Microsoft Office_mac 2008 Home and Student Edition GZA 00006 User Manual |
Microsoft Office 2008 for Mac
Administrator Guide
Table of contents
Introducing Office 2008 for Mac ...........................................................................................................................1
Office 2008 Evaluation .......................................................................................................................................................2
How Office 2008 delivers business value............................................................................................................2
What's new in Office 2008........................................................................................................................................6
What's new for the IT professional ...............................................................................................................6
What's new for the end user ........................................................................................................................10
Compare versions of Office for Mac..................................................................................................................17
Office 2008 system requirements.......................................................................................................................26
About Microsoft Volume Licensing programs...............................................................................................27
Office 2008 Planning........................................................................................................................................................27
Planning a deployment...........................................................................................................................................27
Deployment methods for Office 2008......................................................................................................27
Deployment methods for Office 2008 preferences.............................................................................29
Setup sequence of events..............................................................................................................................30
Planning for Office 2008 product updates.............................................................................................35
Planning your e-mail system........................................................................................................................36
Planning for Entourage 2008 ...............................................................................................................................41
Default ports for Entourage 2008 ..............................................................................................................41
Exchange Server and related requirements for Entourage 2008 ...................................................42
Entourage 2008 deployments in an Active Directory infrastructure.............................................43
How the Account Setup Assistant works.................................................................................................45
How e-mail rules work in Entourage 2008 .............................................................................................46
How Entourage 2008 works with free/busy data.................................................................................49
Entourage 2008 features supported by different versions of Exchange Server........................50
Differences between Entourage 2008 and Outlook 2007.................................................................51
Planning Entourage security.........................................................................................................................53
Planning to use Office 2008 with related Microsoft products.................................................................67
Document Connection for Mac...................................................................................................................67
Working with external data sources in Excel..........................................................................................71
Working with macros......................................................................................................................................72
Office 2008 Deployment ................................................................................................................................................73
Installation by using Apple Remote Desktop.........................................................................................74
Installing Office 2008 from a NetBoot image........................................................................................76
Installation from a file server........................................................................................................................77
Installing Office 2008 for Mac updates in a corporate environment ...........................................80
Configuring and deploying Office 2008 preferences..................................................................................84
Configuring Office 2008 application preferences................................................................................84
Configuring AutoUpdate for Office 2008................................................................................................89
Adding custom templates, themes, scripts, and ancillary files........................................................90
Office 2008 preference file locations for deployment........................................................................91
Deploying Office 2008 preferences...........................................................................................................92
Configuring Office 2008 applications ...............................................................................................................93
Configuring Exchange accounts in Entourage 2008...........................................................................93
Configuring Office 2008 for multiple languages..................................................................................98
Office 2008 Operations...................................................................................................................................................99
Maintaining Entourage 2008................................................................................................................................99
Verifying database integrity .........................................................................................................................99
Rebuilding the Entourage database........................................................................................................100
Compacting and backing up the Entourage database ....................................................................101
Managing Mac OS X system preferences......................................................................................................102
Distributing Office 2008 product updates ....................................................................................................103
Office 2008 Security .......................................................................................................................................................104
Planning for security in Office 2008 ................................................................................................................104
Understanding security threats.................................................................................................................104
Best practices for a security-enhanced environment........................................................................107
Configuring and deploying security settings for Office 2008................................................................110
Configure privacy options in Office 2008..............................................................................................110
Configure document protection settings in Office 2008 ................................................................113
Configure security settings for macros in Excel 2008.......................................................................114
Deploy Office 2008 security preferences...............................................................................................115
Mac OS X security...................................................................................................................................................115
Mac OS X passwords .....................................................................................................................................115
Mac OS X firewall............................................................................................................................................115
Office 2008 Technical Reference...............................................................................................................................116
Messaging reference..............................................................................................................................................116
About Project Center.....................................................................................................................................116
About delegation and sharing...................................................................................................................118
About data synchronization .......................................................................................................................119
About Open XML Formats...................................................................................................................................124
Attachment file types in Entourage 2008......................................................................................................126
Play voice mail messages received from Exchange Server 2007 Unified Messaging....................133
Office 2008 Known Issues ............................................................................................................................................134
Security issue in Office 2008 remote installation to Mac OS X v10.4 (Tiger)...................................134
I can't download the volume license version of Office 2008 for Mac by using Safari..................136
Known issues for installation and removal of Office 2008......................................................................137
network home folders...........................................................................................................................................140
Office 2008 Troubleshooting......................................................................................................................................140
Office 2008 Evaluation
Introducing Office 2008 for Mac
Office 2008 for Mac is a suite of desktop productivity applications that is designed to work
specifically with the Macintosh operating system. It provides Macintosh users with applications for
creating effective documents, sharing ideas with other users on Macintosh computers or Windows-
based computers, and managing information efficiently. With its updated user interface and
collaborative tools, Office 2008 provides enhanced and more secure capabilities for capturing and
using business information.
Intended Audience
The Microsoft Office 2008 for Mac Administrator’s Guide is for system implementers, IT managers,
system administrators, or others who are responsible for planning, implementing, and maintaining
Office 2008 in their organizations.
Documentation Roadmap
The following table describes the chapter content in the guide.
Chapter
Description
Describes how Office 2008 delivers business value and how businesses can
benefit from upgrading to this new version of Office.
The purpose of this section is to provide conceptual information to help
decision makers evaluate and recommend information technology solutions to
their organizations. It includes information about the new features in Office
2008 for the consumers, the system requirements for implementing Office 2008
in a production environment, and the licensing terms.
Provides detailed instructions about what to plan before you deploy Office 2008
in a production environment.
The purpose of this section is to help system architects, planners, and
administrators envision and plan the early phases of Office 2008 deployment in
a production environment. This includes providing information about:
•
The hardware and software resources, as well as other infrastructure
requirements for deploying Office 2008.
•
The background information that pertains to the deployment of
Office 2008, such as information about the different deployment
methods.
•
Using Office 2008 with related Microsoft products.
1
Office 2008 Evaluation
Chapter
Description
Describes how to install and deploy Office 2008 in a production environment.
The purpose of this section is to provide system implementers with step-by-step
procedures that will help them deploy Office 2008.
Provides instructions about how to maintain the Office 2008 installation.
The purpose of this section is to provide information for administrators who are
responsible for maintaining the system after deployment. This includes
information about how to distribute product updates efficiently.
Provides details about the enhanced security features in Office 2008.
The purpose of this section is to provide IT professionals with information that
will help them efficiently mitigate security threats while maintaining information
worker productivity.
Provides a list of reference topics that are relevant to running Office 2008.
The purpose of this section is to provide references to additional resources that
might be helpful in planning, deploying, and maintaining Office 2008.
Office 2008 Evaluation
How Office 2008 delivers business value
Office 2008 for Mac is redesigned and reinvented to be more compatible, powerful, and easy to
use. Office 2008 introduces new and improved features across all its applications, so that users can
seamlessly manage information, use high-impact design elements to communicate ideas, and
work efficiently across platforms. The redesigned user interface helps users find the tools they want
quickly and achieve their goals easily. This intuitive user experience also minimizes training and
support demands by providing end users with significantly improved Help capabilities and self-
service tools.
2
Office 2008 Evaluation
Challenges and solutions
Typical
challenges in a
business
environment
Why choose Office 2008
Maximizing user
impact on
business
New graphic capabilities, including SmartArt, WordArt, slide themes, and
charting, enable users to create professional-looking, high-impact documents,
workbooks, and "publication ready" presentations without having to spend
hours on formatting. For example:
outcomes
•
Redesigned charting tools in Excel - By using the improved
charting tools, users can quickly build professional-looking charts
with special effects such as 3-D, transparency, and soft shadows.
•
WordArt and SmartArt - Excel, PowerPoint, and Word include
updated, modern-looking WordArt that users can use to apply 2-D
and 3-D effects to text. Also, users can choose from dozens of
SmartArt graphics to quickly create designer-quality diagrams,
charts, and other information graphics.
•
Slide themes in PowerPoint - A theme is a coordinated set of fonts,
colors, and visual effects that gives a presentation a unified design.
Users can preview and apply dozens of professionally designed
themes directly from the Slide Themes tab in the Elements Gallery.
Users can also modify themes to match their organization’s design,
as well as import themes from other Office files.
3
Office 2008 Evaluation
Typical
challenges in a
business
environment
Why choose Office 2008
Increasing
individual
productivity
Office 2008 helps maximize productivity by providing tools that users can use
to prioritize and manage daily activities, e-mail, calendars, and tasks. With its
results-oriented interface, Office 2008 helps users quickly assemble and create
high quality documents, presentations, and workbooks. The following is a list
of some sample features that help users increase their productivity:
•
Automator support - Automator is a Mac OS X v10.4 (Tiger)
application that helps automate commonly performed and
repetitive tasks. All Office 2008 applications come with several
sample Automator workflows. For example, a workflow in Word
converts text to audio and sends the audio to an iPod. In
Entourage, users can use a sample workflow to print selected e-
mail messages.
•
To Do Lists and My Day in Entourage - Users can manage time and
tasks more efficiently by using the new To Do List feature. The To
Do List displays all To Do items in one place. My Day is a widget-
like application that allows users to display their day's events and
To Do List on the desktop. Users don't even have to open
Entourage to use My Day and view their To Do List.
•
•
Entourage Calendar - The redesigned Calendar interface makes it
easier to manage events and tasks. Users can color-code events by
using categories, quickly create new events by dragging, and view
the To Do List next to the Calendar.
Toolbox and Object Palette - The Office Toolbox provides a one-
stop destination for some of the most useful tools in Office 2008. It
consolidates the Formatting Palette, Object Palette, Compatibility
Report, Scrapbook, Reference Tools, and other application-specific
tools in one convenient interface. The new Object Palette gives
quick and easy access to shapes, Clip Art, symbols, and photos
(including iPhoto).
4
Office 2008 Evaluation
Typical
challenges in a
business
environment
Why choose Office 2008
Optimizing IT
resource
efficiency
By deploying Office 2008, organizations can reduce the total cost of
ownership for Microsoft Office in areas including employee training,
information technology support (IT), meeting expenses, and hardware costs.
Office 2008 can help in the following ways:
•
Documentation support - The new and improved Help and online
training resources provide extensive guidance about how to use
Office 2008. They have been designed to help minimize training
and technical assistance costs. In addition to Help, the Microsoft
Office 2008 for Mac Administrator’s Guide provides technical
guidance to IT professionals who are responsible for planning,
deploying, and maintaining Office 2008 in a business environment.
The online versions of these documentation sets, available both in
Office 2008 Help and on the Microsoft Web site, will now be
updated on an ongoing basis to provide the most up-to-date and
relevant content to users.
•
•
Open XML Formats- The new file formats allow users to create
documents from different data sources, reduce the size of files, and
improve data recovery in corrupted files.
Note Open XML Formats are also the default file formats for the
2007 Microsoft Office system.
Security features - Expanded security features such as anti-spam
and anti-phishing e-mail filters help prevent fraudulent links or
spoofed domains and protect users from these types of online
scams.
5
Office 2008 Evaluation
What's new in Office 2008
What's new for the IT professional
For the IT professional who implements and maintains applications and technical solutions across
an organization, Office 2008 for Mac comes with improved deployment applications. These
applications are designed to help reduce the amount of time that is required to plan and execute
deployments, as well as to simplify the tasks that are associated with managing the organization's
desktop clients. Here are highlights of some of the new and enhanced features in Office 2008.
Office 2008
Office 2008 offers streamlined manageability for the IT professional, helping your team collect,
organize, and share critical information across boundaries. The following list describes some of the
new features in Office 2008.
Universal binary format
Office 2008 uses the universal binary format and is therefore optimized for both Intel-based and
PowerPC-based Macintosh computers.
Open XML Formats
Open XML Formats are now the default file formats for Word 2008, Excel 2008, and PowerPoint
2008. These new file formats allow users to create documents from different data sources, reduce
file sizes, and recover data from corrupted files more easily.
The file formats are based on compressed XML and are therefore substantially smaller than earlier
versions of Office binary formats. This helps businesses reduce the costs that are associated with
document storage.
Note With the Open XML File Format Converter for Mac, you can convert Open XML files to a
format that is compatible with Office 2004 for Mac and Office v. X for Mac. File conversion
tools are available in the Downloads
(www.microsoft.com/mac).
area of the Office for Mac Web site
Enhanced deployment tools
Office 2008 uses the Apple-recommended Apple Installer technology for installation. This makes
the installation process more efficient because the data that Office installs is in the .pkg format.
Office Installer is compatible with Apple Remote Desktop and the installation applications are
AppleScript-ready.
The Office Installer includes enhanced customization capabilities, such as optional font
installations, to assist the IT professional in distributing resources.
6
Office 2008 Evaluation
Intuitive user interface
The updated user interface in Office 2008 provides a more intuitive experience, which makes the
product features easier to find and use. This intuitive user experience also helps minimize training
and support demands by providing end users with significantly improved Help capabilities and
self-service tools.
Documentation support
The Microsoft Office 2008 for Mac Administrator's Guide provides technical guidance for IT
professionals who are responsible for planning, deploying, and maintaining Office 2008 in a
business environment.
The new and improved Help and training resources provide extensive guidance about how to use
Office 2008. They have been designed to give users the answers they need and to help minimize
training and technical assistance costs in an enterprise.
Entourage 2008
Entourage 2008 provides enhanced features that help users manage time and information,
instantly locate information, and filter out unwanted junk e-mail. Entourage also helps protect
users from fraudulent Web sites. When combined with Microsoft Exchange Server 2007, Entourage
2008 makes significant strides with several updates, including support for document retention
policies, support for Kerberos authentication, and support for availability services.
For more information about how Entourage 2008 works with different versions of Microsoft
Office 2008 Planning section.
Support for compliance with managed e-mail folders
Exchange 2007 offers managed folders, a new approach to mail retention policies, archiving, and
regulatory compliance for user mailboxes. Entourage 2008 users can see and interact with these
folders just like any other mail folder, but the messages stored within these folders gain retention,
archive, and expiration policies defined by the administrator. With managed e-mail folders, users
and administrators can easily comply with various forms of external regulation and internal
company policies regarding message retention.
Message classification for mail messages and message posts
When used with Exchange 2007, Entourage 2008 displays message classifications on received
messages. Examples of potential classifications might include HIPAA, Legal Documents, and
Confidential.
7
Office 2008 Evaluation
Support for Exchange Web Services
Entourage 2008 uses Exchange 2007 Web Services to support the following features:
•
•
Free/busy For Exchange 2007 users, Entourage 2008 exposes additional free/busy
details, such as subject and location.
Out of Office Assistant For Exchange 2007 users, Entourage 2008 exposes additional
Out of Office Assistant settings, such as separate internal and external out-of-office
messages.
•
Autodiscover service For users of Exchange 2007 Service Pack 1 (SP1) and Entourage
2008 SP1, the Autodiscover service makes it easier to configure Entourage 2008. It uses a
user's e-mail address or domain account to configure a user's profile automatically. For
more information about the Autodiscover service, see the Exchange Server
documentation (technet.microsoft.com).
Note Web Services are also used for assigning delegate rights. Delegation Web services are
available only in Microsoft Exchange Server 2007 SP1.
Client certificate-based authentication
Client certificate-based authentication is available with Entourage 2008 for Mac Service Pack 1
(SP1). This authentication is a type of two-factor authentication that uses two separate items, a
client certificate and a password, to verify a user's identity.
Kerberos authentication
Entourage 2008 adds supports for Kerberos authentication protocol for Exchange server. This
makes signing into Microsoft Exchange Server and LDAP server, which your Exchange account uses
for the Global Address List, easier and more secure.
For more information about Kerberos authentication in Entourage 2008, see Using Entourage 2008
with Kerberos authentication in the Office 2008 Planning section.
Junk e-mail filtering and phishing detection
Entourage 2008 now includes improved, customizable junk e-mail filtering, as well as phishing
protection that helps detect messages with fraudulent links or spoofed domains.
For information about how to set the level of junk e-mail protection, see the following topics in
Entourage 2008 Help:
•
•
Customize junk e-mail protection
About junk e-mail protection
8
Office 2008 Evaluation
Unsafe attachment blocking
Entourage 2008 detects and blocks attachments that are application files or other files that could
contain malicious software.
For more information about the different application files or other files that Entourage 2008
For more information about how to customize the attachment policy settings, see Customize
Entourage 2008 attachment settings in the Office 2008 Planning section.
HTML protection
To protect against malicious code that could be embedded in an e-mail message, Entourage 2008
does not run scripts or downloads that are specified by the formatting code in the e-mail message.
Improved S/MIME support
Entourage 2008 supports increased levels of industry-standard signing and encryption algorithms:
•
•
Signing algorithms Entourage 2008 can create a digital signature with any of the
following algorithms: SHA-512, SHA-384, SHA-256, SHA-1.
Encryption algorithms Entourage 2008 can encrypt messages with any of the
following algorithms: AES-256, AES-192, AES-128, and 3DES.
For more information about digital signatures in Entourage 2008, see Digital certificate
Entourage 2008 in the Office 2008 Planning section.
Improved smart card support
Entourage 2008 supports the use of digital IDs that have been stored on smart-card-based
keychains to perform secure messaging operations such as digitally signing, verifying, encrypting,
and decrypting mail messages. Several improvements have been made in Entourage 2008 that
enhance support for smart cards. For example, users can now send digitally signed and encrypted
messages by using smart cards that follow one of the approved specifications: Common Access
Card (CAC), Government Smart Card Interoperability Specification (GSCIS), or Personal ID
Verification (PIV).
For more information about the different Entourage 2008 features that support the use of smart
9
Office 2008 Evaluation
What's new for the end user
Office 2008 for Mac provides a suite of desktop productivity tools that helps Macintosh users get
more impact out of their information and seamlessly share their ideas. The latest release delivers
new capabilities that enhance how users work with each other and empowers them to achieve the
results they want, faster. For example, the redesigned user interface reduces clutter and
interruptions. The intuitive design makes it easier for users to find and use product features and
supports the creation of great-looking documents.
New features available throughout Office 2008 for Mac
Office 2008 includes new tools that help users create more professional-looking documents in less
time, build documents more easily from frequently used content, and produce great-looking
letters, proposals, workbooks, and presentations. Quick formatting capabilities help users rapidly
apply a new look and feel to documents and the preview capabilities give users a quick look at any
changes they make to the documents. The following list describes some of the new features
introduced in Office 2008.
Share documents across platforms
The new Open XML Formats are the default file formats for Office 2008 desktop applications.
Open XML Formats are also the default file formats for the 2007 Microsoft Office system. This
makes it easier for Macintosh users to share files with users running Windows-based computers.
Open XML Formats offer a dramatic reduction in file size. They also offer an improvement in data
recovery for damaged files. These new formats provide tremendous savings to storage and
bandwidth requirements and help reduce the burden of IT costs.
In addition to using the Open XML Formats, Office runs on Intel-based and PowerPC-based
Macintosh computers, which enables Macintosh users to share documents easily with each other
regardless of the Macintosh computer that they use.
Add preformatted elements in just a few clicks
The Elements Gallery in Office 2008 puts frequently used design features in a convenient
thumbnail collection.
