Information Rights Management in the 2007 Microsoft Office system

This article explains how you can restrict permission to content in documents, workbooks, and presentations by using Information Rights Management (IRM), which is available in the 2007 Microsoft Office system. For information on how you can restrict permission to content in e-mail messages, see Restrict permission to confidential information in e-mail messages.

For information on how to set a password to open or modify a file, see Set a password to open or modify a document, workbook, or presentation. There are other articles that describe using passwords to protect formatting in documents and protect worksheet or workbook elements.

In this article


The purpose of IRM and its limitations

Information Rights Management (IRM) allows individuals and administrators to specify access permissions to documents, workbooks, and presentations. This helps prevent sensitive information from being printed, forwarded, or copied by unauthorized people. After permission for a file has been restricted by using IRM, the access and usage restrictions are enforced no matter where the information is, because the permission to a file is stored in the document file itself.

IRM helps individuals enforce their personal preferences concerning the transmission of personal or private information. IRM also helps organizations enforce corporate policy governing the control and dissemination of confidential or proprietary information.

IRM helps to do the following:

  • Prevent an authorized recipient of restricted content from forwarding, copying, modifying, printing, faxing, or pasting the content for unauthorized use
  • Prevent restricted content from being copied by using the Print Screen feature in Microsoft Windows
  • Restrict content wherever it is sent
  • Support file expiration so that content in documents can no longer be viewed after a specified period of time
  • Enforce corporate policies that govern the use and dissemination of content within the company

IRM can't prevent the following:

  • Content from being erased, stolen, or captured and transmitted by malicious programs such as Trojan horses, keystroke loggers, and certain types of spyware
  • Content from being lost or corrupted because of the actions of computer viruses
  • Restricted content from being hand-copied or retyped from a display on a recipient's screen
  • A recipient from taking a digital photograph of the restricted content displayed on a screen
  • Restricted content from being copied by using third-party screen-capture programs

Top of Page Top of Page

File types you can rights manage with IRM

Using IRM in 2007 Office release, you can rights manage XML Paper Specification (.xps) files as well as the following file types:

Word files

File type Extension
Document .doc
Document .docx
Macro-enabled document .docm
Template .dot
Template .dotx
Macro-enabled template .dotm

Excel files

File type Extension
Workbook .xls
Workbook .xlsx
Macro-enabled workbook .xlsm
Template .xlt
Template .xltx
Macro-enabled template .xltm
Non-XML binary workbook .xlsb
Macro-enabled add-in .xla
Macro-enabled add-in .xlam

PowerPoint files

File type Extension
Presentation .ppt
Presentation .pptx
Macro-enabled presentation .pptm
Template .pot
Template .potx
Macro-enabled template .potm
Show .pps
Show .ppsx
Macro-enabled show .ppsm
Office theme .thmx

 Notes 

  • When these file types are attached to a rights-managed e-mail message in Office Outlook 2007, they will automatically be rights managed as well.
  • When you attach a message (.msg) file to a rights managed e-mail message, the attached message is not rights managed. IRM does not rights manage .msg file types.

Top of Page Top of Page

Configure your computer to use IRM

To use IRM in the 2007 Office release, the minimum required software is Windows Rights Management Services (RMS) Client Service Pack 1 (SP1). If you use a computer running Windows Vista, the Windows Rights Management Services (RMS) Client is already installed. If you use a computer running Windows XP, the Windows Rights Management Services (RMS) Client Service Pack 1 (SP1) must be installed on your computer either by you or your RMS administrator. The RMS administrator can configure company-specific IRM policies that define who can access information and what level of editing is permitted for an e-mail message. For example, a company administrator might define a rights template called "Company Confidential," which specifies that an e-mail message that uses that policy can be opened only by users inside the company domain.

Install the Windows Rights Management Services (RMS) Client

  1. In Windows XP, click the Start button, and then click Control Panel.
  2. Click Add or Remove Programs, and then click Add or Remove Programs. In the left pane, click Add New Programs. From the list of programs, click Windows Rights Management Services Client, and then click Add.

 Note   In Classic view, double-click Add or Remove Programs, and then in the left pane, click Add New Programs. From the list of programs, click Windows Rights Management Services Client, and then click Add.

