a higher-level container, the settings of the GPO links at the higher-level parent container are overwritten by settings in GPOs linked to child organizational units. With enforcement, the parent GPO link always has precedence. By default, GPO links are not enforced. Disable a GPO link. By default, processing is enabled for all GPO links. You can completely block the application of a GPO for a site, domain, or organizational unit by disabling the GPO link for that domain, site, or organizational unit. This does not disable the GPO. If the GPO is linked to other sites, domains, or organizational units, they will continue to process the GPO if their links are enabled.
Security filtering This method is used to specify that only specific security principals within a container where the GPO is linked apply the GPO. Administrators can use security filtering to narrow the scope of a GPO so that the GPO applies only to a single group, user, or computer. Security filtering cannot be used selectively on different settings within a GPO. The GPO applies to a user or computer only if that user or computer has both Read and Apply Group Policy (AGP) permissions on the GPO, either explicitly or effectively though group membership. By default, all GPOs have Read and AGP set to Allowed for the Authenticated Users group, which includes users and computers. This is how all authenticated users receive the settings of a new GPO when the GPO is applied to an organizational unit, domain, or site. By default, Domain Admins, Enterprise Admins, and the local system have full control permissions, without the Apply Group Policy access-control entry (ACE). Administrators are also
153 members of Authenticated Users. This means that, by default, administrators receive the settings in the GPO. These permissions can be changed to limit the scope to a specific set of users, groups, or computers within the organizational unit, domain, or site. The Group Policy Management Console (GPMC) manages these permissions as a single unit and displays the security filtering for the GPO on the GPO Scope tab. In GPMC, groups, users, and computers can be added or removed as security filters for each GPO. For information about GPMC, see the Group Policy Management Tools section.
Windows Management Instrumentation filtering Windows Management Instrumentation (WMI) is the Microsoft implementation of the Web-Based Enterprise Management industry initiative that establishes management infrastructure standards and provides a way to combine information from various hardware and software management systems. WMI exposes hardware configuration data such as CPU, memory, disk space, and manufacturer, as well as software configuration data from the registry, drivers, file system, Active Directory, the Windows Installer service, networking configuration, and application data. Data about a target computer can be used for administrative purposes, such as WMI filtering of GPOs. WMI filtering is used to filter the application of a GPO by attaching a WMI Query Language (WQL) query to a GPO. The queries can be used to query WMI for multiple items. If a query returns true for all queried items, the GPO is applied to the target user or computer. A GPO is linked to a WMI filter and applied on a target computer, and the filter is evaluated on the target computer. If the WMI filter evaluates to false, the GPO is not applied (except if the client computer is running Windows 2000, in which case the filter is ignored and the GPO is always applied). If the WMI filter evaluates to true, the GPO is applied. The WMI filter is a separate object from the GPO in the directory. A WMI filter must be linked to a GPO in order to apply, and a WMI filter and the GPO to which it is linked must be in the same domain. WMI filters are stored only in domains. Each GPO can have only one WMI filter. The same WMI filter can be linked to multiple GPOs.
Loopback processing Loopback processing is an advanced Group Policy setting that is useful on computers in some closely managed environments, such as servers, kiosks, laboratories, classrooms, and reception areas. Setting loopback causes the User Configuration policy settings in GPOs that apply to the computer to be applied to every user logging on to that computer, instead of (in Replace mode) or in addition to (in Merge mode) the User Configuration settings of the user. Administrators can use this feature to ensure that a consistent set of policy settings is applied to any user that logs on to a specific computer, regardless of the user's location in Active Directory. To set Loopback processing, administrators can use the User Group Policy loopback processing mode policy setting, which is accessed under Computer Configuration\Administrative Templates\System\Group Policy in Group Policy Object Editor. To use the Loopback processing feature, both the user account and the computer account must be in a Windows 2000 or later domain. Loopback does not work for computers joined to a workgroup.