10
Office 2008 Evaluation
The Elements Gallery is located below the toolbars in Word, PowerPoint, and Excel. It provides
quick access to some of the most-used features. From the Elements Gallery, users can add
SmartArt graphics, WordArt, charts, tables, and templates to their documents and presentations.
For example, in PowerPoint, users can apply slide layouts or slide themes from the Elements
Gallery. And in Excel, users can find preformatted ledger sheets in the Elements Gallery.
Access the most-used tools quickly and easily
The Office Toolbox is now a one-stop destination for some of the most useful tools in Office. The
new Toolbox consolidates the Formatting Palette, Object Palette, Compatibility Report, Scrapbook,
Reference Tools, and other application-specific tools in one convenient interface. Users can also
customize Toolbox settings, such as which palettes to show and how the Toolbox should appear
when it's not in use.
The new Object Palette gives quick and easy access to all shapes, Clip Art, symbols, and photos
(including iPhoto). Users can adjust the Object Palette zoom slider to show just the size and
number of objects that they want.
Create a unified look for your documents, presentations, and workbooks
By using Quick Styles and document themes, users can quickly change the appearance of text,
tables, and graphics throughout their documents and presentations to match their preferred style
or color scheme. Users can use the new theme-aware color picker on the Formatting Palette in
Word, PowerPoint, and Excel, to quickly see how various theme colors appear when applied to a
theme. Office 2008 users can easily share themes across all Office applications to create a great-
looking and coordinated set of materials.
Use designer-quality SmartArt graphics
Users can now quickly create designer-quality diagrams, charts, and other information graphics by
using SmartArt graphics. They can choose from dozens of SmartArt graphics to visually represent
lists, hierarchies, and other relationships. Users can add stunning visual effects to SmartArt
graphics, shapes, WordArt, and charts, including three-dimensional (3-D) effects, shading,
reflections, glows, and more. Users can also preview and add all SmartArt graphics from the
Elements Gallery in Excel, PowerPoint, and Word.
Use new designer-quality chart templates
Users can use the new designer-quality chart templates to illustrate their data with special effects
such as 3-D, transparency, and shadows. In Word, PowerPoint, and Excel, users can insert charts
from the Elements Gallery. They can also apply updated chart styles, edit, and format charts. Users
must create and edit data in Excel, but they can insert the chart into Word document or
PowerPoint presentation.
11
Office 2008 Evaluation
Save as PDF
It is now easier to save and share documents, presentations, and workbooks by using the popular
Portable Document Format (PDF). PDF helps ensure that documents appear with the correct layout
and fonts on any computer that can view PDF files. The PDF file format option is now available in
the Save As dialog box on the File menu in Word, PowerPoint, and Excel.
Automate commonly performed tasks
Automator is a Mac OS X v10.4 (Tiger) application that helps to automate commonly performed
and repetitive tasks. In Office 2008 and Office 2008 Home and Student Edition, all of the
applications come with several sample Automator workflows. For example, a workflow in Word
converts text to audio and sends the audio to an iPod. In Entourage, users can use a sample
workflow to print selected e-mail messages.
New features in Word
New formatting tools, views, templates, and a fresh, intuitive user interface in Word 2008 can help
transform creative ideas into great-looking documents. In addition to enhancements made to the
standard print layout view, Word 2008 introduces a new specialized environment called publishing
layout view that brings desktop-publishing-caliber tools to Word.
Publishing layout view in Word 2008 includes specialized tools like professional-quality layout
guides and templates.
Create professional-looking documents
Word 2008 helps produce professional-looking documents by providing a comprehensive set of
tools, such as publishing layout view, new publishing templates, and ligatures in fonts, for creating
and formatting documents.
Document Elements (for word processing) This feature can help automate common, but
sometimes time-consuming tasks. Available in the Elements Gallery, these professionally designed
publishing components include cover pages, tables of contents, headers, footers, and
bibliographies to help users quickly assemble complex documents.
12
Office 2008 Evaluation
Publishing layout view (for layout- rich documents) This new specialized environment in Word
2008 combines powerful desktop publishing tools and designer templates in one location. Users
can use publishing layout view to quickly create professional-looking documents that are
traditionally created by using advanced Desktop Publishing (DTP) applications.
•
Publication templates Word 2008 provides dozens of professionally designed
publication templates. Users can use these templates to create great-looking brochures,
newsletters, posters, and flyers. They can customize any template by using a theme. Or,
they can use pictures and text to make the publication look just the way that they want.
•
Ligatures in fonts Ligatures are font characters that combine two or more separate
characters to improve text style and readability. Some ornate font ligatures include
decorative swashes that users can use to enhance the style of a document.
In Word 2008, users can use ligatures in Apple Advanced Typography (AAT) fonts in
Mac OS X v10.4 (Tiger) and both AAT and OpenType fonts in Mac OS X v10.5 (Leopard).
Use improved notebook layout view
Word 2008 introduces significant enhancement to notebook layout view. In Word 2008, users can
customize and personalize notebook documents with different appearances and backgrounds.
Notebook tabs now support colors for improved categorization of notes, and can be dragged
across different Word notebook documents. The audio recording preferences for notebook layout
view now offer easier customization.
Use improved mail merge
The new streamlined Mail Merge Manager in Word 2008 combines, or merges, information from a
data source with information in Word document so that users don't have to create multiple
versions of the document by hand. Performing mail merges by integrating Word documents, e-
mails, forms, and contacts is simple and much faster than the manual alternative.
New features in Excel
Excel 2008 helps users manage their data for powerful results, visually persuasive charts, and
thought-provoking graphs.
Ledger sheets in Excel 2008 make tracking finances, inventories, invoices, and even portfolios
easy with preformatted spreadsheets and automatic calculations.
13
Office 2008 Evaluation
Use improved tools for writing formulas
The Formula Builder helps users create formulas in a simple, step-by-step approach. Users don't
have to memorize functions or their syntax. They can use Formula Builder to create formulas,
search for functions, insert functions and arguments in existing formulas, and get help on all Excel
functions.
With Formula AutoComplete, users can write and edit formulas without having to remember
function names, defined names, or other elements of a formula. When they type a formula in a
cell, users can choose valid functions, names, and named ranges in context.
Create professional-looking charts
The new charting features include 3-D shapes, transparency, soft shadows, and other special
effects. Because charts in Excel 2008 have the same functionality as drawing objects, users can
apply a workbook theme or add an assortment of visual effects to a chart. New effects, such as 3-
D, fill, and transparency, can greatly enhance the look of a chart. Users also can format different
chart areas, such as the plot area, the title, the data label, or the legend, and can rotate and flip
charts with precision.
Use more rows and columns
To enable users to explore substantial amounts of data in spreadsheets, Excel 2008 supports more
than 1 million rows and 16 thousand columns per sheet. Specifically, the Excel 2008 grid is
1,048,576 rows by 16,384 columns, which provides users with 1,500% more rows and 6,300% more
columns than was available in earlier versions of Excel.
New features in PowerPoint
Users can create and deliver dynamic presentations that inspire their audience’s imagination with
compelling visuals and layouts.
Slide themes in PowerPoint 2008 give your presentation a professional and unified design.
14
Office 2008 Evaluation
Enhance the visual effects of presentations with new themes and rich graphics
Office 2008 comes with new themes, layouts, and Quick Styles that offer users a wide range of
formatting options. Themes simplify the process of creating professional presentations. With one
click, all the background, text, graphics, charts, and tables change to reflect the theme that users
select, ensuring that all elements in the presentation complement one another. Users can apply the
same theme to a Word 2008 document or Excel 2008 sheet that they apply to a presentation.
PowerPoint now supports true 3-d shapes and images, bevels, powerful custom gradient support,
reflections, and soft shadows control, glow effects and much more. In addition, PowerPoint
supports Apple ColorSync technology.
Choose from the new custom-designed table styles
Users can choose from 74 custom-designed table styles. There is even the ability to have banded
tables and different looks for the header and last row. In addition, the new table properties allows
to easily add columns and rows directly from the formatting palette.
Customize presentation layouts
Users can use custom layouts to make text and other objects appear precisely where they want
them to on their slides. For each layout, users can specify the number, size, and location of
placeholders, background properties, graphic images, charts, and diagrams.
New features in Entourage
Entourage 2008 provides new features to help users manage time and information, instantly locate
information, and protect important documents and files. My Day and the To Do List are some of
the new features in Entourage 2008 that help users organize information in new and rich ways. The
new user interface makes it easier for users to see and make changes to their schedules quickly
and easily. In addition, it allows users to see their tasks along with their schedules, which makes
tracking daily work a more productive experience.
The following list includes some key features of Entourage 2008.
Keep e-mail more secure and reduce spam
Junk e-mail protection in Entourage 2008 identifies and filters out more unwanted messages than
earlier versions of Entourage. Users can choose from different levels of junk e-mail protection and
set options to determine the optimum settings. Entourage 2008 also detects phishing messages
that might have links to fraudulent Web sites.
15
Office 2008 Evaluation
Prioritize and manage time
My Day in Entourage 2008 manages schedules and tasks in one easy interface.
By using the new My Day and To Do List features, users can quickly view calendar events and
manage their To Do List from their desktops without having to open Entourage.
Create Out of Office messages
When users use a Microsoft Exchange Server 2007 mail account, they can now schedule Out of
Office messages in advance without worrying about forgetting to turn the Out of Office Assistant
on or off. Entourage 2008 also allows users to customize Out of Office auto-replies for internal and
external contacts.
Find information quickly
To help users better manage their time and information, Entourage 2008 offers a number of new
and improved features, from Spotlight search to assigning color-coded categories to items. These
features make it easier to locate, manage, prioritize, and act on the volumes of information that
users encounter every day.
Spotlight search Users can access the power of Spotlight, which is built into the Mac OS, to
quickly find any information in Entourage, including message attachments.
Color- coded categories Users can assign color-coded categories to items, which makes it easy to
locate and organize project information.
Favorites Bar The Favorites Bar is located below the toolbar and can be customized to display
shortcuts to a user's favorite views.
16
Office 2008 Evaluation
Schedule meetings with the new and improved calendar
Entourage 2008 has a redesigned calendar interface that makes it easier and more intuitive for
users to schedule and manage meeting invitations.
Accept, Tentative, and Decline from the Calendar Attendees can change meeting status directly
from the event. Calendar management actions, such as declining a previously accepted meeting
directly from the event, are more straightforward and consistent with Outlook.
Meeting update and cancellation improvements Entourage 2008 provides meeting organizers
more flexibility in managing invitation updates and cancellations. Organizers can choose whether
to update attendees about a change or cancellation, and they can include comments. If attendees
are added or removed from a meeting, the organizer can choose to update all attendees or just
those attendees whose status has changed.
Meeting Reply, Reply All, and Forward By using Reply, Reply All, and Forward, organizers can
quickly correspond with meeting participants through e-mail without opening or changing the
meeting. Attendees can now easily forward their meetings to others who they think should
participate. Those additional attendees receive their own copy of the invitation and can choose to
accept if they agree.
Out of date invitation detection Entourage 2008 is smarter about handling updated invitations,
making it easier for meeting participants to know which invitation is the right one. Old invitations
are labeled Out of Date, and the Accept, Tentative, and Decline buttons are disabled, leaving only
the current invitation active.
Invitation Conflict and Adjacent banners Invitation banner accuracy is improved, especially
around delegation and single-user concurrent Outlook and Entourage Calendar usage. In addition,
Entourage 2008 includes Outlook-inspired time management banners called Conflict and
Adjacent.
No Response Requested support Entourage 2008 respects No Response Requested invitations
and simply creates the event on the Calendar without sending a response to the organizer.
Compare versions of Office for Mac
At the core of the Microsoft Office 2008 solution are its integrated and easy-to-use applications,
including Excel, Word, PowerPoint, and Entourage. These familiar applications deliver various
desktop productivity tools to information workers.
17
Office 2008 Evaluation
The following comparison tables show what improvements have been made over the years in the
different Office applications.
Features that are found in multiple Office applications
Feature is included
Feature is not included
Office
2001
Office
v. X
Office
2004
Office
2008
Features
Optimized for Mac OS X
Formatting Palette
Image editing tools
Clipboard
Project Gallery
Flag for Follow-up
Save as HTML
AutoText
Office Notifications
Output to Portable Document Format (PDF)
Project Center
Microsoft AutoUpdate
Quick Preview in Print dialog box
Save as Picture
Quartz graphics engine
Contextual Help links
Full AppleScript support
Compatibility Reports
Unicode font and language support
18
Office 2008 Evaluation
Office
2001
Office
v. X
Office
2004
Office
2008
Features
Long file names
Error reporting
Scrapbook
Security improvements
Spotlight support
Object Palette
Freshly designed templates
SmartArt Graphics
New WordArt
Soft shadows
Office-wide Reference Tools palette
Save as PDF
Improved Help
Elements Gallery
Support for Visual Basic for Applications (VBA)
19
Office 2008 Evaluation
Entourage
Feature is included
Feature is not included
Office
2001
Office
v. X
Office
2004
Office
2008
Features
E-mail and personal information manager
Color-coded categories
Custom views
Support for Windows Live Hotmail Plus Web-based e-
mail service
Rich e-mail editing
Junk e-mail filtering
Improved user interface
Rich content
Microsoft Exchange support
Delegate access
Global address list (GAL) information
Public Folder access
Reading pane view
Archiving
Action buttons supported by Microsoft MapPoint
Sync Services support
Smart Card improvements
Delegate management
Permissions
Browsable GAL
20
Office 2008 Evaluation
Office
2001
Office
v. X
Office
2004
Office
2008
Features
Organizational and membership information available
in the GAL
Folder storage quota access
Password expiration notice
Multiple calendars and address books
Managed folders
Message classification for received messages
Additional free/busy details (subject/location)
Out-of-office (OOF) messages
Kerberos authentication
Message and contacts flagged as To Do Items
synchronized with Microsoft Office Outlook 2007
Web services for assigning delegate rights
Autodiscover service for account setup
Client certificate-based authentication
Phishing detection
Unsafe attachment blocking
Favorites bar
Spotlight integration
My Day
Reference Tools
To Do List
Mini-calendar in all views
21
Office 2008 Evaluation
Office
2001
Office
v. X
Office
2004
Office
2008
Features
Customizable toolbar
Accept, Tentative, and Decline from the Calendar
Meeting Reply, Reply All, and Forward
Out-of-date invitation detection
Invitation conflict and adjacent banners
No response requested
Collapsible account names in folder view
Available in Microsoft Office 2004 Service Pack 2 (SP2)
Available for Microsoft Exchange Server 2007 users only
Available in Microsoft Exchange Server 2007 Service Pack 1 (SP1)
Available in Microsoft Office 2008 Service Pack 1 (SP1)
22
Office 2008 Evaluation
Word
Feature is included
Feature is not included
Office
2001
Office
v. X
Office
2004
Office
2008
Features
Mail Merge Manager (Data Merge Manager)
Ability to click and type anywhere in document
Contact toolbar
Entourage Address Book integration
Track Changes
Multi-selection
Save as HTML
Notebook layout view
Reference Tools in Toolbox
Smart Buttons
Style improvements
Navigation pane
Thumbnail view
Publishing layout view
Ligatures in fonts
Document map
Document Elements
Citations and bibliography
Improved, easy-to-use Mail Merge Manager
23
Office 2008 Evaluation
Excel
Feature is included
Feature is not included
Office
2001
Office
v. X
Office
2004
Office
2008
Features
List Manager
FileMaker Pro Import Wizard
Transparent charts
Euro currency support
Preference improvements
Page layout
Smart buttons
Function ScreenTips
Rangefinder improvements
Ledger Sheets
Formula Builder
More than a million rows and 16,000 columns
Improved charting
Formula AutoComplete
24
Office 2008 Evaluation
PowerPoint
Feature is included
Feature is not included
Office
2001
Office
v. X
Office
2004
Office
2008
Features
Tri-pane view
PowerPoint movies
Compatibility with PowerPoint for Windows
Slide animations
PowerPoint Packages
Presenter tools
New design templates
Font formatting improvements
Send to iPhoto (for viewing in iPod)
Office Themes
SmartArt Graphics
Thumbnail view
Custom layouts
Apple Remote Control-enabled
Dynamic guides
Animation pane
Reference Tools
Rich graphics (reflection, soft shadows, 3-D)
Table styles
Improved WordArt
25
Office 2008 Evaluation
Office
2001
Office
v. X
Office
2004
Office
2008
Features
Object Palette with iPhoto integration
Support for Microsoft Office PowerPoint 2003
for Windows comments
Integrated charting
Microsoft Word-like text
Office 2008 system requirements
The following table lists the minimum hardware and software requirements for installing Office
2008.
Component
Processor
Minimum requirement
Intel, PowerPC G5, or PowerPC G4 (500 MHz or faster) processor
Operating system Mac OS X v10.4.9 or later version
Memory
512 MB of RAM or more
Hard disk
1.5 GB of available hard disk space; Hierarchical File System (HFS)+ hard disk
format (also known as Mac OS Extended or HFS Plus)
External disk
drive
DVD drive (or connection to a local area network if you are installing over a
network)
Monitor
1024 x 768 pixel or higher resolution
Mouse or compatible input device
Input device
Microsoft
Exchange Server
Connectivity to Microsoft Exchange Server 2007, Microsoft Exchange Server
2003, or Microsoft Exchange 2000 Server is required for certain advanced
functionality in Entourage 2008
26
Office 2008 Planning
About Microsoft Volume Licensing programs
Microsoft Volume Licensing programs offer companies of all sizes a great way to buy and manage
five or more software licenses. For more information about licensing options for businesses, visit
the following resources:
•
Compares the different Microsoft Volume Licensing
programs to help you decide the program best suited for your needs.
•
Gives you automatic access to new technology and
provides productivity benefits, support, tools, and training to help deploy and use
software efficiently.
•
•
select Microsoft products, find the right Microsoft Volume Licensing program, and
determine estimated retail pricing (ERP) based on your software needs.
Provides an online tool to help you find and
Helps you find a Microsoft Volume Licensing
specialist in your region or contact your preferred Microsoft Reseller.
Note Downloading the volume license version of Microsoft Office 2008 for Mac is unsuccessful
when you use the Safari Web browser. We recommend that you use the latest version of
Mozilla Firefox® Web browser (Mozilla
http://www.mozilla.com) to download the volume
license versions of the Microsoft Office 2008 for Mac suite or stand-alone applications.
Office 2008 Planning
Planning a deployment
Deployment methods for Office 2008
There are two general approaches for deploying Office 2008:
•
•
Installing retail copies of Office 2008 on individual users' computers.
Deploying Office 2008 under a volume license from a central location to multiple
computers on a network.
27
Office 2008 Planning
You cannot deploy retail versions of Office across an organization from a central location. To
deploy Office 2008 centrally, your organization must have a volume license. For more information
Evaluation section.
Important
Before you install Office 2008 on a computer, we recommend that you prepare the
computer as follows:
1. Turn off virus protection software, and quit any applications that are running.
2. Back up any existing Entourage identity databases.
After Office 2008 has been installed on the computers of Entourage users, these users can import
information from their previous Entourage identities. For more information about importing
information to a new Entourage identity, see Microsoft Entourage 2008 for Mac Help.
Installing retail copies on individual computers
To install Office 2008 on a single computer, follow the instructions in the retail product. Each retail
copy must be installed by using its own unique Product key.
