Office Administrative Templates and Office Customization Tool

From EJP Documentation
Jump to navigation Jump to search

Goals

Remove or disable items that would not add value to the user experience

Microsoft is a very large and complicated product. There are many features we don't need and other we can't use. Although we already excluded a number of applications, there is more to be done. The general categories of features we want to disable include:

  • Things that require an Internet servicesto operate (e.g. Powerpoint broadcast, Sharepoint workspace, Blog publisher)
  • Links to Internet webpages (e.g. various Help and Learn more features)
  • Dependencies on components we didn't install (e.g. Email and Sharepoint)
  • Invitations to download new content or updates (e.g. templates, clipart, addins)

Leaving these features enabled diminishes the value of the experience because it is not clear to the user which features are expected to work or not. They may be very interested in features that help them share and collaborate, but clicking those buttons and selecting those options will just lead to error messages, opening web browsers to nowhere. Our students have very limited time with the computers, lets not distract them from the useful parts.

Remove All Encryption opportunities

At this time we don't want to expose any opportunities to create encrypted documents or databases. The administration is wary of concealed data or messages, and we have promised that they would have access to all data on the server.


Tools

Policy templates

Download the Office 2010 Administrative Template files(documentation)

Just like our default windows policy templates, We'll install these permenantely into our windows Policues directoy to make them available. Then we can use the Policy editor to adjust the settings

Control Identification

Download the Office Fluent User Interface Control Identifiers

The office user interface is very configurable. Every button and menu (controls) can individually be disabled. These excel spreadsheets are a catalog of all the controls (all, so wen can identify them in the policies. Many of the things we want to disable are already specified in the policy templates, but for the ones that aren't we can use these ID's for custom policies.

Disable commands Enabled \Microsoft Access 2010\Disable Items in User Interface\Predefined "Databast tools…Encrypt with password'"
Disable commands Enabled \Microsoft Excel 2010\Disable Items in User Interface\Custom 15675 18209 18209 18204 10014 7991
Disable commands Enabled \Microsoft Excel 2010\Disable Items in User Interface\Predefined "File…Send Using email"
Disable commands Enabled \Microsoft PowerPoint 2010\Disable Items in User Interface\Custom 16461 18204 15675 7991 10014
Disable commands Enabled \Microsoft PowerPoint 2010\Disable Items in User Interface\Predefined "File…Send Using email"
Disable commands Enabled \Microsoft Publisher 2010\Disable Items in User Interface\Custom 3738 11539
Disable commands Enabled \Microsoft Publisher 2010\Disable Items in User Interface\Predefined "File…Send Using email" "File…Email Preview"
Disable commands Enabled \Microsoft Word 2010\Disable Items in User Interface\Custom 18204 18209 15675 12809 5908 7991 10014
Disable commands Enabled \Microsoft Word 2010\Disable Items in User Interface\Predefined "File…Send Using email"
Disable commands under File tab | Help Enabled \Microsoft Office 2010\Disable Items in User Interface "Getting Started" "Contact us" "Take office with you" "Check for updates"
Disable default service Enabled \Microsoft PowerPoint 2010\Broadcast


Save/Restore for policy

The two policy files for local computers are

"C:\Windows\System32\GroupPolicy\User\Registry.pol"
"C:\Windows\System32\GroupPolicy\Machine\Registry.pol"

You can copy those from one computer and drop them ont he next. So you can careful craft your perfect policy state and redeploy it as needed. One problem with this is that you can't merge or edit. It is all or nothing.

After you deposit the policy files in thoer destination folders on the computer you are applying them to, you can perform the command:

 C:\Users\aantony> GPUPDATE /force
 Updating policy...
 
 Computer Policy update has completed successfully.
 User Policy update has completed successfully.