Alternatively, when you first try to open files that have been rights-managed by using IRM, the 2007 Office release prompts you to download the Windows Rights Management Services Client if you are running a computer without that software. For more information about the Windows Rights Management Services Client, visit the Windows Rights Management Services Web site.

Top of Page Top of Page

Download permissions

The first time that you attempt to open a document, workbook, or presentation with restricted permission, you must connect to a licensing server to verify your credentials and to download a use license. The use license defines the level of access that you have to a file. This process is required for each file with restricted permission. In other words, content with restricted permission cannot be opened without a use license. Downloading permissions requires that Microsoft Office send your credentials (which includes your e-mail address) and information about your permission rights to the licensing server. Information contained in the document is not sent to the licensing server. For more information, read the Privacy Statement for the 2007 Microsoft Office system.

Top of Page Top of Page

Restrict permission to content in files

Authors can restrict permission for documents, workbooks, and presentations on a per-user, per-document, or per-group basis (group-based permissions require Microsoft Active Directory directory service for group expansion). Authors use the Permission dialog box to give users Read and Change access, as well as to set expiration dates for content. For example, Ranjit, the author, can give Helena permission to read a document but not make changes to it. Ranjit can then give Bobby permission to make changes to the document and allow him to save the document. Ranjit may also decide to limit both Helena's and Bobby's access to this document for five days before the permission to the document expires. For information about setting an expiration date for a document, see Set an expiration date for a file.

Permission dialog box

  1. Save the document, workbook, or presentation.
  2. Click the Microsoft Office Button Button image, point to Prepare, point to Restrict Permission, and then click Do Not Distribute.
  3. Select the Restrict permission to this document check box, and then assign the access levels that you want for each user.

Your choices might be limited if an administrator has set custom permission policies that individuals cannot alter.

Permission levels

  • Read     Users with Read permission can read a document, workbook, or presentation, but they don't have permission to edit, print, or copy it.
  • Change     Users with Change permission can read, edit, and save changes to a document, workbook, or presentation, but they don't have permission to print it.
  • Full Control     Users with Full Control permission have full authoring permissions and can do anything with the document, workbook, or presentation that an author can do, such as set expiration dates for content, prevent printing, and give permissions to users. After permission for a document has expired for authorized users, the document can be opened only by the document author or by users with Full Control permission to the document. Authors always have Full Control permission.
  1. To give someone Full Control permission, click More Options, and then in the Access Level column, click the arrow, and then click Full Control in the Change list.

Permission dialog box

  1. After you assign permission levels, click OK.

The Message Bar appears, indicating that the document is rights-managed. If you need to make any access permission changes to the document, click Change Permission.

Message Bar

If a document with restricted permission is forwarded to an unauthorized person, a message appears with the author's e-mail address or Web site address so that the individual can request permission for the document.

Dialog box image

If the author chooses not to include an e-mail address, unauthorized users get an error message.

Set an expiration date for a file

  1. Open the file.
  2. Click the Microsoft Office Button Button image, point to Prepare, point to Restrict Permission, and then click Do Not Distribute.
  3. Select the Restrict permission to this document check box, and then click More Options.
  4. Under Additional permissions for users, select the This document expires on check box, and then enter a date.
  5. Click OK twice.

Top of Page Top of Page

Use a different Windows user account to rights-manage files

  1. Open the document, worksheet, or presentation.
  2. Click the Microsoft Office Button Button image, point to Prepare, point to Restrict Permission, and then click Manage Credentials.
  3. Do one of the following:
    • In the Select User dialog box, select the e-mail address for the account that you want to use, and then click OK.
    • In the Select User dialog box, click Add, type your credentials for the new account, and then click OK twice.

Select User dialog box

Top of Page Top of Page

View content with restricted permission

To view rights-managed content that you have permissions to by using the 2007 Office release, just open the document, workbook, or presentation.

If you want to view the permissions you have, either click View Permission in the Message Bar or click the button in the status bar at the bottom of your screen.

Status bar

Top of Page Top of Page

 
 
Applies to:
Excel 2007, PowerPoint 2007, Word 2007