Deploying Office 2008 from a central location to multiple computers
There are several methods available for deploying Office to multiple computers from a central
location. Some methods install Office directly on users' computers. Other methods load Office
applications onto users' computers at run time from a server. You can use any of the deployment
methods that are described below to deploy the default installation image from the Office 2008
distribution media. You can also deploy a customized installation image of Office 2008 that reflects
your preferred preference settings for a group of computers in your organization.
The methods for deploying Office 2008 include:
•
Installation by using Apple Remote Desktop
Use Apple Remote Desktop to distribute the .mpkg file onto users' computers. Office
2008 uses the Apple-recommended Apple Installer technology for installation. This
makes the installation process more efficient because the data that Office installs is in
the .mpkg format. Office Installer is compatible with Apple Remote Desktop, and the
installation programs are AppleScript ready.
28
Office 2008 Planning
Important
When you deploy Office 2008 by using a remote connection, such as Apple Remote
Desktop, to a client computer at a login window, a postflight script in the Office Installer
causes the Dock application to open with root user privileges. Any applications
subsequently opened from the Dock will also be run with root user privileges. Under these
conditions, someone with physical access to the client computer can gain local elevation
of privilege. This security issue can only occur when Office 2008 is deployed to computers
that run Mac OS X v10.4.9 or a later version of Mac OS X v10.4 (Tiger). This is not an issue
for computers that run Mac OS X v10.5 (Leopard). For information about how to mitigate
(Tiger) in the Office 2008 Known Issues section. For more information about this security
•
•
Installation from a file server
Load the installation image on a file server. Users install Office on their computers by
dragging the .mpkg file from the file server to their computers and then opening it.
Running from a NetBoot image
When you configure Office as part of the NetBoot image, Office is available to users
automatically when they start or restart their computers.
For more information about these deployment methods, see the following topics in the Office
2008 Deployment section:
•
•
•
For detailed information about how to create an installation image and customize preferences, see
the Office 2008 Deployment section.
Deployment methods for Office 2008 preferences
As an administrator, you can modify many Office 2008 application preferences and deploy them to
your users. For example, you can set default locations for saving files or set the level of junk e-mail
protection. This makes it possible for you to enhance security, standardize application settings, and
decrease the amount of time you spend managing Office on your network.
To establish a standard set of preferences for users, you set preferences for each application and
then deploy the corresponding preference files or settings to users' home folders.
29
Office 2008 Planning
Most Office 2008 preferences are stored as a key/value pair in the property list (.plist) files. These
.plist files, also known as preference files, are stored in /Users/username/Library/Preferences.
However, some Office 2008 preferences are stored in other locations such as in the Entourage
2008 database.
For information about preference file locations, see Office 2008 preference file locations for
deployment in the Office 2008 Deployment section.
The first time a user opens an Office 2008 application, Office finds the preference files that
correspond to that application and then uses the settings that are stored in the files.
You can use the following methods to deploy preferences:
•
•
Workgroup Manager Use Workgroup Manager specifically when you want to modify
preference settings that have been deployed already or when you want to manage
individual preferences in a .plist file without disrupting other settings in the same file.
Apple Remote Desktop Use Apple Remote Desktop when you want to replace or
update application preferences.
Setup sequence of events
The setup architecture in Office 2008 has been redesigned to enable users to easily install and
remove Office for Mac components. The new setup design also offers an improved user experience
with cross-language upgrades and includes enhanced customization capabilities, such as optional
font installations.
Office 2008 uses the Apple installer technology for installation. Office Installer is compatible with
Apple Remote Desktop, the data that Office 2008 installs is in the .pkg format, and the installation
programs are AppleScript-ready. This helps to distribute resources to user computers on a
network.
In Microsoft Office 2004, the entire process of installation was handled by the Office Setup
Assistant. In Microsoft Office 2008, installation is divided into two stages:
1. Using Office Installer to install Office 2008
2. Using the Office Setup Assistant to set up Office 2008 applications
In stage 1, Office Installer copies the Office 2008 files on to the user’s computer. In stage 2, the
users' computers are prepared for first use of the Office 2008 applications.
30
Office 2008 Planning
Users can start the installation process by running Office Installer. The Office Installer provides a
user interface to guide the users through installing Office applications on their computers. If you
are installing Office on a local computer, after the Office Installer completes the installation
process, the Office Setup Assistant launches automatically. However, if you are installing Office
from a remote computer, the Office Setup Assistant will run when the user first launches one of the
Office applications.
Stage 1: Using Microsoft Office Installer
Users should have administrator credentials to install Office 2008. When launched, Office Installer
checks for a number of installation prerequisites, including minimum system requirements for
installing Office 2008. For detailed information about hardware and software requirements for
Office 2008 Planning section. If the minimum requirements are not met, the installation will close
at this point, and a message will be displayed that informs the user about the failure to install.
We recommend that users disable all virus protection software before installing Office 2008. Users
should also make sure to quit all applications before the installation. This is because Office Installer
might change existing fonts that might be in use during the Office installation. If there are
applications open during the installation, they might appear to have corrupted fonts.
If Office Installer finds that the system meets all the basic requirements, it continues with the
installation process. If this is a volume license, the Product ID screen asks you to input your name
and company information for identification purposes. You can create an OfficePID.plist file and
distribute it to pre-populate the name and company information that a user would normally enter
on this screen.
Next, the Office Installer asks for the destination volume where it will install the Office 2008
components. Office 2008 needs 1.5 GB of hard disk space to install all of the components. Users
should make sure that the volume they select has enough disk space.
31
Office 2008 Planning
There are two installation options, Easy Install and Custom Install:
Easy Install
This standard installation automatically does the following:
•
•
Installs all Office 2008 components
Installs fonts in /Library/Fonts/Microsoft
The Office Installer moves older Office fonts from /Users/username/Library/Fonts and
/Library/Fonts to /Users/username/Library/Fonts Disabled and /Library/Fonts Disabled,
respectively.
•
•
Adds Office 2008 icons to the Dock
Installs the Automator Sample Workflows to /user-selected install location/Microsoft
Office 2008/Office/Office First Run/MUD
•
•
•
Installs the Microsoft Application Support Tools to /Library/Application
Support/Microsoft (MERP, MAU and Help Viewer)
Installs a Web hyperlink to /user-selected install location/Microsoft Office
2008/Additional Tools/ Microsoft Silverlight
Installs a Web hyperlink to the Flip4Mac plugin to /user-selected install
location/Microsoft Office 2008/Additional Tools/Windows Media Components for
QuickTime
•
Installs the Windows Office Compatibility font collection to /user-selected install
location/Microsoft Office 2008/Office/Office First Run/Library/FontCollections
Note If users select the Easy Install option and there isn’t enough disk space to process this
request, Office Installer directs users to the Custom Install option.
Custom Install
The custom installation option allows users to select what they want to install from a list of Office
2008 components, which include the following:
•
•
•
•
•
Microsoft Word
Microsoft Excel
Microsoft PowerPoint
Microsoft Entourage
Microsoft Messenger
32
Office 2008 Planning
•
Proofing tools for Danish, Dutch, English (Aus), English (UK), English (US), Finnish,
French, French (Canadian), German, Italian, Japanese, Norwegian (Bokmål), Norwegian
(Nynorsk), Portuguese, Portuguese (Brazil), Spanish, Swedish, Swiss German
•
•
•
Office Fonts
Automator Actions
Dock Icons
Note When any of the four Office applications are installed, the following components are
installed: Clipart, Equation Editor, Microsoft Graph, Organization Chart, Sounds, Templates,
shortcut to Microsoft Silverlight, and shortcut to Flip4Mac plugin.
Upgrading to a different language Office Installer provides the option of upgrading from one
language to another language. If the user upgrades from language A to language B, the Microsoft
User Data (MUD) folder is changed from language/location 1 to language/location 2.
Installing fonts Office Installer provides the option of installing the Office 2008 fonts when the
Office applications are installed. If users clear this selection, they will not receive the package of
Office 2008 fonts or the Windows Office Compatibility font collection. If users select the option to
install the fonts, Office Installer copies the fonts to /Library/Fonts/Microsoft. It checks for existing
fonts in the following locations before copying new fonts to the user’s computer:
•
•
/Library/Fonts
/Users/username/Library/Fonts
When users choose to install fonts, the Office Installer installs the fonts on the user computer as
follows:
•
Moves duplicate fonts from /Users/username/Library/Fonts and /Library/Fonts to either
/Users/username/Library/Fonts Disabled or /Library/Fonts Disabled.
•
•
Installs only Office 2008 fonts on the user’s computer.
Installs the Windows Compatibility font collection in /user-selected install
location/Microsoft Office 2008/Office/Office First Run/Library/FontCollections. The
Office Setup Assistant copies the files to the appropriate location during the setup
process.
33
Office 2008 Planning
Note If users choose to install Office 2008 without the fonts, it will result in severely reduced
functionality and user experience. For example:
•
Users will find that font substitution occurs frequently and immediately because many
applications have new default fonts.
•
Office Themes makes use of several fonts introduced in Office 2008. Without these, the
Office Themes experience will be limited, and users will find that font substitution
occurs frequently.
•
2007 Microsoft Office system has introduced new fonts as default and additional fonts.
Therefore, users of Office 2008 who open files created in Windows-based versions of
Office will encounter font substitution that results in document layout differences.
•
•
Some results provided in the Reference Tools will not render correctly because they
depend on some of the new fonts.
Some existing fonts of earlier versions of Office have been updated in Office 2008.
Removing earlier versions of Office As part of Office 2008 installation, users have the
opportunity to remove all previous versions of Office. When upgrading to Office 2008, we
recommend that users remove all previous versions of Office before using Office 2008. Users can
also choose to run the Remove Office application of the previous version of Office. When you
choose to remove all existing versions of Office, the Office Installer searches the hard disk for all
versions and displays a list of the Office installations that were found. Users can select the versions
that they want to remove.
The following component is placed in the Trash for each Office installation:
•
The entire Microsoft Office <version> folder
The following component is not removed:
•
User-created templates in the Microsoft Office <version> folder are moved to
/Users/username/Desktop/Rescued Items/Office/<version>/.
Stage 2: Using the Office Setup Assistant
After the Office 2008 files are installed on the client computer, run the Office Setup Assistant to
configure and set up Office 2008. When the Office Setup Assistant is launched, it checks the user's
computer for any previous versions of Office. If information from the earlier versions of Office is
found on the user computer, such as custom dictionaries, AutoCorrect lists, and proofing tool
settings, the information is copied to Office 2008.
34
Office 2008 Planning
Configuring the user identity Office 2008 shares the personal information that users enter during
setup among all Office 2008 applications that are installed on the computer. These applications
use identity information to personalize the user documents. The Office Setup Assistant provides
the option of choosing from older identities for the user. If no previous identities are found, the
user is asked to create an identity. In either case, the Office Setup Assistant determines whether
there is enough space to import an older identity or to create a new identity. If there isn’t enough
available space to transfer or create new identity information, the Office Setup Assistant displays a
message that asks the user to free up disk space and then restart the Office Setup Assistant.
Note It is possible to have more than one user information file stored on a user’s computer.
Configuring feedback Customer Experience Improvement Program (CEIP) is the tool that users
can use to provide feedback to Microsoft about how they use Microsoft software and services.
Participating in CEIP is optional. If users participate in this program, Microsoft automatically
collects anonymous information about their hardware configuration and how they use Microsoft
software and services. Microsoft does not collect any personally identifiable information. User
feedback is very valuable to Microsoft, as it helps identify issues to fix and provides information
that can be used to improve design and implement features in future versions of the product.
Installing Office 2008 updates The Microsoft AutoUpdate for Mac tool is installed as part of the
Office 2008 installation. After you set up the Office 2008 components, Office Setup Assistant
launches the Microsoft AutoUpdate for Mac tool. This tool informs the user of any available
updates and provides the option to download and install updates before users start using the
applications.
Planning for Office 2008 product updates
From time to time, Microsoft publishes software updates to improve application security,
performance, and reliability. There are two ways to receive updates for Office 2008 for Mac:
•
Automatically
You can use Microsoft AutoUpdate for Mac to look for updates to your Office 2008
software. By default, AutoUpdate is set to look for updates automatically once per
week.
•
Manually
You can find updates and service packs for Office 2008 on the Downloads
the Microsoft Web site (www.microsoft.com/mac).
page of
35
Office 2008 Planning
Deploying updates from a central location
If your policies do not allow users to have administrator privileges on their computers, or if you
want to centrally manage updates in order to ensure a common software environment for your
users, you can choose the updates that you want to use and deploy them from a central location.
This distributes updates to the appropriate users' computers and ensures that your existing
installations have the latest software updates.
You can set a preference to disable automatic update checking on users' computers. For more
Note There is no way to prevent a user who has an administrator account from independently
downloading updates from the Microsoft Web site or from overriding your deployed
preferences and using AutoUpdate.
For procedural information about deploying updates centrally, see Distributing Office 2008
product updates in the Office 2008 Operation section.
Allowing users to perform updates independently
If you are not planning to deploy Office 2008 updates centrally, you can instruct users to use
AutoUpdate. To run AutoUpdate, the user opens any Office 2008 application and then on the Help
menu, clicks Check for Updates. Running AutoUpdate requires that the user log in as an
administrator.
Planning your e-mail system
When you are implementing Office 2008 in a Microsoft Exchange Server environment, you can
choose any of the following e-mail applications for Macintosh clients in your enterprise:
•
Entourage 2008, which enables Web Distributed Authoring and Versioning (DAV) access
to a server that is running Microsoft Exchange.
•
•
Outlook Web Access Light, which enables browser-based access to an Exchange server.
Remote Desktop Connection Client for Mac, which enables a Macintosh client computer
to connect to Outlook on a Windows-based computer for access to an Exchange server.
•
Solutions such as Boot Camp, Parallels, or other third-party products that allow
Microsoft Office Outlook to run under Windows on the Macintosh computer and to
connect from there to an Exchange server.
36
Office 2008 Planning
The following table shows system requirements for each e-mail application.
Client-side
E-mail
application
Client operating system software
Server-side software
requirements
requirements
requirements
Entourage
2008
Mac OS X v10.4 or a
later version
Entourage 2008
For e-mail support, Microsoft
Exchange 2000 Server (with
latest service pack), Microsoft
Exchange Server 2003, or
Microsoft Exchange Server 2007
must be installed.
For GAL and Active Directory
support, Microsoft Exchange
2000 Server (with latest service
pack), Microsoft Exchange
Server 2003, or Microsoft
Exchange Server 2007 must be
installed on Microsoft Windows
2000 Server or a later version of
Windows Server.
Outlook Web Access must be
functioning.
Outlook Web
Access
Mac OS 8.1 to 9.x or
Mac OS X
Web browser
Microsoft Exchange 2000 Server
(with latest service pack),
Microsoft Exchange Server 2003,
or Microsoft Exchange Server
2007 must be installed. Tasks are
supported beginning with
Microsoft Exchange Server 2003.
Outlook Web Access must be
functioning.
37
Office 2008 Planning
Client-side
Client operating system software
E-mail
Server-side software
application
requirements
requirements
requirements
Remote
Desktop
Connection
Client for Mac
Mac OS X v10.1 or a
later version
Remote Desktop
Connection Client
for Mac
Outlook must be installed on
one of the following:
•
A server that has Terminal
Services enabled and that
is running Microsoft
Windows 2000 Server or a
later version of Windows
Server
•
A Windows-based
computer (such as a
mobile user's own
desktop computer) on
which Remote Desktop
Connection is installed
and that is configured to
allow remote desktop
connections; requires the
Remote Desktop Protocol
support in Windows XP or
Windows Vista
The appropriate version of
Exchange Server must be
installed to support the version
of Outlook that is installed.
Outlook for
Windows
running on a
Macintosh
computer
Mac OS X v10.5 or a
later version that
supports Boot
Any version of the
Microsoft Windows Exchange Server must be
client operating
system and any
The appropriate version of
installed to support the version
of Outlook that is installed.
Camp(Mac OS X v10.4
for Boot Camp beta), or version of Outlook
a third-party
for Windows
virtualization product
with supporting version
of Mac OS X
38
Office 2008 Planning
The following table lists the important characteristics of each e-mail application.
Implemented in
Outlook for
Windows on a
Macintosh
Implemented in
Entourage 2008?
Implemented in Outlook Web
Access Light?
Characteristic
computer?
Support for
Yes
Yes
Yes
Microsoft Exchange
account e-mail
Support for HTML
e-mail
Yes
Yes
Read: Yes
Yes
Yes
Compose: No
Support for other
e-mail protocols
such as POP, IMAP,
and Windows Live
Hotmail Plus
No
accounts
Support for Global
Address List (GAL)
directory search
Yes; includes
browse capability
when the
Exchange server is
running Windows
Server 2003 or a
later version.
Limited
Yes
Support for offline
access to GAL
No
No
No
Yes
Yes
Support for offline
access to data and
reminders
Yes
Support for
handheld
Yes
No
Yes
synchronization
39
Office 2008 Planning
Implemented in
Outlook for
Windows on a
Macintosh
Implemented in
Entourage 2008?
Implemented in Outlook Web
Access Light?
Characteristic
computer?
Support for public
folders
Yes
Yes: Exchange 2000 and Exchange
2003
Yes
No: Exchange 2007
Yes
Support for
Yes
Yes
scheduling and
delegated group
calendaring
Note In an Exchange 2003
environment, delegates have
read-only access to the
delegated or shared calendar by
using Outlook Web Access.
For more information about how to
open another user's calendar by
using Outlook Web Access, see How
in the Microsoft Knowledge Base
(support.microsoft.com).
Support for .pst
files
Only when
No
Yes
importing .pst
files from Outlook
2001 for Mac
Support for
delegation rights
assignment
Yes
No
No
Yes
No
Consistent with
Macintosh
Yes
application
interface style
40
Office 2008 Planning
Implemented in
Outlook for
Windows on a
Macintosh
Implemented in
Entourage 2008?
Implemented in Outlook Web
Access Light?
Characteristic
The same user
computer?
No; however, the
No; however, the experience is
similar.
Yes
experience as when experience is
using Outlook on a similar.
Windows-based
computer
Knowledge of
Windows required
No
Yes
No
Yes
Yes
Yes
Can be used with
other e-mail clients
at the same time
Planning for Entourage 2008
Default ports for Entourage 2008
Entourage 2008 uses default ports for standard communication protocols. Your network and
account configuration may require some or all of the ports that are listed in the following table.
Default port Used for
80
HTTP
DAV uses HTTP for functions such as synchronizing mail, public folders, contacts,
and events.
443
53
HTTPS
HTTP with Secure Sockets Layer (SSL), if SSL is enabled for DAV
DNS queries
To locate the Active Directory global catalog server for a user account, Entourage
sends DNS queries to DNS servers.
41
Office 2008 Planning
Default port Used for
1023 (and
higher)
DNS query responses
135
Assigning delegate rights
5000 and
higher
Connecting to a Microsoft Exchange Server for delegation rights assignment by
Entourage client users.
For more information, see Exchange Server static port mappings (KB270836)
the Microsoft Knowledge Base (support.microsoft.com).
3268
LDAP global catalog searches
To obtain Global Address List (GAL) data, Entourage sends LDAP queries to the
Active Directory global catalog server.
3269
389
LDAP global catalog searches with SSL
Other LDAP searches and authentication and domain password expiration check
636
Other LDAP searches with SSL and authentication and domain password expiration
check
25
SMTP and SMTPS (SSL/TLS)
Many ISPs now use port 465 or port 587.