154 For more information about targeting the application of GPOs, see Controlling the Scope of Group Policy Objects using GPMC (http://go.microsoft.com/fwlink/?LinkId=80462) on the Microsoft TechNet site.
Administrative Templates extension The Administrative Templates extension of Group Policy consists of an MMC server-side snap-in used to configure policy settings and a client-side extension that sets registry keys on target computers. Administrative Templates policy is also known as registry-based policy or registry policy. The 2007 Microsoft Office system policy settings are contained in Administrative Template files, which can be downloaded from 2007 Office System Administrative Templates (ADM) (http://go.microsoft.com/fwlink/?LinkId=78161) on the Microsoft Download Center.
Administrative Template files Administrative Template (.adm) files are Unicode files which consist of a hierarchy of categories and subcategories that define how options display through the Group Policy Object Editor and GPMC. They also indicate the registry locations where changes should be made if a selection is made, specify options or restrictions (in values) associated with the selection, and, in some cases, indicate a default value to use if a selection is activated. The functionality of .adm files is limited. The purpose of .adm files is to enable a user interface to configure policy settings. .Adm files do not contain policy settings. The policy settings are contained in registry.pol files located in the Sysvol folder on domain controllers. The Administrative Templates server-side snap-in provides an Administrative Templates node that appears in Group Policy Object Editor under the Computer Configuration node and under the User Configuration node. The settings under Computer Configuration manipulate registry settings for the computer. Settings under User Configuration manipulate registry settings for users. Although some policy settings require simple UI elements such as text boxes to enter values, most policy settings contain only the following options: Enabled: The policy is enforced. Some policy settings provide additional options that define the behavior when the policy is activated. Disabled: Enforces the opposite behavior as the Enabled state for most policy settings. For example, if Enabled forces a feature's state to Off, Disabled forces the feature's state to On. Not configured: The policy is not enforced. The default is not configured for most settings.
Administrative Template files for the 2007 Office System The following Administrative Template files are available for the 2007 Office system: office12.adm: shared Office components access12.adm: Microsoft Office Access 2007 cpao12.adm: Calendar Printing Assistant for Microsoft Office Outlook 2007
155 excel12.adm: Microsoft Office Excel 2007 groove12.adm: Microsoft Office Groove 2007 ic12.adm: Microsoft Office InterConnect 2007 inf12.adm: Microsoft Office InfoPath 2007 onent12.adm: Microsoft Office OneNote 2007 outlk12.adm: Microsoft Office Outlook 2007 ppt12.adm: Microsoft Office PowerPoint 2007 proj12.adm: Microsoft Office Project 2007 pub12.adm: Microsoft Office Publisher 2007 spd12.adm: Microsoft Office SharePoint Designer 2007 visio12.adm: Microsoft Office Visio 2007 word12.adm: Microsoft Office Word 2007 Administrators can use the 2007 Office system policy settings for tasks such as the following: Managing security settings for the 2007 Office system applications Preventing connections to the Internet from the 2007 Office system applications Hiding or disabling 2007 Office system user interface settings that might be confusing to users or unnecessary for users to perform their work Creating highly managed or less restricted, standard configurations of users' computers Setting default File Save options for the 2007 Office system applications to prepare for migration from earlier versions of Office For example, administrators can use Group Policy to disable, enable, or configure most of the settings that control the Office user interface, such as: Menu commands Shortcut keys Options dialog box settings The large numbers of Group Policy settings available for the 2007 Office system provide a high degree of flexibility. Administrators can create highly restricted or lightly managed configurations, depending on the specific business requirements and security concerns of their organizations. To download the 2007 Office system Administrative Template files, see 2007 Office System Administrative Templates (ADM) in the Microsoft Download Center. You can also download the 2007 Microsoft Office System Open XML Format converters Administrative Template (ADM) file from the Microsoft Download Center. Administrators can use this template to modify the default behavior for the Microsoft Office Word, Excel, and PowerPoint 2007 Open XML Format converters. Administrators can modify Microsoft Office 2003 and Microsoft Office XP Administrative Template files to set default File Save As options to include the new OpenXML file formats of the 2007 Microsoft Office programs. For more information, see KB article 932127, How to modify an existing Office policy file (ADM file) for Office 2003 and for Office XP to set the Save As default file format to include the new OpenXML file formats of the 2007 Microsoft Office programs on the Microsoft Support Knowledge Base (KB) Web site.