143
993
110
995
119
563
IMAP
IMAP (SSL)
POP
POP (SSL)
NNTP
NNTP (SSL)
Exchange Server and related requirements for Entourage 2008
Entourage 2008, like Entourage 2004 and Outlook Web Access, uses WebDAV, which in turn uses
HTTP as the connection protocol for Microsoft Exchange mail accounts. WebDav is used for all
folder and item synchronization. This includes synchronizing managed folders.
42
Office 2008 Planning
Note You cannot use Entourage 2008 with a version earlier than Microsoft Exchange 2000
Server, such as Microsoft Exchange Server 5.5. That is because these versions of Exchange
Server do not support WebDAV. To connect to Microsoft Exchange Server 5.5, you can use
Outlook with Remote Desktop Connection Client for Mac.
The following must be enabled on your network.
Server type
Requirement
Computer that
is running
• Microsoft Exchange 2000 Server with Service Pack 2, Microsoft Exchange
Server 2003, or Microsoft Exchange Server 2007
Microsoft
Exchange Server
• Outlook Web Access
• If you want to use Secure Sockets Layer (SSL) with Entourage 2008, you
must enable SSL on the Exchange server. For more information about
how to enable SSL with Entourage 2008, see Enable Secure Sockets Layer
in the Office 2008 Planning section.
Domain
controller
• Lightweight Directory Access Protocol (LDAP) is required if you want to
provide Global Address List (GAL) access and password expiration notices;
otherwise, it is not required for Entourage.
Public folder
server
• If you are using Exchange 2007 and you want users to be able to assign
delegate rights in Entourage, a public folder server must be installed in
your organization. For more information about creating an Exchange
2007 public folder tree, see When you use Outlook with an Exchange
in the Microsoft Knowledge Base
(support.microsoft.com).
Entourage 2008 deployments in an Active Directory infrastructure
In an Active Directory infrastructure, Entourage 2008 can configure users' Microsoft Exchange
Server accounts automatically if the following requirements are met.
43
Office 2008 Planning
Computer Requirements
Client
Before Entourage is opened for the first time on a computer on which you intend to
use the Account Setup Assistant, specify any preferred DNS server(s) and search
domain(s) on the TCP/IP tab under Network Preferences in Mac OS X. This is
because the combination of the two values is critical to the ability of the Account
Setup Assistant to find servers on the network. If no DNS server is specified, a server
that is assigned by DHCP will be used. The Account Setup Assistant is not always able
to locate servers automatically.
For information about how the Account Setup Assistant detects information for
Office 2008 Planning section.
Server
To auto-configure accounts, Entourage relies on the underlying DNS service that
supports your Active Directory infrastructure. The DNS server that is used by the
Macintosh clients must be able to do one of the following:
•
Return a DNS resource record that identifies the Active Directory domain
controller for the domain names that the DNS server hosts.
•
Resolve the domain name that the user enters for his or her Microsoft
Exchange account.
In either case, the DNS server should be able to provide name resolution for any
name in the Active Directory namespace that this server supports.
Entourage must be able to locate the global catalog server for the Active Directory
domain and then authenticate the user account information that is supplied for the
Microsoft Exchange mail account. The fundamental configuration step that makes this
possible is performed at the time that Active Directory is deployed. Deploying
Entourage requires no additional configuration of Active Directory.
Important
In anActive Directory infrastructure that is heavily secured, the Account
Setup Assistant might have difficulty locating the Active Directory
global catalog server and authenticating the user account. Examples of
heavily secured scenarios can include, using Windows IP sec policies,
internal firewalls, or proxy servers requiring authentication.
For more information about deploying Active Directory, see Windows Server 2003
on the Microsoft TechNet Web site (technet.microsoft.com).
44
Office 2008 Planning
How the Account Setup Assistant works
When the Entourage 2008 Account Setup Assistant is used to set up a Microsoft Exchange Server
mail account, the Account Setup Assistant performs the following steps to locate the information it
needs from the computer that is running Exchange server in the following sequence.
1. The Account Setup Assistant queries the DNS server for all DNS resource records for its
domain name. It is looking for the global catalog server (LDAP server) for the Active
Directory domain to which the user account belongs. To perform this query, the
Account Setup Assistant uses a DNS server that is configured in Mac OS X under
Network Preferences on the TCP/IP tab. If no DNS server has been configured, the
Account Setup Assistant uses a DNS server that is assigned by DHCP. This query returns
all of the resource records for the Active Directory domain controllers that are hosted
by the DNS server. The Account Setup Assistant then uses the priority rankings that are
returned by the DNS server to select the catalog server that it will use. After the global
catalog server is found, the Account Setup Assistant authenticates to that server and
then performs an LDAP query for the homeMDB attribute of the user account. This
attribute provides the host name for the Exchange server that stores the user's mailbox.
In addition, the global catalog server is set as the Directory Service server for the
account.
2. If the query to the DNS server is not successful, the Account Setup Assistant tries to
locate the Exchange server by using the name of the domain that the user entered for
his or her Microsoft Exchange account. For example, if mydomain.microsoft.com was
entered as the domain for a Microsoft Exchange account, the Account Setup Assistant
creates a DNS query for the name mydomain.microsoft.com. The DNS resource records
that are returned in response to this query include the records for the domain
controllers in the domain, which then can be queried for the Exchange server
information.
3. If the Account Setup Assistant cannot find information about the Exchange server, it
provides the option to manually enter the information. The required information might
include the name or address of the Exchange server and the name or address of the
public folder server, which also provides the free/busy data.
Note If Entourage cannot find the homeMDB attribute, this is usually because Entourage could
not find the user object in Active Directory. In this situation, you might find it useful to use the
LDP.exe tool to connect from a Windows-based computer to the LDAP service that is returned
by the DNS query. The LDP.exe tool is included in the Support Tools for Windows 2000 Server
and Windows Server 2003. Also, make sure that the user's Active Directory object is replicating
properly to the target domain controller and that the homeMDB attribute is being returned
correctly.
45
Office 2008 Planning
How e-mail rules work in Entourage 2008
The capabilities of Entourage 2008 differ from those of Outlook with regard to server-based rules
for Microsoft Exchange Server e-mail accounts.
Although server-based e-mail rules that have been created in Outlook are applied to the Microsoft
Exchange accounts of Entourage users when applicable, Entourage users cannot create or modify
server-based e-mail rules in Entourage. To change a server-based e-mail rule, users must use
Outlook Web Access Premium.
Note The server-based rules management feature is not available in Outlook Web Access Light.
Server-based e-mail rules can be changed by using Microsoft Office Outlook. Users must be
running Microsoft Office Outlook under Windows in one of the following ways:
•
By using Remote Desktop Connection Client for Mac, which connects the Macintosh
computer with a remote computer or terminal server that is running Windows
•
By using a solution such as Boot Camp that runs Windows on the Macintosh computer
Microsoft Exchange users can create client-side rules in Entourage by clicking Rules on the Tools
menu in Entourage.
How information is synchronized between Entourage 2008 and
Exchange Server
When Entourage 2008 is connected to Microsoft Exchange Server, all e-mail messages, contacts,
and calendar items are synchronized between the computer running Microsoft Exchange Server
and the Microsoft Exchange account in Entourage.
However, not all types of data are synchronized. For example, tasks, notes, and items in the folders
On My Computer, including the contacts that were created in the local Address Book, are not
synchronized.
Note Personal distribution lists are not supported in Entourage.
Because not all types of data are synchronized with the Exchange server, any complete plan for
backing up data must include a provision for backing up the unsynchronized data on users'
computers in addition to backing up the Exchange server database. All Entourage database files,
including the unsynchronized data, are stored in /Users/username/Documents/Microsoft User
Data/Office 2008 Identities/identityName/Database/ for each identity. These Entourage database
files can be backed up as part of a procedure that backs up the user's home folder.
46
Office 2008 Planning
Entourage synchronizes messages, events, and contacts when one or more of the following actions
occurs:
•
•
•
A Microsoft Exchange account is set up.
Entourage connects to the Exchange server.
A user creates or changes a message, event, or contact on a client computer that is
connected to the Exchange server. Entourage waits one minute before it begins
synchronization. If the user makes another change, the one-minute countdown starts
over. This schedule prevents Entourage from synchronizing too frequently when a user
is editing multiple records.
•
•
If Entourage is connected to a server (for example the back-end Exchange server) that is
sending out User Datagram Protocol (UDP) broadcasts, then messages, events, and
contacts are synchronized whenever such a broadcast is received.
If Entourage does not have access to UDP broadcasts (for example, if it is connected to
a front-end server that resides outside the corporate network), it scans for remote
changes on the server at one-minute intervals.
Contacts that are stored on the Exchange server can be synchronized both with the Entourage
Address Book and with Outlook. However, Entourage and Outlook store some kinds of contact
information differently, as described in the following table.
Note Microsoft Exchange distribution lists are not supported in Entourage. All Entourage
groups contain only local contacts and their e-mail addresses.
Type of
contact
information
In Outlook
(on a Windows-based
computer)
In Entourage
Synchronization
E-mail
address
identifiers
Maximum 13
identifiers
Maximum 3 identifiers
The default e-mail address
for the Entourage contact
is synchronized with the
E- mail field in Outlook
for the contact. The next
two addresses for the
Entourage contact are
synchronized with the
E- mail 2 and E- mail 3
fields in Outlook for the
contact.
47
Office 2008 Planning
Type of
contact
In Outlook
(on a Windows-based
information
In Entourage
No
computer)
Synchronization
Business
address
identifier
Yes
A contact's address that is
identified in Outlook as
Other address is displayed
by Entourage as the Work
address. If the Work
address is edited in
Entourage and the
contacts then are
synchronized, the address
identifier in Outlook
changes to Business.
Phone
number
types
Two work types:
Two work types:
Work in Entourage is
Business in Outlook.
Work, Main
Business, Company
Main in Entourage is
Company in Outlook.
Number of
children’s
names in
Maximum 10
names
No maximum (delimited list)
If an Outlook contact that
lists more than 10
children's names is edited
in Entourage, Entourage
alphabetizes the list and
discards all names after
the first 10 names.
one contact
Instant
Message
(IM)
Maximum 13
addresses
Maximum 1 address
The IM addresses in
Entourage are not visible
in Outlook; the IM address
in Outlook is not visible in
Entourage.
addresses
48
Office 2008 Planning
Type of
contact
In Outlook
(on a Windows-based
information
In Entourage
computer)
Synchronization
Other fields
Custom Date 1/2,
Custom
1/2/3/4/5/6/7/8,
Interests, Astrology
Sign, Furigana,
Greeting Cards
Account, Billing Information,
Business/Home Address PO
Box, Company Yomi,
Computer Network Name,
Customer ID, FTP Site, Given
Yomi, Government ID
The respective fields exist
in only in Entourage or
only in Outlook.
Number, Internet Free/Busy
Address, Language, Location,
Organizational ID Number,
Mileage, Profession, Referred
By, Surname Yomi, User Field
1/2/3/4; Phone Number types:
Callback, Car, ISDN, Other,
Other Fax, Primary, Radio,
Telex, TTY/TDD
Because of differences between Entourage and Outlook, users who work with both Entourage and
Outlook may encounter the following situation:
If a user specifies travel time for an item that was created in the Entourage Calendar, this
information does not appear in Outlook. For example, if a user schedules a meeting for 1:00 P.M.
to 2:00 P.M. with a travel time of 15 minutes, the Outlook Calendar displays only the scheduled
meeting time and does not include the travel time.
How Entourage 2008 works with free/busy data
In Microsoft Exchange 2000 Server and Microsoft Exchange Server 2003 organizations, a public
folder server is responsible for storing free/busy data. In organizations that are running Microsoft
Exchange Server 2007, it is now possible to query free/busy data using a Web service. Entourage
2008, supports both a public folder server and an Exchange Web service to query free/busy data.
For more information about how free/busy data is managed in Exchange 2003, see Managing
on the Microsoft TechNet Web site
(technet.microsoft.com).
49
Office 2008 Planning
Entourage 2008 features supported by different versions of
Exchange Server
Entourage 2008 works well with a variety of e-mail servers, and you can take advantage of an even
richer feature set by using Entourage with Microsoft Exchange Server 2007. Entourage 2008
features that work better with Exchange 2007 include scheduling meetings and enhanced
Out of Office functionality.
Features supported by Exchange Server 2007,
Exchange Server 2003, and Exchange 2000 Server
Exchange Exchange Exchange
Entourage 2008 feature
2007
2003
2000
The Kerberos network security protocol uses cryptography to
help provide mutual authentication between Entourage 2008
and Microsoft Exchange.
Junk e-mail protection and phishing detection features
provide additional security to help prevent fraudulent links or
spoofed domains and protect users from online scams.
By using sharing, users can give other users access to their
Microsoft Exchange calendars, address books, or mail folders.
By using delegation, a user can give another Exchange server
user access to his or her Microsoft Exchange inbox, calendar,
and address book. The delegate can send and reply to
invitations and messages on the owner's behalf.
By using Microsoft Exchange public folders, users can view
and post messages, events, and contacts.
Tentative calendar booking is managed on the Exchange
server.
A user can create separate internal and external Out of Office
messages. External replies can be limited to contacts in the
user's address book. The user has the option of scheduling
Out of Office replies only during a specified time period.
Corporate archival policies can be implemented using
managed folders.
50
Office 2008 Planning
Exchange Exchange Exchange
Entourage 2008 feature
2007
2003
2000
In conjunction with Exchange 2007, Entourage 2008 displays
message classifications on a received message. Examples of
potential classifications include HIPAA, Legal Documents, and
Confidential.
For Exchange 2007, Entourage 2008 exposes the following
free/busy details: subject and location.
For a chart that compares the features of Microsoft Exchange Server 2007, Microsoft Exchange
Server 2003, and Microsoft Exchange 2000 Server, see Exchange Server Version Comparison
the Microsoft Web site (www.microsoft.com).
Differences between Entourage 2008 and Outlook 2007
Entourage 2008 and Microsoft Office Outlook 2007 differ in some key respects. The following table
summarizes these differences.
Implemented in
Entourage 2008?
Implemented in
Outlook 2007?
Feature
Communicates with the
server that is running
Microsoft Exchange Server.
Yes
Yes
Entourage 2008 uses the
WebDAV protocol to
communicate with the
Exchange server to manage
mail, contacts, and the
Calendar.
Outlook uses a MAPI-based
architecture to communicate
with the Exchange server.
Provides offline access to the
Global Address List (GAL).
No
Yes
51
Office 2008 Planning
Implemented in
Entourage 2008?
Implemented in
Outlook 2007?
Feature
Enables mapping between
subscribed public folders in
Entourage and public folder
favorites in Outlook.
No
No
Public folders that are set as
favorites in Entourage are not
established automatically as
favorites in Outlook. Users can
choose to subscribe to such
folders manually in Outlook.
Public folders that are set as
favorites in Outlook are not
established automatically as
subscribed public folders in
Entourage. Users can choose to
subscribe to such folders
manually in Entourage.
Enables Outlook forms,
voting buttons, and receipt
tracking.
No
Yes
Enables RTF message
formatting.
Compose/Send: No
Yes
Receive: When an RTF e-mail
message is sent to an Entourage
client, the Exchange server
converts the message into
HTML or Plain Text format
before sending it to the client.
Creates or modifies server-
based rules.
No
Yes
Yes
For information about creating
server-based rules, see How e-
2008 in the Office 2008
Planning section.
Synchronizes Tasks and
Notes with the Exchange
server.
No
For information about
synchronization, see How
Exchange Server in the Office
2008 Planning section.
52
Office 2008 Planning
Implemented in
Entourage 2008?
Implemented in
Outlook 2007?
Feature
Manages Exchange server
distribution lists
No
Yes
Synchronizes the following
with Outlook:
No
Not applicable
•
Personal
distribution list
•
Categories and
projects
Synchronizes S/MIME
certificates and contact
photos between Outlook and
Entourage
No
No
Planning Entourage security
Authentication and security in the WebDAV environment
You can configure Entourage to use the strongest authentication method that is available under
the current network and Microsoft Exchange configurations. Users may be authenticated to an
Exchange server in any of the ways listed for WebDAV transactions in the following table.
Please note that the types of authentication methods that are available for Microsoft Exchange e-
mail accounts can vary depending on whether authentication is performed on a front-end server
or on a back-end server.
Authentication
method
Type of
authenticating
server
Description
Basic
authentication
Back-end server
Basic authentication is the least secure authentication
method that is supported by Entourage 2008.
53
Office 2008 Planning
Authentication
method
Type of
authenticating
server
Description
Digest
authentication
Back-end server
for Exchange
2000 and
Digest authentication transmits passwords in hashed
form, which offers limited security. Digest
authentication can be used with or without Secure
Sockets Layer (SSL).
Exchange 2003
Client Access
server for
Exchange 2007
Integrated
Windows
(Kerberos and
NTLM)
Back-end server
for Exchange
2000 and
Integrated Windows authentication (formerly known as
NTLM authentication) is the strongest authentication
method that is supported by Entourage and Microsoft
Exchange. It incorporates its own encryption methods
and therefore does not require SSL.
Exchange 2003
authentication
Client Access
server for
Exchange 2007
Note In Microsoft Exchange Server 2007, Client
Access server supports Integrated Windows
authentication and HTTP 1.1 Digest authentication
for Exchange 2007 virtual directories. A Client
Access server that is redirecting to a back-end server
that is running Exchange 2000 or Exchange 2003
supports only Basic authentication and forms-based
authentication.
Client certificate-
based
authentication
Front-end server
Client certificate-based authentication is available with
Entourage 2008 for Mac Service Pack 1 (SP1). This
authentication is a type of two-factor authentication
that uses two separate items, a client certificate and a
password, to verify a user's identity.
54
Office 2008 Planning
Authentication
method
Type of
authenticating
server
Description
Forms-based
authentication
Front-end server
Forms-based authentication transmits user credentials
through HTML forms that users fill out. The credentials
are then processed by using Basic authentication.
Forms-based authentication requires SSL. Enabling
Forms-based authentication and SSL on a front-end
server makes it possible for an organization to provide
access to Microsoft Exchange resources from the
Internet with programs such as Outlook Web Access
and Entourage in a more secure manner.
Notes
•
When they use forms-based authentication,
users must enter their credentials either in the
universal naming convention (UNC) format
(for example, domain\username) or in the user
principal name (UPN) format (for example,
•
The default domain setting in Internet
Information Services (IIS) can be set only to \
(backslash). This restriction is designed to
support user logins that use the UPN format. If
the default domain setting is changed,
Exchange System Manager resets the default
domain setting to \ on the Web server.
•
Cookies are used the same way for Entourage
clients and Outlook Web Access clients that
are connected to an Exchange server. The
Exchange server authenticates the user by
using Forms-based authentication before
Entourage synchronizes the data. Subsequent
transactions during a session, including
synchronization, are authenticated by passing
a cookie from the client to the Exchange
server.
55
Office 2008 Planning
No matter what authentication method you use with DAV, the data is transmitted in a plain-text
XML stream between the user and the server. Third parties could discover this data by using
network monitoring or packet sniffing tools. If your users use Microsoft Exchange accounts for
critical or sensitive information, we recommend that you use SSL to encrypt the data that is
transmitted between the user and the server, particularly for users who access their accounts from
outside the corporate network. For added security when mail travels between your server and
servers outside your organization, we recommend certificate encryption.
the Office 2008 Planning section.