156 For more information about Administrative Templates, see the Administrative Templates Extension Technical Reference (http://go.microsoft.com/fwlink/?LinkId=56088). Windows Vista and Windows Server 2008 introduce a new XML-based format for Administrative Template files, as discussed in the next section.
Administrative Template Files: Changes in Windows Vista and Windows Server 2008 First released in Windows NT 4.0, Administrative Template files used a unique file format known as .adm files. In Windows Vista and Windows Server 2008 operating systems, these files are replaced by ADMX files, which use an XML-based file format to display registry-based policy settings. These new Administrative Template files make it easier to manage registry-based policy settings in Windows Vista and Windows Server 2008. The policy settings contained in the Office 2007 ADM and ADMX files are the same. The new ADMX and ADML files replace earlier .adm files and are divided into language-neutral (ADMX) and language-specific (ADML) resource files. These new file types allow Group Policy tools to adjust the user interface according to the administrator's configured language. Group Policy Object Editor and Group Policy Management Console continue to recognize earlier .adm files you may have in your current environment. Custom .adm files (or .adm files that are not delivered by default in the operating system) in a GPO are used by Group Policy Object Editor and Group Policy Management Console. The tools do not recognize earlier .adm files that were included by default in the operating system, such as System.adm and Inetres.adm. Administrators can manage Group Policy settings affecting Windows Vista and earlier operating systems from a workstation running Windows Vista. ADMX files are supported only on the Windows Vista operating system. Copying ADMX files to earlier operating systems has no effect.
Note Administrators can convert ADM files to the ADMX format by using the ADMX Migrator tool. ADMX Migrator provides an ADMX editor with a graphical user interface for creating and editing administrative templates. For more information, see ADMX Migrator (http://go.microsoft.com/fwlink/?LinkId=77409).
ADMX and ADML file storage in Windows Vista The central store is a folder created on the Sysvol folder of an Active Directory domain controller. This folder provides a single, centralized storage location for ADMX and ADML files for the domain. Administrators can create a central store on a domain controller running Windows Server 2003 R2, Windows Server 2003 SP1, or Windows 2000 Server. The creation of the central store does not require Windows Server 2008. For more information about administering ADMX files in Vista, see Managing Group Policy ADMX Files Step-by-Step Guide, Requirements for Editing Group Policy Objects Using ADMX Files, and Scenario 2: Editing Domain-Based GPOs Using ADMX Files on the Microsoft TechNet Web site.