Configure external program access to Entourage 2008
You can configure Entourage 2008 to limit how applications that are external to Office use
Entourage to silently send e-mail or access the address book. Use the following procedure to set
the options for controlling external program access to Entourage 2008.
Set the options to control external program access
1. On the Entourage menu, click Preferences.
2. Under General Preferences, click Security.
3. Under Security, select the Warn before allowing an external application to send
mail check box and the Warn before allowing an external application to access the
Address Book check box.
When either of the above options is set, Entourage prompts the user with a warning and asks for a
response when an external application attempts to send mail or access the Address Book.
Customize Entourage 2008 attachment settings
To help protect your computer, Entourage 2008 blocks certain types of incoming attachments
because they could potentially introduce a virus to your computer.
As an administrator, you can view the default Attachment Policy property list (.plist) file, which
contains a list of the file types that Entourage automatically blocks. If you choose, you can create a
supplementary .plist file that overrides or extends the policy to block or allow file types that you
specify. You then can deploy this file to users' computers. The Attachment Policy property list
(.plist) file is located in Microsoft Entourage.pkg/Contents/Resources.
To edit a .plist file, you can use a property list (plist) editor, which is available as part of Apple's
XCode toolset. The default location for the plist editor on the hard disk is
/Developer/Applications/Utilities/Property List Editor. Various third-party plist editor products also
are available.
56
Office 2008 Planning
The types of files that are blocked or allowed when a user sends or receives a message are
specified in the Entourage 2008 Attachment Policy. For more information about the Attachment
If you want to change the Attachment Policy, create a supplementary .plist file as described in the
following procedure. Any changes made to the default Attachment Policy .plist file are subject to
override during application updates. Changes to the supplementary file will not be affected by
updates.
Create a supplementary Attachment Policy .plist file
1. Hold down CONTROL and click the Microsoft Entourage icon.
2. Click Show Package Contents.
3. Double-click Contents, and then double-click Resources.
4. Click AttachmentPolicy.plist, and then press ꢀ+D to duplicate the file.
5. Drag the duplicate file either to /Library/Preferences (to take effect for all users on the
computer) or to /Users/username/Library/Preferences (to take effect for a single user).
6. Rename the file com.microsoft.entourage.attachmentpolicy.plist.
7. Open the file in your property list (plist) editor.
8. Delete all individual String entries, but do not delete the Dictionary and Array entries.
9. In the AllowedAttachments list, create String entries for any file types that you want to
allow.
You can specify a file type by using a FilenameExtension, a MIMEContentFileType, or a
MacOSFileType.
Create the String entry as a child entry under the corresponding Array type.
10. In the UnsafeAttachments list, create entries for any file types that you want to block.
It is not necessary to specify file types that are already blocked in the default .plist file.
11. Save, and then close the file.
12. Quit, and then restart Entourage.
Note When specifying the file extensions, do not precede the extension with a dot (.). For
example, if you want to include the extension asp to your AllowedAttachments list, just specify
asp instead of .asp.
57
Office 2008 Planning
Digital certificate requirements for sending and receiving messages
The Entourage cryptography model uses public key encryption to send and receive digitally signed
and encrypted e-mail messages. Encryption makes a message unreadable to anyone other than
the intended recipient. To send an encrypted message, the sender must have a copy of the
recipient’s digital certificate. The message is encrypted specifically for each recipient by using the
recipient’s public key; it can be decrypted only by using the associated private key, which is stored
on the recipient's computer. Entourage uses the sender’s keys to read and write encrypted
messages in the Drafts or Sent Items folders, which allows users to review encrypted messages that
they have created. If the sender has no digital certificate, this review is not possible.
A digital signature helps the recipient verify the sender’s identity and the message integrity.
Digitally signing a message helps the recipient verify that you are the authentic sender and that
the contents of the message were not altered in transit.
Tip We recommend that digital certificates have a key size of 1,024 bits or more. Using a digital
certificate of this size makes it extremely difficult to decode an encrypted message or forge a
digital signature. For more information about the digital certificate key size, see Entourage
Help.
To
The digital certificate requirement is
Send an encrypted The sender must have a copy of each recipient’s digital certificate. The
message
sender does not need to have a digital certificate of his or her own. However,
if the sender does not have a digital certificate, he or she will not be able to
read the saved message in the Draft or Sent Items folder, and will not be
able to receive an encrypted response from a recipient.
Receive an
encrypted
message
The recipient must have a digital certificate of his or her own. The sender
must have a copy of the recipient's digital certificate in order to encrypt the
message.
Entourage 2008 can encrypt messages with any of the following encryption
algorithms: AES-256, AES-192, AES-128, and 3DES. Of these four algorithms,
3DES is the most compatible with other S/MIME applications and AES-256 is
the most secure.
Entourage 2008 supports the following signing algorithms for digital
signatures, which are listed from strongest to weakest: SHA-512, SHA-384,
SHA-256, and SHA-1. Of these four algorithms, SHA-1 is the most
compatible with other S/MIME application, and SHA-512 is the most secure.
58
Office 2008 Planning
To
The digital certificate requirement is
Send a
The sender must have a digital certificate of his or her own.
digitally-signed
message
Receive a
The recipient does not need a digital certificate of his or her own.
digitally-signed
message
Enable password encryption for POP and IMAP accounts
Before you deploy password encryption for your Entourage 2008 users who have POP or IMAP
accounts, you must know whether the POP server or IMAP server accepts password encryption. If
the server does not accept password encryption and users configure their accounts to use this type
of encryption, they might not be able to receive their incoming messages.
Enable password encryption for POP and IMAP accounts in Entourage 2008
1. On the Tools menu, click Accounts.
2. On the Mail tab, double-click the IMAP account or the POP account.
3. On the Account Settings tab, click Click here for advanced receiving options, and
then select the Always use secure password check box.
Enable SMTP authentication
If your POP or IMAP mail server requires SMTP authentication when Microsoft Entourage 2008 for
Mac users send messages, you can provide special login information to users for that purpose.
Different account IDs and passwords can be specified for sending and receiving messages.
Enable SMTP authentication in Entourage
1. On the Tools menu, click Accounts.
2. On the Mail tab, double-click the IMAP account or the POP account.
3. On the Account Settings tab, click Click here for advanced sending options, and
then select the SMTP server requires authentication check box.
4. If different account ID and password information is required, click Log on using, and
then enter the information.
Enable Secure Sockets Layer
If you enable Secure Sockets Layer (SSL) in Microsoft Entourage 2008 for Mac for a server that is
associated with a Microsoft Exchange account, all Entourage communications with the SSL-
enabled server are encrypted. SSL is required for forms-based authentication and is strongly
recommended for Basic authentication.
59
Office 2008 Planning
If you plan to deploy SSL for Entourage 2008 users, you must make sure that SSL is enabled on the
Exchange server. For information about how to enable SSL on an Exchange server, see Exchange
on the Microsoft TechNet Web site (technet.microsoft.com).
To use SSL with Entourage, the user's computer must trust the Exchange server's SSL certificate.
This might require importing a root certificate to the user's X509 Anchors keychain or the user
login keychain. For more information about this requirement, see How users manage digital
certificates in Entourage 2008 in the Office 2008 Planning section.
As the Microsoft Exchange account administrator, you will want to provide SSL setup instructions
to users, or you can enable SSL in a deployed account.
Enable SSL for an account in Entourage
1. On the Tools menu, click Accounts.
2. On the Mail, News, or Directory Service tab, double-click the account.
3. Do one of the following.
For this
Do this
account type
IMAP, POP,
and News
On the Account Settings tab, click either Click here for
advanced receiving options or Click here for advanced
sending options, and then select the options that you want.
Microsoft
Exchange
mail
On the Account Settings tab, select the This DAV service
requires a secure connection (SSL) check box.
•
To enable SSL on the public folders server, on the Advanced
tab, under Public Folders Settings, select the This DAV
service requires a secure connection (SSL) check box.
•
To enable SSL on the LDAP server, on the Advanced tab,
under Directory Settings, select the This LDAP server
requires a secure connection (SSL) check box.
Directory
service
On the Account Settings tab, click Click here for advanced
LDAP options, and then select the This LDAP server requires a
secure connection (SSL) check box.
60
Office 2008 Planning
How users manage digital certificates in Entourage 2008
To use encryption and digital signature features, the user must have a digital certificate - the
combination of a user's certificate and public and private encryption key set. Digital certificates,
also known as digital IDs, help to keep users' e-mail messages secure by letting them exchange
cryptographic messages. Managing digital certificates includes:
•
•
•
Obtaining digital certificates
Importing, exporting, or deleting a certificate from your computer
Installing root certificates
Obtaining digital certificates
You can issue a self-signed certificate or you can purchase digital certificates from a certification
authority (CA). For more information about how to obtain a digital certificate from a Certification
Authority, visit the Office Marketplace digital ID page
on the Microsoft Office Web site
(office.microsoft.com).
Importing, exporting, or deleting a certificate from the user computer
For more information about how to import, export, or delete digital certificates, see Entourage
Help.
Installing root certificates
Entourage uses root certificates, also called anchor certificates, to verify the authenticity of all
certificates that derive from it in a chain of trust. Mac OS X comes with a default set of root
certificates that are trusted. But users might have to install additional root certificates on their
computers in order to verify certificates that are issued by non-standard CAs.
To install a root certificate on the computer, the person installing it must have access to an
administrator account. Entourage looks for root certificates in the following locations:
•
•
X509 Anchors keychain on Mac OS X
X509 Anchors (not visible by default) and the login keychains on Mac OS X v10.5
(Leopard) and later
Caution
Entourage 2008 does not recognize any trust level settings defined for a certificate. The
improved Trust Settings in Mac OS X v10.5 (Leopard) allow you to configure different
levels of trust. For example, you can configure to Always Trust or Never Trust a
certificate. However, Entourage will ignore these settings.
61
Office 2008 Planning
Installing root certificate in Mac OS X
1. Double-click the .cer file to open the Keychain Access application.
2. In the Add Certificates dialog box, on the pop-up menu, click X509 Anchors, and then
click OK.
If you are asked to provide a name and password, use the administrator credentials.
3. Click View Certificates to verify the details of the certificate
4. Quit, and then restart Entourage.
Installing root certificate in Mac OS X v10.5
1. Double-click the .cer file to open the Keychain Access application.
2. In the Add Certificates dialog box, on the pop-up menu, click login, and then click OK.
If you are asked to provide a name and password, use the administrator credentials.
3. Click View Certificates to verify the details of the certificate
4. Quit, and then restart Entourage.
Plan for limiting junk e-mail
Settings for junk e-mail protection in Entourage 2008 can be customized to specify a protection
level and to always allow or always block messages from specific senders or domains. The
Entourage 2008 junk e-mail filter is periodically updated by Microsoft and is automatically
downloaded and installed on users' computers according to the settings in effect for Microsoft
AutoUpdate for Mac.
For information about how to set the level of junk e-mail protection, see Entourage 2008 Help.
Office 2008 Operations section.
62
Office 2008 Planning
Relocating multiple identities in Entourage to separate user accounts
It is not only possible to have separate Mac OS X login accounts for several individuals on one
computer — in Entourage, it is possible to have multiple Entourage user identities within a single
Mac OS X login account. This capability was created before the release of Mac OS X to allow
multiple users to more easily share Entourage on a single computer. Separate identities allowed
each user to have separate Entourage preferences, messages, Calendar events, and other items.
Now, however, this separation of Entourage user preferences is provided with better security and
ease of use by the multi-user login features of Mac OS X.
Therefore, we do not recommend setting up Entourage identities for multiple users within a single
Mac OS X login account. When an Entourage user logs in to Mac OS X, he or she should use his or
her own login account.
Difficulties that are associated with allowing multiple Entourage users to share a single Mac OS X
login account include the following:
•
•
•
Entourage security is compromised because there is no password protection between
the identities. Users can read each others' mail and can impersonate each other when
they are sending mail.
Computer security is compromised because users of all the identities have access to the
documents and network rights of the user whose Mac OS X login account they are
using.
Spotlight searches that are conducted from the Finder commingle results from all users'
Entourage data.
You can relocate multiple Entourage identities that exist within a single user login account to
separate Mac OS X user accounts. To relocate identities to separate user accounts, you must log in
by using the Administrator account. You can move the folder for an identity, or the whole
Microsoft User Data folder, to a shared folder. The user can then import the identity from the
shared folder when setting up his or her account. For more information on importing into
Entourage, see Entourage Help.
63
Office 2008 Planning
Smart card support
Entourage 2008 supports the use of digital certificate that have been stored on smart card-based
keychains to perform secure messaging operations such as digitally signing, verifying, encrypting,
and decrypting e-mail messages.
Smart card features in Entourage 2008
Entourage 2008 includes the following features:
•
Mac OS X has built-in smart card support that complies with the U.S. Department of
Defense standards for U.S. federal government smart cards. These standards follow one
of the approved specifications: Common Access Card (CAC), Government Smart Card
Interoperability Specification (GSCIS), Personal ID Verification (PIV).
•
•
Entourage users can now apply send or save a digitally signed e-mail message in their
Drafts folder.
When there are more than one certificate associated with an e-mail account, Entourage
uses the certificate that is not expired. If all the certificates associated with an e-mail
message are expired, Entourage displays an error message.
•
•
Entourage uses visual cues to distinguish between expired and current certificates.
Entourage uses symbols to identify the certificates used for digital signatures.
For information about Apple’s support for smart cards, see Smart Card Services
Developer Web site (developer.apple.com).
on the Apple
Using Entourage 2008 with ISA Server and ADAM
Internet Security and Acceleration Server (ISA Server) is compatible with most of the authentication
methods that can be used with Entourage 2008. However, you cannot use forms-based
authentication when Entourage 2008 is used with ISA Server 2004. For information about how to
use forms-based authentication in an ISA Server environment, see You cannot access your mailbox
the Microsoft Knowledge Base (support.microsoft.com).
For more information about ISA Server, see the Microsoft Internet Security and Acceleration
on the the Microsoft Web site (www.microsoft.com/isaserver).
If you provide secured external access to the Global Address List (GAL), you might prefer not to
open ports for LDAP searches through ISA Server. Instead, you can host a copy of the GAL on an
Active Directory Application Mode (ADAM) server that is exposed to the Internet for Secure
Sockets Layer (SSL) access. For more information about ADAM, see Introduction to Windows Server
on the Microsoft Web site (www.microsoft.com).
64
Office 2008 Planning
Important
When you use an ADAM server to provide GAL access, your Entourage users who are
located outside of corporate network will not be able to browse GAL like an Entourage
user who is connected directly to a Microsoft Windows Server 2003 based Global Catalog
Server inside the corporate network.
Using Entourage 2008 with Kerberos authentication
Entourage 2008 supports Kerberos protocol as a method of authentication with Microsoft
Exchange Server and standalone LDAP accounts. Kerberos protocol uses cryptography to help
provide secure mutual authentication for a network connection between a client and a server, or
between two servers.
Kerberos protocol is based on ticketing. In this scheme, a client must provide a valid user name
and password only once to prove their identity to an authentication server. Then, the
authentication server grants the client strongly encrypted tickets that includes client information
and the session key that expires after a specified period of time. The client then attempts to
decrypt the ticket by using its password. If the client successfully decrypts the ticket, it keeps the
ticket, which is now shared by the client and the server. This decrypted ticket indicates the proof of
the client's identity and is used to authenticate the client. The timestamp included in the ticket
indicates that it's a recently generated ticket and is not a replay attack. If an attacker tries to
capture and decrypt the information in a ticket, the breach will be limited to the current session.
The client can use the same ticket on the network to request other network resources. To use this
ticketing scheme, both the client and the server must have a trusted connection to the domain Key
Distribution Center (KDC).
Mac OS X includes built-in support for Microsoft Kerberos authentication and Active Directory
authentication policies, such as password changes, expiration and forced password changes, as
well as Active Directory replication and failover. By leveraging the Mac OS X Kerberos service,
Entourage 2008 uses the single sign on mechanism to offer better password handling and a
cleaner setup experience.
Kerberos authentication and Entourage
You should determine the type of authentication that your organization's Exchange server uses.
You can use Kerberos protocol or the other supported authentication methods: NTLM, basic
authentication, or forms-based authentication for the Exchange server. In Entourage, you do not
have control over the type of authentication methods that users choose. You should ask your users
to choose Kerberos authentication if your organization's Exchange server uses it and their
computer is connected to the corporate network. For more information about how to set up an
Office 2008 Deployment section.
65
Office 2008 Planning
When you set up your account in Entourage, you must click Use Kerberos authentication, or for
all other types of authentication, click Use my account information. When you choose the
Kerberos authentication method, the user, password, and domain text fields in the Use my
account information section are disabled. The disabled fields serve as a visual clue that Kerberos
authentication is mutually exclusive with the other available authentication. When Kerberos
protocol is enabled, it is used to attempt authentication against all of the servers related to the
account, such as HTTP or LDAP. When Kerberos protocol is disabled in the account settings,
Kerberos authentication will not be attempted against any of the servers related to the account.
For new Exchange accounts, Kerberos protocol is disabled by default with None selected in the
Kerberos ID pop-up menu. When you enable Kerberos protocol, Entourage allows the user to
choose or create a valid Kerberos ID. If the account is created using auto-detect, the Kerberos ID
pop-up menu is populated with the existing ID. Kerberos protocol attempts auto-detect against
servers if there is at least one Kerberos ticket present in the Mac OS X credential cache or a
_kerberos._tcp.<domain> record is available from the Domain Name Server (DNS). If the auto-
detect process is successful, the ticket is populated on the account’s Kerberos ID pop-up menu. If
the auto-detect process does not include a successful Kerberos authentication, the account’s
Kerberos setting will be disabled and Kerberos ID pop-up menu is set to None.
To create a new Kerberos ID, provide the user name, password, and realm information. Realm is
another name for a "domain" In the Authenticate to Kerberos dialog box, in the Name field, type
Account ID. This is sometimes the part of your e-mail address before the "@" symbol.
Note In the Realm field, you must type the domain name in all uppercase letters, such as
ALPINESKIHOUSE.COM.
Kerberos authentication for administrators
Kerberos authentication might fail if the account’s primary mailbox server does not support
Kerberos protocol or if the KDC fails. To ensure that users are authenticated successfully by using
Kerberos protocol, you should make sure that the KDC is up and running for users to access the
different network services. In enterprise and mission-critical environments, it's important for
administrators to create at least one failover KDC.
When Kerberos authentication fails, Entourage provides the option of using the other supported
authentication mechanisms. The types of authentication methods that are available for Microsoft
Exchange e-mail accounts can vary depending on whether authentication is performed on a front-
end server or on a back-end server. For more information about the different authentication
section.
66
Office 2008 Planning
Planning to use Office 2008
with related Microsoft products
Working with SharePoint sites and Office Live Workspace by using
Document Connection for Mac
Microsoft Document Connection for Mac, available as part of Microsoft Office 2008 for Mac
Service Pack 2 (12.2.0), makes it easy to work with files that are located either on a SharePoint site
or on Microsoft Office Live Workspace. By using this application, users can download, edit, and
upload documents that are on these sites. By using Document Connection for Mac, teams,
especially those in a mixed environment of Windows-based and Mac-based computers, can stay
connected and productive. The application provides easy access to the documents and
information that users have to have to make more informed decisions and to do their jobs more
efficiently.