157 User preferences and true policies Group Policy settings that administrators can fully manage are referred to as true policies. Settings that users configure or that reflect the default state of the operating system at installation time are referred to as preferences. Both true policies and preferences contain information that modifies the registry on users’ computers. There are important distinctions between true policies and preferences. True policy settings take precedence over preference settings. Registry values for true policies are stored under the approved registry keys for Group Policy. Users cannot change or disable these settings: For computer policy settings: HKEY_LOCAL_MACHINE\Software\Policies (the preferred location) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies For user policy settings: HKEY_CURRENT_USER\Software\Policies (the preferred location) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies Preferences are set by users or by the operating system at installation time. The registry values that store preferences are located outside the approved Group Policy keys shown in the preceding table. Users can change their preferences. Administrators can write an .adm file that sets registry values outside of the approved Group Policy registry trees. In this case, this method only ensures that a registry key or value is set in a specific way. With this approach, the administrator configures preference settings instead of true policy settings and marks the registry with these settings. This means that the settings persist in the registry, even if the preference setting is disabled or deleted. If you configure preference settings by using a GPO in this manner, the GPOs that you create do not have Access Control List (ACL) restrictions. Therefore, users might be able to change these values in the registry. When the GPO goes out of scope (if the GPO is unlinked, disabled, or deleted), these values are not removed from the registry. In contrast, true registry policy settings do have ACL restrictions to prevent users from changing the settings. The policy values are removed when the GPO that sets the values goes out of scope. For this reason, true policies are considered to be policy settings that can be fully managed. By default, the Group Policy Object Editor only displays policy settings that can be fully managed. To view preferences in Group Policy Object Editor, click the Administrative Templates node, click View, click Filtering, and then clear Only show policy settings that can be fully managed. True policy settings take priority over preferences; however, they do not overwrite or modify the registry keys used by the preferences. If a policy setting is deployed that conflicts with a preference setting, the policy setting takes precedence over the preference. If both a policy and preference are present, the preference is successfully restored if the policy is removed or disabled. Preference settings persist in the registry until they are reversed by a counteracting policy setting or by editing the registry. The following table summarizes the effects of policy settings and preferences.
158 Group Policy present Preference present Resultant behavior
No No Default
No Yes The preference setting configures behavior.
Yes No The policy setting configures behavior.
Yes Yes The policy setting configures behavior. The preference setting is ignored.
For the 2007 Office system, all user-specific policy settings are stored in the HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0 sub-key. Computer-specific policies are stored in the HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\12.0 sub-key. By default, both policy sub-keys are locked to prevent users from modifying them.
Group Policy Management tools Administrators use the following tools to administer Group Policy: Group Policy Management Console (GPMC) and Group Policy Object Editor Microsoft Management Console (MMC) snap- ins. Administrators use Group Policy Management Console for managing most Group Policy management tasks. Group Policy Object Editor is used for configuring policy settings in Group Policy objects.
Group Policy Management Console GPMC simplifies the management of Group Policy by providing a single tool for managing core aspects of Group Policy, such as scoping, delegating, filtering, and manipulating inheritance of GPOs. GPMC can also be used to back up (export), restore, import, and copy GPOs. Administrators can use GPMC to predict how GPOs will affect the network and to determine how GPOs have changed settings on a computer or user. GPMC is the preferred tool for managing most Group Policy tasks in a domain environment. GPMC provides a view of GPOs, sites, domains, and OUs across an enterprise, and can be used to manage either Windows Server 2003 or Windows 2000 domains. Administrators use GPMC to perform all Group Policy management tasks, with the exception of configuring individual policy settings in Group Policy objects. This is done with Group Policy Object Editor. GPMC invokes Group Policy Object Editor. and you can use this tool from GPMC. Administrators use GPMC to create a GPO with no initial settings. An administrator can also create a GPO and link the GPO to an Active Directory container at the same time. To configure individual settings within a GPO, an administrator edits the GPO from within GPMC. Group Policy Object Editor displays with the GPO loaded. An administrator can use GPMC to link GPOs to sites, domains, or OUs in Active Directory. Administrators must link GPOs to apply settings to users and computers in Active Directory Containers. GPMC includes the following Resultant Set of Policies (RSoP) features that are provided by Windows:
159 Group Policy Modeling. Simulates what policy settings are applied under circumstances specified by an administrator. Administrators can use Group Policy Modeling to simulate the RSoP data that would be applied for an existing configuration, or they can analyze the effects of simulated, hypothetical changes to their directory environment. Group Policy Modeling requires that you have at least one domain controller running Windows Server 2003, because this simulation is performed by a service running on a domain controller that is running Windows Server 2003. For more information, see Group Policy Modeling (http://go.microsoft.com/fwlink/?LinkId=82672) on the Microsoft TechNet Web site. Group Policy Results. Represents the actual policy data that is applied to a computer and user. Data is obtained by querying the target computer and retrieving the RSoP data that was applied to that computer. The Group Policy Results capability is provided by the client operating system and requires Windows XP, Windows Server 2003, or later versions of the operating system. For more information, see Group Policy Results (http://go.microsoft.com/fwlink/?LinkId=82673) on the Microsoft TechNet Web site. GPMC was originally provided as a separate download component for Microsoft Windows Server 2003 and Windows XP. To download GPMC, see Download Group Policy Management Console (GPMC) (http://go.microsoft.com/fwlink/?LinkId=58541) on the Microsoft Download Center Web site. In Windows Vista and Windows Server 2008, GPMC is integrated directly into the operating system and is the standard tool for managing Group Policy tasks along with Group Policy Object Editor. For more information about GPMC, see Step-by-Step Guide to Using Group Policy Management Console (http://go.microsoft.com/fwlink/?LinkId=75196) on the Microsoft TechNet Web site.
Group Policy Object Editor Group Policy Object Editor is an MMC snap-in that is used to configure policy settings in Group Policy objects. The Group Policy Object Editor is contained in gpedit.dll, and is installed with Windows 2000, Windows XP, Windows Server 2003, and Windows Vista and Windows Server 2008 operating systems. On computers running Windows 2000, Windows XP with the Windows Server 2003 Administration Tools Pack installed, and Windows Server 2003, you can access the Group Policy Object Editor from the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. To configure Group Policy settings for a local computer that is not a member of a domain, use Group Policy Object Editor to manage a local GPO (or multiple GPOs in computers running Windows Vista or Windows Server 2008). To configure Group Policy settings in a domain environment, GPMC, which invokes Group Policy Object Editor, is the preferred tool for Group Policy management tasks. Group Policy Object Editor provides administrators with a hierarchical tree structure for configuring Group Policy settings in GPOs. These GPOs can then be linked to sites, domains, and OUs that contain computer or user objects.
160 Group Policy Object Editor consists of two main nodes: User Configuration, which contains settings that are applied to users at logon and periodic background refresh, and Computer Configuration, which contains settings that are applied to computers at startup and periodic background refresh. The main nodes are further divided into folders that contain the different types of policy settings that can be set. These folders include: Software Settings, which contains software installation settings Windows Settings, which contains Security Settings and Scripts policy settings Administrative Templates, which contains registry-based policy settings For more information about Group Policy Object Editor, see Group Policy (pre-GPMC) (http://go.microsoft.com/fwlink/?LinkId=72742) on the Microsoft TechNet Windows Server 2003 site.
Office Customization Tool and Group Policy Administrators can use two tools to customize user configurations for the 2007 Office system applications: Office Customization Tool (OCT) and Group Policy. Although both of these tools configure user settings, there are important distinctions. The Office Customization Tool is used to create a Setup customization file (MSP file). Administrators can use the OCT to customize features and configure user settings. Users can modify most of the settings after the installation. This is because the OCT configures settings in publicly accessible portions of the registry, such as HKEY_CURRENT_USER/Software/Microsoft/Office/12.0. This tool is typically used in organizations that do not manage desktop configurations centrally. For more information, see Office Customization Tool in the 2007 Office system. Group Policy is used to configure the 2007 Office system policy settings contained in Administrative Templates, and the operating system enforces those policy settings. In an Active Directory environment, administrators can apply policy settings to groups of users and computers in a site, domain, or organizational unit to which a Group Policy object is linked. True policy settings are written to the approved registry keys for policy, and these settings have ACL restrictions that prevent non-administrator users from changing them. Administrators can use Group Policy to create highly managed desktop configurations. They can also create lightly managed configurations to address the business and security requirements of their organizations.
See Also Enforce settings by using Group Policy in the 2007 Office system Disabling User Interface Items and Shortcut Keys by Specifying Toolbar Control IDs Planning for security in the 2007 Office system Plan for configuring security settings in Outlook 2007 Using Group Policy to set default file save options
161