Planning content management
If you administer or use a SharePoint site to share data, you should be aware of the following
features and limitations of Document Connection for Mac.
•
Users can browse through different sites, document libraries, and folders on a
SharePoint site or an Office Live Workspace by using Document Connection for Mac.
You must assign the appropriate permissions at the SharePoint Portal Server level for
users to browse through the sites. For more information, see the Planning site and
content security section.
Note A user must sign in to the Office Live Workspace by using a Windows Live ID.
•
A user can save any site, including the Office Live Workspace, to the navigation pane in
Document Connection for Mac. A user can also drag any site, library, and folder from
the file list to the navigation pane for quick access. For more information about how to
save a favorite file or location, see Document Connection for Mac Help.
67
Office 2008 Planning
•
•
A user can add a new document that is located on his or her computer to a SharePoint
site or Office Live Workspace by using the Add File feature in Document Connection for
Mac.
Note A user can also drag a file from the computer to the file list in Document
Connection for Mac.
If a SharePoint site has a template that is associated with it, a user can create a new
document based on the template by using the New File feature in Document
Connection for Mac.
Note Document Connection for Mac can open only a file that has an application
associated with it.
•
•
In Document Connection for Mac, a file cannot be deleted from a SharePoint site or
Office Live Workspace. To delete a file from these locations, use the Web browser.
If a file remains in the Drafts folder after it is saved to the server, a user cannot edit it,
check it in, or check it out. To remove this file from the Drafts folder, delete the
Document Connection.xml database from /Users/username/Library/Microsoft/Office
2008/Document Connection/. Also, in /Users/username/Library/Microsoft/Office
2008/Document Connection/, delete Document Connection.mdccache. Restart
Document Connection for Mac.
Planning site and content security
You can use basic authentication, Integrated Windows Authentication (NTLMv2), or the Kerberos
protocol as methods of authentication with the SharePoint server. To authenticate users to the
Office Live Workspace, Document Connection for Mac requires Windows Live ID.
As an administrator, you must plan for site security and assign permission levels to the users who
are to access content on SharePoint sites at the SharePoint Portal Server level. In the SharePoint
Portal Server, you can select users who will be authorized to access the content on a site. You can
also select the permission levels for these users to enable them to view, change, or manage a
particular site or documents within the site. The permission level controls all permissions for the
site and for any subsites, lists, document libraries, folders, and items or documents that inherit the
site's permissions. The following table describes the default permissions levels.
68
Office 2008 Planning
Permission
level
Description
Full Control User has administrator access to the site. This permission level cannot be customized
or deleted.
Design
Contribute
Read
User can view, add, update, delete, approve, and customize documents.
User can view, add, update, and delete documents.
User can only view documents.
Note If you set the permission level for a user to Read or Limited access, you
have to assign some additional permission settings to enable read-only access to
a site by using Document Connection for Mac. For more information about the
list of permissions for read-only access, see the tables in the List permissions for
read-only or limited access and the Site permissions for read-only or limited
access sections.
Limited
access
User can view application pages, browse user information, use remote interfaces,
use client integration features, and open documents.
For more information about how to manage the permission levels on the SharePoint Portal Server,
List permissions for read-only or limited access
You can restrict permissions to a list by using any of the following settings.
List permission
View Items
Description
View items in lists, documents in document libraries, and Web discussion
comments.
Open Items
View the source of documents by using server-side file handlers.
View forms, views, and application pages. Enumerate lists.
View Application
Pages
69
Office 2008 Planning
Site permissions for read-only or limited access
Assign additional permission settings to enable read-only access to a site by using Document
Connection for Mac. You can restrict permissions to a site by using any of the following settings.
Site permission
View Pages
Description
View pages on a Web site.
View information about users of the Web site.
Browse User
Information
Browse Directories
Enumerate files and folders in a Web site by using SharePoint Designer
and Web DAV interfaces.
Use Remote
Interfaces
Use SOAP, Web DAV, or SharePoint Designer interfaces to access the Web
site.
Use Client
Integration Features
Use features that start client applications. Without this permission, users
must work on documents locally and upload their changes.
Open
Allow users to open a Web site, list, or folder in order to access items
inside that container.
70
Office 2008 Planning
Working with external data sources in Excel
Excel 2008 can retrieve information from database servers, such as a computer that is running
Microsoft SQL Server or other external databases by using third-party Open Database Connectivity
(ODBC) drivers. After you download and install the ODBC drivers, you can use database queries to
retrieve the data. The following table describes each of the query types.
Query type Description
FileMaker
query
A FileMaker query is used to retrieve data from the FileMaker server. To interact with
a FileMaker database, users must have the FileMaker Pro application installed on
their client computers.
Web query A Web query is used to query data from a specific Internet or intranet site and
display the information directly in an Excel 2008 spreadsheet.
Note Web queries are handled by Secure Sockets Layer (SSL) connections.
For more information about how to create Web queries, see XL98: How to Create
(support.microsoft.com).
in the Microsoft Knowledge Base
Database
query
A database query is used to request information from database servers, such as a
computer that is running Microsoft SQL Server. To use Microsoft Query in Excel
2008, users must first install compatible ODBC drivers on their computers so that
they can retrieve the data from the database.
For information on how to import data from a database, see Excel 2008 Help.
Text query A text query is used to query the contents of a text file in Excel 2008.
71
Office 2008 Planning
Plan a strategy to control access to workbooks
As an administrator, you must assign the appropriate permissions to the user accounts that will be
connecting to the databases. Users must then provide their account information when they
connect to the external data source network (DSN) by using third-party ODBC drivers.
To connect to an external DSN, on the Data menu, click Get External Data.
Caution
If users have permissions that are too broad in scope, they might be able to modify
queries in Microsoft Query to add, delete, or modify data that is stored on the server or to
delete databases and tables.
To prevent unauthorized users from modifying queries and then saving them in the
database, make sure that all users have the correct permissions assigned to them at the
database server level. For example, you can restrict users who have permission to view
snapshots of workbooks from altering any of the data in the workbooks, or prevent them
from altering the query that is used to retrieve data. Users can still open, interact with,
refresh, and recalculate workbooks that have read restrictions; but they cannot save any
modifications to the workbook on the server. They can save revisions only locally.
Working with macros
Microsoft Visual Basic macros cannot be run or edited in Office 2008. But if you want to retain the
functionality of existing macros, you can convert them to a native Mac OS X scripting language
such as AppleScript or Automator.
To see the specific actions that are available in AppleScript or Automator for a specific Office
application, in the Finder, in the folder in which Office 2008 has been installed (usually the
Applications folder or /Users/username/Applications), drag the icon for the Office application from
the Microsoft Office 2008 folder to either the Script Editor application icon in
Applications/AppleScript or the Automator application icon in the Applications folder.
Although users cannot edit or run Visual Basic macros in Office 2008, documents that contain
Visual Basic macros can be opened, edited, and saved correctly in Office 2008. Documents that
contain macros can be passed back and forth between Office 2008 and other versions of Office
without loss of the macro coding; macros will continue to run in the versions of Office that
permit it.
For more information about Automator, see Working with Automator
Web site (developer.apple.com).
on the Apple Developer
72
Office 2008 Deployment
Office 2008 Deployment
Deploying Office 2008 applications
Creating the installation image
The first step in deploying Microsoft Office 2008 in a corporate environment is to create a network
installation point. To do this, you copy all of the source files from the Microsoft Office 2008 for
Mac CD to a shared location on your network. Then you deploy Office to users from this
installation point.
For more information about the different deployment methods that you can use for deploying
Planning section.
Create a default Office 2008 installation image on the network installation point
1. Prepare a computer on the network for the network installation point.
•
If the computer is currently running the Classic environment (Mac OS 9), switch to
Mac OS X, and then quit the Classic environment.
•
•
Turn off virus protection software, and quit any applications that are running.
Back up any existing Entourage identity folders from
/Users/username/Documents/Microsoft User Data/Office<version>Identities/ in one
of the following ways:
•
Create and deploy a script for renaming the existing Entourage identities on
each computer.
•
If you are in a relatively small setup environment, you can instruct users to back
up the Entourage identities that are stored in
/Users/username/Documents/Microsoft User Data/Office<version>
Identities/folderName and copy them to another location on their computers.
Note After you have deployed the Office 2008 applications, users can import
information from their previous identities. For information on how to import from
identities, see Entourage 2008 Help.
•
Remove any Dock icons for Office applications.
2. Insert the Office 2008 DVD into your DVD drive.
73
Office 2008 Deployment
3. Copy the .mpkg file from the DVD to a shared location on the network.
4. You can now deploy Office 2008 applications to users from this installation point. For
more information about deploying Office 2008, see the following topics in the Office
2008 Deployment section.
Installation by using Apple Remote Desktop
In this Office 2008 installation method, you use Apple Remote Desktop to deploy Office 2008 to
users' computers.
Important
When you deploy Office 2008 by using a remote connection, such as Apple Remote
Desktop, to a client computer at a login window, a postflight script in the Office Installer
causes the Dock application to open with root user privileges. Any applications
subsequently opened from the Dock will also be run with root user privileges. Under these
conditions, someone with physical access to the client computer can gain local elevation
of privilege. This security issue can only occur when Office 2008 is deployed to computers
that run Mac OS X v10.4.9 or a later version of Mac OS X v10.4 (Tiger). This is not an issue
for computers that run Mac OS X v10.5 (Leopard). For more information about this
To ensure a more secure deployment when you use a remote connection, such as Apple
Remote Desktop, you must delete the postflight script file from Office
Installer.mpkg/Contents/Packages/Office2008_<language>_dock.pkg/Contents/Resources
/. After the install, restart the computers. If you use Apple Remote Desktop 3 or later to
deploy Office 2008, you can choose the options that lock the screens during installation.
For more information about how to delete the postflight script file, see the "Install Office
2008 by using Apple Remote Desktop" section later in this topic.
Install Office 2008 by using Apple Remote Desktop
1. We recommend that you write an AppleScript script to perform the steps for preparing
the users' computers at the beginning of the installation process. For more information,
see the "Prepare a user computer for installation of Office 2008 when deployed by
using Apple Remote Desktop" section later in this topic.
If you do not use a script to perform all the steps that are required to prepare users'
computers, you will need to provide instructions for users to prepare their own
computers immediately before Office 2008 is installed.
74
Office 2008 Deployment
2. Copy Office Installer from the Office 2008 DVD to a writable volume.
3. Before you use the Office 2008 installer, delete the postflight script file from Office
Installer.mpkg/Contents/Packages/Office2008_<language>_dock.pkg/Contents/Resourc
postflight script, which is in the package that attempts to install icons in the Dock, runs
successfully. The postflight script causes the Dock application to close and then reopen.
To delete the postflight script, perform the following steps:
1. Copy Office Installer from the Office 2008 DVD to a writable volume.
2. Hold down CONTROL and click the Office Installer icon.
3. Click Show Package Contents.
4. Double-click Contents, and then double-click Packages, and then locate
Office2008_<language>_dock.pkg.
Note Replace <language> with the relevant two-letter language code, such as
en, ja, or fr.
5. Hold down CONTROL and click Office2008_<language>_dock.pkg, and then
click Show Package Contents.
6. Double-click Contents, and then double-click Resources, and then delete
postflight.
4. Set up Apple Remote Desktop to deploy Office 2008 to users' computers.
As an added security measure, we strongly recommend that you lock the screens of the
client computers before you deploy. If you use Apple Remote Desktop 3 or later to
deploy Office 2008, you can choose the options that lock the screens during installation.
You may want to instruct users to leave their computers on overnight so that you can
schedule the distribution during nonworking hours.
For an introduction to Apple Remote Desktop, see Apple Remote Desktop 3
Apple Web site (www.apple.com/remotedesktop). For detailed information, see the
on the
download from the Resources page in the same area of the Apple Web site.
5. After the install is finished, restart the client computers.
75
Office 2008 Deployment
Prepare a user computer for installation of Office 2008 when deployed by using
Apple Remote Desktop
1. If the computer is currently running the Classic environment (Mac OS 9), switch to Mac
OS X, and then quit the Classic environment.
To quit the Classic environment, on the Apple menu, click System Preferences, and
then click Classic. On the Start/Stop tab, click Stop.
2. Turn off virus protection software, and quit any applications that are running.
3. Back up any existing Entourage identity folders from
/Users/username/Documents/Microsoft User Data/Office<version>Identities/ in one of
the following ways:
•
Create and deploy a script for renaming the existing Entourage identities on each
computer.
•
If you are in a relatively small setup environment, you can instruct users to back
up the Entourage identities that are stored in
/Users/username/Documents/Microsoft User Data/Office<version>
Identities/folderName and copy them to another location on their computers.
Note After you have deployed the Office 2008 applications, users can import
information from their previous identities. For information on how to import from
identities, see Entourage 2008 Help.
4. Remove any Dock icons for Office applications.
Installing Office 2008 from a NetBoot image
When you configure Office as part of the NetBoot image, Office is made available to users
automatically when they start or restart their computers.
Note We recommend that you use a NetBoot image with Apple Remote Desktop installed and
configured. Otherwise, it is not possible to administer the client computers by using Apple
Remote Desktop after they start up from NetBoot.
Install Office 2008 from a NetBoot image
•
To install from a NetBoot image, include the installation image as part of the NetBoot
image. Office 2008 is then automatically made available to users when they start or
restart their computers. For more information about creating a NetBoot image, see your
server documentation.
76
Office 2008 Deployment
Prepare a user computer for installation of Office 2008
Before users load Office 2008 for the first time, their computers must be prepared by performing
the following steps
1. If the computer is currently running the Classic environment (Mac OS 9), switch to Mac
OS X, and then quit the Classic environment.
To quit the Classic environment, on the Apple menu, click System Preferences, and
then click Classic. On the Start/Stop tab, click Stop.
2. Turn off virus protection software, and quit any applications that are running.
3. Back up any existing Entourage identity folders from
/Users/username/Documents/Microsoft User Data/Office<version>Identities/ in one of
the following ways:
•
Create and deploy a script for renaming the existing Entourage identities on each
computer.
•
If you are in a relatively small setup environment, you can instruct users to back up
the Entourage identities that are stored in /Users/username/Documents/Microsoft
User Data/Office<version> Identities/folderName and copy them to another
location on their computers.
Note After you have deployed the Office 2008 applications, users can import
information from their previous identities. For information on how to import from
identities, see Entourage 2008 Help.
4. Remove any Dock icons for Office applications.
Installation from a file server
If you want to deploy Office 2008 from a file server, copy the disk image (.dmg) from the install
DVD to the shared location on the file server. You can then ask users to copy the .dmg from the
shared location and install Office on their local computers.
77
Office 2008 Deployment
Install Office 2008 from a file server
image in the Office 2008 Deployment section.
2. We recommend that you write an AppleScript to perform the steps for preparing the
users' computers before deploying the installation image.
If you do not use a script to perform all the steps that are required to prepare users'
computers, you will need to provide instructions for users to prepare their own
computers immediately before Office 2008 is installed.
For more information, see the "Prepare a user computer for installation of Office 2008
from a file server" section later in this topic.
3. Users should drag the .mpkg file from the shared location to their desktops, open it,
and then follow the Office Installer instructions. For information on how users can
cutomize the installation, see "Install a customized version of Office 2008" section later
in this topic.
Important
Installation under a volume license does not require that you enter a Product ID.
4. At the end of the installation process, users can apply all available service and security
releases and updates to the installation image by running Microsoft AutoUpdate for
Mac.
Users also can run AutoUpdate at any time by starting any Office application, and then
on the Help menu, clicking Check for Updates. The other option is to download
updates from the Downloads
(www.microsoft.com/mac).
page of the Microsoft Web site
Note You can customize the AutoUpdate settings to schedule the installation of
updates. For more information about how to customize these settings, see Configuring
AutoUpdate for Office 2008 in the Office 2008 Deployment section.
78
Office 2008 Deployment
Install a customized version of Office 2008
1. Double-click the Office Installer.
2. In the Select a Destination page, select the destination volume to install Office 2008.
Important
Installation under a volume license does not require that you enter a Product ID.
3. Click Customize.
4. Select or clear the check box next to each component that you want to include or not
include in the installation.
5. Click Install and follow the instructions to complete the installation process.
Prepare a user computer for installation of Office 2008 from a file server
1. If the computer is currently running the Classic environment (Mac OS 9), switch to Mac
OS X, and then quit the Classic environment.
To quit the Classic environment, on the Apple menu, click System Preferences, and
then click Classic. On the Start/Stop tab, click Stop.
2. Turn off virus protection software, and quit any applications that are running.
3. Back up any existing Entourage identity folders from
/Users/username/Documents/Microsoft User Data/Office<version>Identities/ in one of
the following ways:
•
Create and deploy a script for renaming the existing Entourage identities on each
computer.
•
If you are in a relatively small setup environment, you can instruct users to back up
the Entourage identities that are stored in /Users/username/Documents/Microsoft
User Data/Office<version> Identities/folderName and copy them to another
location on their computers.
Note After you have deployed the Office 2008 applications, users can import
information from their previous identities. For information on how to import from
identities, see Entourage 2008 Help.
4. Remove any Dock icons for Office applications.
79
Office 2008 Deployment
Installing Office 2008 for Mac updates in a corporate environment
Microsoft regularly updates its software to improve performance, improve security, or update
features. These updates are released either as an incremental release or a combo release.
An incremental release includes only the files that differ from the last updated release. A combo
release includes fixes from all the incremental releases since the last combo release.
For example, the Office 2008 for Mac 12.1.3 Update combo release includes fixes from the
previous incremental releases: Microsoft Office 2008 for Mac 12.1.1 Update and Microsoft Office
2008 for Mac 12.1.2 Update. Therefore, a user who has Office 2008 SP1 Update will be able to
directly install the Office 2008 for Mac 12.1.3 Update combo release.
Note For Office 2008, a combo release includes updates only from Office 2008 SP1 Update.
To deploy Office 2008 for Mac incremental release updates to client computers from a central
location, create your own Office 2008 image with the latest updates installed. Then deploy this
image to the users in the network.
For more information about the different methods to deploy Office 2008 to your user
The following steps provide guidance on how to create your own Office 2008 for Mac image with
updates and deploy to client computers:
1. Create a network installation point
1. If the computer is currently running the Classic environment (Mac OS 9), switch to Mac
OS X, and then quit the Classic environment.
2. Verify that your computer meets minimum system requirements. For more information,
3. Turn off virus protection software, and quit any applications that are running.
4. Log on to Mac OS X with a user account that has administrator access credentials.
2. Install Office 2008 for Mac
1. Insert the Office 2008 DVD into your DVD drive.
2. Install Office 2008 for Mac by double-clicking the Office Installer icon and then follow
the instructions in the Office installer.
3. Next, follow the instructions in the Office Setup Assistant to complete the setup
process.
80
Office 2008 Deployment
3. Install the latest updates
1. To install Office 2008 for Mac updates, on the Help menu, click Check for Updates.
2. Under How would you like to check for software updates?, select Manually. You
can now manually select the updates that you want.
Note Microsoft AutoUpdate for Mac, which is included with Office, can keep Microsoft
software up to date. When AutoUpdate is set to check for updates automatically on a daily,
weekly, or monthly basis, you do not have to search for critical updates and information;
AutoUpdate delivers them directly to your computer.
4. Package the new image
The following example uses PackageMaker (a tool that helps create installer packages) to create
the new Office 2008 for Mac metapackage.
Note PackageMaker is included in the Apple’s Developer Tools and is located in the
/Developer/Applications folder. Depending on the version that you are using, the
PackageMaker user interface will differ.
1. To define your Office package’s payload (product files), locate the Office 2008 for Mac
components to be included in the package and add them to the Contents pane in the
project window of the PackageMaker. If you are using PackageMaker 3.0.3, we
recommend that you include the Office folder, Additional Tools folder, Fonts folder,
Automator, and the different applications as individual components before you create
the metapackage. Including the whole Office 2008 for Mac folder as one component
could cause PackageMaker to stop responding.
Drag the following files and folders into the PackageMaker:
•
•
•
•
•
•
•
•
•
•
•
/Applications/Microsoft Office 2008/Additional Tools
/Applications/Microsoft Office 2008/Office
/Applications/Microsoft Office 2008/Entourage.app
/Applications/Microsoft Office 2008/Excel.app
/Applications/Microsoft Office 2008/PowerPoint.app
/Applications/Microsoft Office 2008/Word.app
/Applications/Microsoft Office 2008/Messenger.app
/Applications/Microsoft Office 2008/ReadMe.html
/Library/Automator
/Library/Application Support/Microsoft
/Library/Fonts/Microsoft
81
Office 2008 Deployment
2. In the Configuration tab, specify the following Install and Destination paths.
Office 2008
component
Install
Destination
Additional Tools
/Applications/Microsoft Office
2008/Additional Tools
/Applications/Microsoft
Office 2008/Additional
Tools
Office folder
/Applications/Microsoft Office
2008/Office
/Applications/Microsoft
Office 2008/Office
Microsoft
Entourage
/Applications/Microsoft Office
2008/Entourage.app
/Applications/Microsoft
Office 2008/
82
Office 2008 Deployment
Office 2008
component
Install
Destination
Microsoft Excel
/Applications/Microsoft Office
2008/Excel.app
/Applications/Microsoft
Office 2008/
Microsoft
PowerPoint
/Applications/Microsoft Office
2008/PowerPoint.app
/Applications/Microsoft
Office 2008/
Microsoft Word
/Applications/Microsoft Office
2008/Word.app
/Applications/Microsoft
Office 2008/
Microsoft
Messenger
/Applications/Microsoft Office
2008/Messenger.app
/Applications/Microsoft
Office 2008/
ReadMe.HTML
/Applications/Microsoft Office
2008/ReadMe.html
/Applications/Microsoft
Office 2008/
Application
Support
/Library/Application
Support/Microsoft
/Library/Application
Support/Microsoft
Automator
Fonts
/Library/Automator
/Library/Fonts
/Library/Automator
/Library/Fonts
3. Save your project file and build it to create the metapackage for distribution.
For more information about how to create installer packages by using the PackageMaker, see
5. Copy the new image to a shared location
After you create the .mpkg with all the updates for Office 2008 for Mac, copy it to a shared
location on the network.
6. Deploy the updated image of Office 2008
You can now deploy Office 2008 applications to users from this installation point. For more
information about how to deploy Office 2008, see the Office 2008 Deployment section.
83
Office 2008 Deployment
Configuring and deploying Office 2008 preferences
Configuring Office 2008 application preferences
Configuring Word 2008 preferences
You can standardize the settings for Word 2008 in your organization by configuring preferences
for the application and then deploying these preferences to users on the network. Word-specific
preferences are stored in the com.microsoft.Word.plist file. This preference (.plist) file is stored in
/Users/username/Library/Preferences.
Important
Use the same administrator account each time that you customize settings so that all
preferences are stored in the same folder on the computer. This is especially important if
you will be using Workgroup Manager to manage preferences later. Workgroup Manager
uses the preference files that are located in the home folder of the administrator who is
currently logged in.
To set preferences in Word, on the Word menu, click Preferences.
The following sections provide examples of the different types of preferences that you can set in
Word 2008.
Setting the default font for new documents
When you create a new document, Word uses the Normal template to determine the settings, such
as fonts, margins of the document, and styles. If you change the settings in this template, all new
documents that are based on this template will use the new settings. For example, if your company
standard font is 11-point Times, or if you want all new documents to use a larger font size for
easier readability, you can change the default font settings.
Note For a list of items that can be defined in a template, see "How document settings are
applied" in Word 2008 Help.
1. On the Format menu, click Font.
2. Select the options that you want to use for new documents.
3. Click Default.
4. When you are prompted to change the default font, click Yes.
This changes the Normal template.
84
Office 2008 Deployment
Setting default storage locations
You can set the default storage locations for documents, templates, and other items that users
create or use in Word 2008. By default, the documents are stored in /Users/username/Documents/
on the user computer.
Set default storage locations
1. In the Word Preferences dialog box, under Personal Settings, click File Locations.
2. Under File locations, in the list under File types, click the type of files that you want to
view, and then click Modify.
3. In the Choose a folder dialog box, click the name of the folder that you want to use as the
default storage location.
Setting default spelling and grammar options
You can set the default options for the spelling and grammar checkers in Word. In the Word
Preferences dialog box, click Spelling and Grammar, and then select the options that you want.
Note The default location of custom dictionaries is
/Users/username/Library/Preferences/Microsoft/Office 2008/. If you want to use a custom
dictionary that is stored in another location, you must add it to the list of dictionaries in the
Custom Dictionaries box.
Using add-ins
Add-ins created by using Microsoft Visual Basic do not work in Office 2008. However, if you want
to retain the functionality of existing add-ins, you can convert them to a native Mac OS X scripting
language such as AppleScript or Automator.
Configuring Excel 2008 preferences
You can standardize the settings for Excel 2008 in your organization by configuring preferences for
the application and then deploying these preferences to users on the network. Excel-specific
preferences are stored in the com.microsoft.Excel.plist file. This preference (.plist) file is stored in
/Users/username/Library/Preferences.
Important
Use the same administrator account each time that you customize settings so that all
preferences are stored in the same folder on the computer. This is especially important if
you will be using Workgroup Manager to manage preferences later. Workgroup
Manager uses the preference files that are located in the home folder of the
administrator who is currently logged in.
85
Office 2008 Deployment
To set preferences in Excel 2008, on the Excel menu, click Preferences.
The following sections provide examples of the different types of preferences that you can set in
Excel 2008.
Setting default storage locations
You can set the default location and search path for opening and saving Excel 2008 workbooks.
For example, if your organization uses shared workbooks, you can specify the default file location
in which the workbooks are saved. You also can specify the default folder that Excel uses to open
workbooks at startup.
Note If the shared workbook preference is set to use a network file server and the user opens
Excel 2008 before connecting to that server, Excel does not prompt the user to connect to the
file server. Also, if the user is not connected to the network file server and tries to view the
default file location setting under Preferences, no file location is displayed.
Set default storage locations
1. In the Excel Preferences dialog box, under Authoring, click General.
2. Next to the Preferred file location box, click Select.
3. In the Choose a Folder dialog box, click the name of the folder that you want to use as the
default storage location.
Using add-ins
Add-ins created by using Microsoft Visual Basic do not work in Office 2008. However, if you want
to retain the functionality of existing add-ins, you can convert them to a native Mac OS X scripting
language such as AppleScript or Automator.
Configuring PowerPoint 2008 preferences
You can standardize the settings for PowerPoint 2008 in your organization by configuring
preferences for the application and then deploying these preferences to users on the network.
PowerPoint-specific preferences are stored in the com.microsoft.PowerPoint.plist file. This
preference (.plist) file is stored in /Users/username/Library/Preferences.
Important
Use the same administrator account each time that you customize settings so that all
preferences are stored in the same folder on the computer. This is especially important if
you will be using Workgroup Manager to manage preferences later. Workgroup
Manager uses the preference files that are located in the home folder of the
administrator who is currently logged in.
86
Office 2008 Deployment
To set preferences in PowerPoint, on the PowerPoint menu, click Preferences.
The following sections provide examples of the different types of preferences that you can set in
PowerPoint 2008.
Setting default storage locations
You can set the default location and search path for opening and saving PowerPoint 2008
presentations. You also can specify the default location for narration files. By default, the
documents are stored in /Users/username/Documents/ on the user computer. If your organization
uses shared presentations, you can specify the default file location for saving presentations.
Note If the shared presentations preference is set to use a network file server and the user
opens PowerPoint 2008 before connecting to that server, PowerPoint does not prompt the user
to connect to the file server. Also, if the user is not connected to the network file server and
tries to view the default file location setting in PowerPoint under Preferences, no file location
is displayed.
Set default storage locations
1. In the Preferences dialog box, on the Toolbar, click Advanced.
2. Do one or both of the following:
•
For Default file location, click Select, and then click the name of the folder that
you want to use as the default storage location.
•
For Default narration file location, click Select, and then click the name of the
folder that you want to use as the default storage location.
Setting default spelling options
You can set the default options for the spelling checker in PowerPoint 2008. In the Preferences
dialog box, click Spelling, and then select the options that you want. Also, when you create a new
custom dictionary in Word 2008, this new dictionary is available automatically in PowerPoint 2008
as well.
87
Office 2008 Deployment
Configuring Entourage 2008 preferences
You can standardize the settings for Entourage 2008 in your organization by configuring
preferences for the application and then deploying these preferences to users on the network.
Important
Use the same administrator account each time that you customize settings so that all
preferences are stored in the same folder on the computer. This is especially important if
you will be using Workgroup Manager to manage preferences later. Workgroup
Manager uses the preference files that are located in the home folder of the
administrator who is currently logged in.
When you customize Entourage 2008, the information that you provide (such as preference
settings and server names) is divided, in each of the following two locations:
•
The Entourage 2008 identity database under the active identity name (in
/Users/username/Documents/Microsoft User Data/Office 2008 Identities/Main Identity)
•
The Entourage 2008 preference file, com.microsoft.Entourage.plist (in
/Users/username/Library/Preferences)
To deploy the customized information, you deploy both the preference files and the identity
database. The default name of this identity database and of the folder that contains the database
is "Main Identity."
Note The Entourage 2008 identity stores mailing lists, rules, signatures, address books, tasks,
calendars, account settings, Project Center information, and various preference settings. Before
you deploy a new identity to a user's computer, you must do one of two things:
•
Back up any existing Entourage identity databases on each user's computer by making
a copy of the database or databases that exist on that computer and storing this copy
in a different location on the computer.
•
Rename the existing Entourage identities. You may want to create and deploy a script
for renaming the existing identity or identities on each computer.
After you have deployed the Office 2008 applications, users can import information from their
previous identities. For more information, see Entourage 2008 Help.
To set preferences in Entourage, on the Entourage menu, click Preferences.
The following sections provide examples of the different types of preferences that you can set in
Entourage 2008.
88
Office 2008 Deployment
Setting calendar options
Calendar preferences include settings for the first day of the week, for the work-week calendar, for
work hours, and for the time zone for new events. In the Preferences dialog box, click Calendar,
and then select your calendar preferences.
Setting security options
You can apply uniform security settings for all of your Entourage 2008 users. For example, you can
configure Entourage 2008 to limit how applications that are external to Office use Entourage to
silently send e-mail or access the address book. In the Preferences dialog box, click Security, and
then select the options that you want.
For more information about planning Entourage security, see the Office 2008 Planning section.
Setting Spotlight options
You can set a preference to include Entourage items in Spotlight search results. In the Preferences
dialog box, click Spotlight, and then select the Include Entourage items in Spotlight search
results check box.
Configuring AutoUpdate for Office 2008
By default, Microsoft AutoUpdate for Mac is set to look for updates to Office 2008 applications
automatically once per week on a user's computer. However, you can modify the default setting to
specify a different schedule.
AutoUpdate preferences are stored in the com.microsoft.autoupdate2.plist file in
/Users/username/Library/Preferences. When you are deploying AutoUpdate preferences from a
central location, deploy this file.
Note If a user is logged in with an administrator account, the user can run AutoUpdate by
starting any Office 2008 application and then clicking Check for Updates on the Help menu.
Set AutoUpdate preferences
1. In /Users/username/Library/Application Support/Microsoft/MAU2.0/, double-click
Microsoft AutoUpdate.app.
2. Either click Manually, or click Automatically.
•
If you are planning to deploy updates centrally, click Manually to prevent
automatic updates on users' computers.
•
If you click Automatically, on the Check for Updates pop-up menu, click the
schedule that you want to use for installing updates on user computers.
89
Office 2008 Deployment
Adding custom templates, themes, scripts, and ancillary files
You can customize Microsoft Office 2008 installations by deploying custom templates, themes, and
other files to user computers. You also can either create and deploy a separate .pkg file specifically
for custom files or make custom files available to users on a file server.
To add
Do this
Custom templates to
Office
Copy your custom Office 2008 templates to
/Users/username/Library/Application Support/Microsoft/Office/User
Templates/My Templates/.
Custom themes to Office
Copy your custom Office 2008 themes to
/Users/username/Library/Application Support/Microsoft/Office/User
Templates/My Themes/.
If you have custom Theme Colors or Theme Fonts files, copy them to
the corresponding subfolders under My Themes.
Custom AppleScript
scripts to a specific Office
2008 application
Copy your custom scripts to Users/username/Documents/Microsoft
User Data/applicationName Script Menu Items/.
Any of the following to
Office:
If information from the earlier versions of Office is found on the user
computer, such as custom dictionaries, AutoCorrect lists, and
proofing tool settings, the information is copied to Office 2008
during the Office installation.
•
Custom
dictionaries
•
•
AutoCorrect lists
Proofing tools
preferences
90
Office 2008 Deployment
Office 2008 preference file locations for deployment
The following table specifies where the various types of Office 2008 preference files are stored.
Type of (.plist)
preference file
Location
Preferences for
Office 2008
/Users/username/Library/Preferences.
The application-specific preferences in this folder are stored in the
com.microsoft.ApplicationName.plist file.
Most Entourage 2008
preference and user
e-mail account settings
The Entourage identity database, which is located in
/Users/username/Documents/Microsoft User Data/Office 2008
Identities/identityName for each identity.
By default, a user has just one identity, "Main Identity."
The preference file for
Microsoft AutoUpdate
/Users/username/Library/Preferences.
The file name is com.microsoft.autoupdate2.plist.
The preference file for
Microsoft Error Reporting
Protocol
/Users/username/Library/Preferences.
The file name is com.microsoft.error_reporting.plist.
The supplementary
In one of the following:
Attachment Policy plist,
if you have created one
•
/Library/Preferences (to take effect for all users on the
computer)
•
/Users/username/Library/Preferences (to take effect for a
single user)
The file name is com.microsoft.entourage.AttachmentPolicy.plist.
When you deploy Office 2008 preferences, deploy these folders and files:
•
•
•
/Users/username/Library/Preferences/ and all the Microsoft preference files that it
contains.
Any other files as applicable from /Users/username/Library/Preferences folder and
/Library/Preferences.
If you are deploying Entourage 2008 preferences, also deploy
/Users/username/Documents/Microsoft User Data/Office 2008 Identities/identityName
and all the files that it contains.
91
Office 2008 Deployment
Deploying Office 2008 preferences
If you customize the Microsoft Office 2008 preferences, you can choose one of the methods that
are described below to deploy the preferences to users on the network. Before you deploy the
preferences, users must quit all Office applications. The preference setting changes are applied
when the users restart their computers.
Note You cannot redeploy an Entourage database after the user has begun to use Entourage
2008
Deploying preferences by using Workgroup Manager
You can use Workgroup Manager to deploy preferences and define privileges by user, by group,
or by computer and to perform a broad range of other workgroup management functions. It is
well suited for deploying preferences either before or after users begin to work with Office 2008
because you can manage individual preferences in a .plist file without disrupting other settings in
the same file. Workgroup Manager does not deploy entire .plist files; instead, it updates .plist files
on users' computers by writing individual key/value pair.
When you customize preferences, the customized .plist files are stored in the home folder of the
administrator account that you used to log in for that session. When you are ready to deploy these
customized preferences, you must log in with that same administrator account because
Workgroup Manager deploys the preference settings of the administrator who is currently
logged in.
There are some limitations in the way that Office 2008 works with Workgroup Manager:
•
Office 2008 preferences and settings that are not stored in .plist files cannot be
managed by using Workgroup Manager. In particular, Workgroup Manager cannot
deploy many of the Entourage preferences because most of them are stored in the
Entourage database for each identity instead of in .plist files.
•
Office 2008 does not provide preference manifest (.manifest) files; therefore, it cannot
use Workgroup Manager functionality that requires this type of file.
For information about Workgroup Manager, see Client Management
in the Mac OS X Server
area of the Apple Web site (www.apple.com/server). For detailed information about managing
preferences with Workgroup Manager, see the Mac OS X Server User Management
documentation available for download from the Apple Web site
(www.apple.com/server/documentation).
92
Office 2008 Deployment
Deploying preferences using Apple Remote Desktop
You can create a special .pkg file specifically for deploying preferences. You deploy this .pkg file to
the home folders on users' computers by using Apple Remote Desktop or by making the file
available for users to copy from a file server.
For information about Apple Remote Desktop, see Apple Remote Desktop Administrator's
on the Apple Web site at http://www.apple.com/remotedesktop.
Caution
When you deploy a preference file to a user's computer, the file overwrites all older files in
the target location, including all preference settings in those files. This could change user
preferences that you did not intend to standardize, and it could be disruptive to a user's
work. Therefore, we recommend that you deploy customized preference files before users
begin to work with Office 2008, or you should deploy only those .plist files that govern
settings for which you want to retain control (for example, the preference files for CEIP,
MERP, or AutoUpdate). On computers with multiple user accounts, you must deploy
preferences to the home folder of each user who has a separate Mac OS X login account.
Some settings, such as the mail server name, are stored in the Entourage 2008 database. You can
make changes to many of the Entourage database settings by using AppleScript and then
deploying the script to users. You deploy the script by using Apple Remote Desktop. To see the
specific Entourage settings that can be modified by using AppleScript, in the Finder, drop the
Entourage application icon that is located in the Office 2008 folder onto the Script Editor icon that
is located in the /Applications/AppleScript folder.
Note Some Entourage 2008 preferences cannot be changed by using a script. You also cannot
change preference settings by deploying the database with new settings to an existing
Entourage user identity, because the new database will override the existing local data for that
user.
Configuring Office 2008 applications
Configuring Exchange accounts in Entourage 2008
Users can set up a Microsoft Exchange Server account automatically by using the Account Setup
Assistant, or they can set it up manually by typing in the account information. For users of
Exchange 2007 Service Pack 1 ( SP1) and Entourage 2008 SP1, the Autodiscover service, which
supports automatic discovery of account settings, makes it easier for users to configure Exchange
accounts in Entourage 2008.
93
Office 2008 Deployment
Preparing the infrastructure
Before you provide your users with instructions to set up a Microsoft Exchange Server account, you
must understand the different server and server roles that Entourage 2008 connects to in your
organization's Exchange 2007 environment. For information about Exchange server requirements,
section.
•
When a user configures an account, the Entourage 2008 Account Setup Assistant
queries the DNS server to locate a domain controller. Next, it finds the Exchange server
that hosts the user's mailbox and then connects to the server to begin synchronization.
The mailbox contains private data that belongs to an individual user and contains
mailbox folders that are generated when a new mailbox is created for that user. For
more information about the mailbox server, see the Exchange Server
page on the
Microsoft TechNet Web site (technet.microsoft.com).
To perform the DNS Server query, the Account Setup Assistant uses a DNS server that is
configured in Mac OS X under Network Preferences. It is important that the user's
Network settings in System Preferences are properly configured with the appropriate
search domains and DNS server because Entourage uses this information to find servers
on a network.
•
Entourage 2008 connects to the Public Folder server to access the public folders.
Note Entourage 2004 connects to the Public Folder server to access both the public
folders and the free/busy information. Entourage 2008 uses the Microsoft Exchange
Server 2007 Availability service in Exchange 2007 to retrieve free/busy information for
users.
•
•
Entourage 2008 connects to an LDAP server, which in an Active Directory-based
environment is the Global Catalog server. The Global Catalog server is a distributed data
repository in an Active Directory environment that hosts the Global address list (GAL) of
your Exchange organization.
Entourage 2008 uses the Client Access server as the connection point to connect to the
Exchange 2007. In addition to being the connection point for client applications, the
Client Access server supports the following Exchange 2007 Web Services: Autodiscover
service and Availability service. The Autodiscover service enables automatic detection of
client profiles during the Microsoft Exchange account setup in Entourage 2008. The
Availability service retrieves free/busy information as stated earlier.
When connected to an Exchange 2007 SP1 Client Access server, Entourage 2008 also
supports the delegate management service.
94
Office 2008 Deployment
Note Entourage 2008 uses Port 80 (without SSL) or 443 (with SSL) depending on the
related configuration of the Exchange 2007 Client Access server. For more information
on the default port requirements for Entourage 2008, see Default ports for Entourage
2008 in the Office 2008 Planning section.
•
•
If you enable Secure Sockets Layer (SSL) in Entourage 2008 for a server that is
associated with a Microsoft Exchange account, all Entourage 2008 communications with
the SSL-enabled server are encrypted. For more information about how to enable SSL in
For more information about how to configure SSL on Exchange 2007, see the Exchange
on the Microsoft TechNet Web site (technet.microsoft.com).
Entourage 2008 supports Kerberos protocol as a method of authentication with
Exchange Server and standalone LDAP accounts. For more information about Kerberos
the Office 2008 Planning section.
Configuring an Exchange account in Entourage
Set up an Exchange account automatically
Users can set up their Exchange account automatically by performing the following steps:
Note To set up an Microsoft Exchange account automatically, users must know their Microsoft
Exchange account e-mail address.
1. Make sure that your computer is connected to your organization's network.
2. On the Entourage menu, click Account Settings.
3. Click the arrow next to New
, and then click Exchange.
If the New Account screen appears, click Setup Assistant.
4. In the Account Setup Assistant, type your e-mail address in the E- mail address box,
select the My account is on an Exchange server check box, and then click the right
arrow to continue.
5. Follow the instructions in the Account Setup Assistant.
95
Office 2008 Deployment
Set up an Exchange account manually from inside your organization's network
Users can set up their Exchange account manually from inside the organization's network by
performing the following steps:
Note To set up a Microsoft Exchange account manually, users must have the following
information: their e-mail address, account ID, password, domain, the name of the Microsoft
Exchange server, and the name of the organization's LDAP server that the Microsoft Exchange
account uses for the Global address list (GAL). They may also need the name or address of your
public folders server and other information about your organization's Microsoft Exchange
server configuration. In addition, if your organization is using two-factor authentication, users
may need to add a client certificate.
1. Make sure that your computer is connected to your organization's network.
2. On the Entourage menu, click Account Settings.
3. Click the arrow next to New
, and then click Exchange.
If you see the Account Setup Assistant, click Configure Account Manually.
4. On the Account Settings tab, in the Account name box, type the name that you want
to use to refer to this account in Entourage.
5. Under Personal Information, type the name and the e-mail address that you want to
use.
The name that you type appears in the "From" field of mail messages that you send
from the account.
6. Do one of the following:
To set up an account that
uses
Do this
An authentication
method other than
Kerberos
Click Use my account information, and then enter
your Account ID, domain, and password.
Kerberos authentication
Click Use Kerberos authentication, and then click a
Kerberos ID.
To create a new ID, click the Kerberos ID pop-up
menu, and then click Create a new ID.
96
Office 2008 Deployment
7. Under Server information, in the Exchange server box, type the name or address of
your Microsoft Exchange server.
8. Click the Advanced tab, and then under Public Folder Settings, in the Public folders
server box, type the name or address of your public folders server.
9. Under Directory Settings, in the LDAP server box, type the name or address of your
directory service server.
10. To add a client certificate for two-factor authentication, under Client Certificate- based
Authentication, click Select.
Note If your authentication certificate is located on a smart card, make sure to insert
the card into the reader before clicking Select.
11. To set digital signing and encryption options, click the Mail Security tab, and then
choose the options that you want.
Important
Depending on how your account administrator has set up your account, you may be
asked to enter your "Realm." This is another name for a "domain" If you are asked to
enter your "Realm" to log on to a Microsoft Exchange account, you must enter the name
in all uppercase letters, such as "ALPINESKIHOUSE.COM".
Set up an Exchange account manually from outside your organization's network
Users can set up their Exchange account manually from outside the organization's network by
performing the following steps:
Note To set up a Microsoft Exchange account from outside your organization's network, users
must have the following information: their e-mail address, account ID, password, domain, the
name of the organization's Outlook Web Access server. They may also need the name or
address of your public folders server and other information about your organization's Microsoft
Exchange server configuration. In addition, if your organization is using two-factor
authentication, users may need to add a client certificate.
1. On the Entourage menu, click Account Settings.
2. Click the arrow next to New
, and then click Exchange.
If you see the Account Setup Assistant, click Configure Account Manually.
3. On the Account Settings tab, in the Account name box, type the name that you want
to use to refer to this account in Entourage.
97
Office 2008 Deployment
4. Under Personal Information, type the name and the e-mail address that you want to
use.
The name that you type appears in the "From" field of mail messages that you send
from the account.
5. Click Use my account information, and then enter your Account ID, domain, and
password.
Note Kerberos authentication does not work if your computer is outside your
organization's network.
6. Under Server information, in the Exchange server box, type the address of the
Outlook Web Access server, for example mail.example.com.
If your organization uses Microsoft Exchange 2000 Server or Microsoft Exchange Server
2003, paste in the Web page address that you use to access Outlook Web Access, for
example http://mail.example.com/exchange.
Note In most cases when you connect from outside your organization's network, you
should check This DAV service requires a secure connection (SSL).
7. To add a client certificate for two-factor authentication, click the Advanced tab, and
then under Client Certificate- based Authentication, click Select.
Note If your authentication certificate is located on a smart card, make sure to insert
the card into the reader before clicking Select.
8. To set digital signing and encryption options, click the Mail Security tab, and then
choose the options that you want.
Note To enter the address of your organization's public folders server or LDAP server,
click the Advanced tab of the Edit Account dialog box. The public folders server is
frequently the same address as the Exchange server, for example, mail.example.com.
Configuring Office 2008 for multiple languages
If users need to use a language other than English with Office 2008, they must configure their
computers to recognize that language. If proofing tools are available for the language, these tools
must be installed on the local computers before users will be able to check spelling and use the
thesaurus in the language. The proofing tools for the different languages are stored in Microsoft
Office 2008/Office/Shared Applications/Proofing Tools/. For a list of proofing tools in Office 2008,
see "Proofing tools that are available for each language" in Word Help. For more information
about multilingual features in Office 2008, see "Multilingual features in Office 2008" in Word Help.
98
Office 2008 Operations
Enabling Japanese-specific formatting and editing features
Users can enable Japanese features by using the Microsoft Language Register, which is located in
Microsoft Office 2008/Additional Tools/. For information on how to enable Japanese features, see
Office 2008 Help.
Enabling European language features
European language support is available when one or more keyboard layouts for the supported
European languages are enabled. To enable European languages, on the Apple menu, click
System Preferences, and then under Personal, click International and then click the Input Menu
tab. To switch between languages, users can select the appropriate keyboard layout.
Office 2008 Operations
Maintaining Entourage 2008
Verifying database integrity
Use the Microsoft Database Utility to check the Microsoft Entourage 2008 for Mac database for
corruption if users notice any of the following while trying to use Entourage:
•
•
•
•
•
Entourage does not start, or it crashes.
Entourage items, such as e-mail messages or calendar events, do not open.
Blank lines appear in the Entourage message list.
Some contacts are missing from the Contacts list.
The Office Reminders window is blank.
99
Office 2008 Operations
Verify the integrity of the Entourage database
1. Quit all Office applications, including Entourage and Office Reminders.
2. Do one of the following:
•
•
Hold down the OPTION key and open Entourage.
In the Microsoft Office 2008/Office folder, double-click the Database Utility
application.
3. Click the name of the database that you want to verify.
4. In the Database Utility dialog box, click Verify database integrity, and then click
Continue.
5. Follow the instructions in the dialog box.
If the database is corrupted, you can rebuild it. For information about how to do this, see
Note To verify the disk integrity, you can run Apple Disk Utility, a diagnostics and repair
application that is available in /Application/Utilities/. Apple Disk Utility functions also may be
accessed from the Mac OS X command line by using the diskutil and hdiutil commands. For
more information about identifying and repairing hard disk problems, see your Mac OS X
documentation for the Apple Disk Utility application.
Rebuilding the Entourage database
If a Microsoft Entourage 2008 for Mac database is corrupted, you can repair it by rebuilding it.
When you rebuild the database, Entourage 2008 scans the original database that is stored in
/Users/username/Documents/Microsoft User Data/Office 2008 Identities/identityName. It then
copies all of the valid data blocks from the original database into a new database. This new
database becomes the active identity database that Entourage will use.
After Entourage finishes rebuilding a new database, it creates a backup folder in
/Users/username/Documents/Microsoft User Data/Office 2008 Identities. It copies all the files from
the original identity folder, including the original database with its original content, into this
backup identity folder. The name of the backup folder is the same as the original except for the
timestamp it displays after the name. The timestamp indicates the date and the time when the
backup folder was created.
100
Office 2008 Operations
Caution
To verify the disk integrity, you can run Apple Disk Utility, a diagnostics and repair
application that is available in /Application/Utilities/. Apple Disk Utility functions also may
be accessed from the Mac OS X command line by using the diskutil and hdiutil
commands. For more information about identifying and repairing hard disk problems, see
your Mac OS X documentation for the Apple Disk Utility application.
Rebuild the Entourage database
1. Quit all Office applications, including Entourage and Office Reminders.
2. Do one of the following:
•
In the Microsoft Office 2008/Office folder, double-click the Database Utility
application.
•
Hold down the OPTION key and open Entourage.
3. Click the identity of the database that you want to rebuild.
4. In the Database Utility dialog box, click Rebuild database, and then click Continue.
5. Follow the instructions in the dialog box.
If the computer does not have enough free disk space to store both the current
database and the copy of the database, an out-of-memory error occurs.
Compacting and backing up the Entourage database
You can use the Microsoft Database Utility that is stored in Microsoft Office 2008/Office/ to
compact and back up the Microsoft Entourage 2008 for Mac database.
Important
If an Microsoft Exchange account is used from both Entourage and Outlook, compacting
or rebuilding the Entourage database could cause duplication of the user's messages. To
avoid duplicating a user's messages, delete the Microsoft Exchange account in
Entourage before you compact or rebuild the Entourage database. Then re-create the
Microsoft Exchange account in Entourage after compacting or rebuilding of the
database is complete.
101
Office 2008 Operations
Compact and back up the database
1. Quit all Office applications, including Entourage and Office Reminders.
2. Do one of the following:
•
In the Microsoft Office 2008/Office folder, double-click the Database Utility
application.
•
Hold down the OPTION key and open Entourage.
3. In the Database Utility dialog box, click the name of the database that you want to
compact and back up.
4. Click Compact database, and then click Continue.
5. Follow the instructions in the dialog box.
When you compact the Entourage 2008 database, this process creates a backup copy of the
database, just as the rebuilding process does.
Managing Mac OS X system preferences
You might want to centrally manage various Mac OS X settings that affect the operation of
Microsoft Office 2008 or the security of users' computers. Some preferences are stored in the form
of Mac OS X system preferences; other settings are in the form of mechanisms such as the
Keychain Access application.
The following table provides examples of system preference settings that it might be useful for you
to manage centrally. These settings can be configured for the Internal Modem, Built-in Ethernet,
and Built-in FireWire interfaces.
System preference setting
Description
Search Domains on the TCP/IP
tab
Domain information for completing user-entered URLs that
are not fully qualified
DNS Servers on the TCP/IP tab
Preferred Domain Name System servers
Proxy server port settings
The proxy settings on the
Proxies tab
102
Office 2008 Operations
To access these settings, on the Apple menu, click System Preferences, and then under Internet
& Network, click Network. On the Show pop-up menu, click the interface that you are
configuring.
Several tools are available that can be used to set system preferences on users' computers:
•
•
•
Apple Workgroup Manager
Apple Remote Desktop command-line interface
AppleScript written to control the Mac OS X Terminal utility and deployed by using
Apple Remote Desktop. Terminal is located in /Applications/Utilities.
For information about Workgroup Manager, see Client Management
in the Mac OS X Server
area of the Apple Web site (www.apple.com/server). For detailed information about managing
preferences with Workgroup Manager, see the Mac OS X Server User Management
documentation available for download from the Apple Web site
(www.apple.com/server/documentation).
For an introduction to Apple Remote Desktop, see Apple Remote Desktop 3
site (www.apple.com/remotedesktop). For detailed information, see the Apple Remote Desktop
on the Apple Web
same area of the Apple Web site.
For information about the Terminal utility, see Terminal Help.
Distributing Office 2008 product updates
You can configure Microsoft AutoUpdate for installing updates automatically at scheduled
intervals from a central location. The changes that you make to AutoUpdate configuration is
stored in /Users/username/Library/Preferences/com.microsoft.autoupdate2.plist. For information
the Office 2008 Planning section. For more information about configuring AutoUpdate
After you configure your preferences in the com.microsoft.autoupdate2.plist file, you can deploy
your preferences to user computers by using Apple Remote Desktop or Workgroup Manager.
Perform the following steps to distribute product updates.
103
Office 2008 Security
Distribute Office 2008 product updates
AutoUpdate for Office 2008 in the Office 2008 Deployment section.
page of the
Microsoft Web site (www.microsoft.com/mac) to a central location on your network.
3. Use Apple Remote Desktop or the Workgroup Manager to distribute updates to user
computers. For an introduction to Apple Remote Desktop, see Apple Remote
Desktop 3
on the Apple Web site (www.apple.com/remotedesktop). For detailed
information, see the Apple Remote Desktop Administrator's Guide
documentation
available for download from the Resources page in the same area of the Apple Web site.
For more information about Workgroup Manager, see Deploying Office 2008 preferences
in the Office 2008 Deployment section.
Office 2008 Security
Planning for security in Office 2008
Understanding security threats
To establish a secure computing environment, you must make sure that your applications and data
are not vulnerable to malicious attacks. By using the security options in Office 2008, you can
establish a security-enhanced environment by limiting the possible avenues of attack.
This guide presents many different methods to mitigate security threats that will help you limit
direct attacks on data from external and internal sources. An important part of implementing these
methods is training users about how to protect themselves and the company from attack. This
training usually builds user awareness of security issues, and establishes ownership of the data that
users want to protect. For example, you can educate your users to distinguish between low-risk
files and high-risk files. Low risk files can be internal documents that may not contain malicious
content, such as documents from colleagues or business partners. High-risk documents are
documents from unknown people or documents that pass through an unsecured Internet
connection. It is important that users evaluate risks and mitigate potential security threats. Users
shouldn't treat both types of files the same way.
104
Office 2008 Security
Caution
There are no administrative settings that allow you to enforce security preferences that
you specify. Even if you set and deploy security preferences, users can change these
preferences at a later time. Therefore, if you are deploying security settings as part of your
organization's policy, you must educate your users about the risks associated with
changing default settings. Without proper training, users can expose an organization to
unauthorized or malicious use of its data. Establishing a corporate policy for how files are
distributed and handled helps mitigate security vulnerabilities caused by untrained users.
Before you plan and implement a security-enhanced environment, it is important to understand
the different types of security threats. The following sections of this topic list potential security
threats in today’s computing environment. The rest of the Security chapter addresses how to plan
for a secure computing environment and how you can configure the security options in Office
2008 to help address security concerns.
Privacy threats
Many documents contain metadata that should be protected, including text marked as "hidden",
author name, and changes tracked by Office 2008 revision tracking tools. This metadata is useful
because it enables users track document property data. However, in some cases users might not
want to expose the metadata when the document is distributed. By exposing the metadata, users
become vulnerable to privacy threats. Privacy threats include any threat agent that discloses or
reveals personal or private information without the user’s consent or knowledge. Word 2008, Excel
2008, and PowerPoint 2008 allow users to strip out sensitive metadata when the file is saved. With
Entourage 2008, you can use Internet-standard S/MIME security extensions; S/MIME allows users
to digitally sign and encrypt e-mail messages and attachments to help protect them against
tampering or eavesdropping.
For more information about planning and configuring security options that mitigate privacy
threats, see the following topics:
•
•
Configure privacy options in Office 2008 in the Office 2008 Security section
How users manage digital certificates in Entourage 2008 in the Office 2008 Planning
section
105
Office 2008 Security
Document threats
If your organization allows users to send and receive documents over the Internet, or if you believe
there are potential risks to users' documents from any unauthorized source, you should take the
necessary precautions against document threats. When intruders or attackers gain access to
proprietary information, it might result in the loss of confidentiality or document data. Users can
mitigate document threats if they use the password protection feature to encrypt documents in
Excel 2008 and Word 2008.
Note There are no administrative settings that enable you to force users to encrypt documents.
For more information about configuring document protection settings that mitigate document
section.
Code threats
If you connect to the Internet or allow others to use your computer, it is important that you take
the necessary steps to protect your system from harm, including attacks from malicious software.
Code and application threats pose a potential risk if your organization allows users to:
•
•
•
•
Run macros or add-ins.
Receive e-mail attachments.
Share documents across a public network, such as the Internet.
Open documents from sources outside your organization, such as clients, vendors, or
partners.
Excel 2008, Word 2008, and Entourage 2008 allow the use of strong encryption to help protect the
contents of documents so that they're unreadable by unauthorized people.
For information about configuring security settings for macros, see Configure security settings for
macros in Excel 2008 in the Office 2008 Security section.
106
Office 2008 Security
External threats
External threats can include threat agents such as hyperlinks, embedded objects in e-mails, and
data connections that link a document to another document, database, or Web site across an
intranet or public network.
External threats are a risk if your organization:
•
•
•
Provides users with unrestricted access to public networks, such as the Internet.
Allows users to receive e-mail messages that contain embedded images and HTML.
Allows users to use data connections in spreadsheets or other documents.
For information about planning and configuring security settings that mitigate threats from
Planning section.
Best practices for a security-enhanced environment
The following table lists some best practices for enhancing the security of the computing
environment in your organization.
Best practice
Consideration
Educate and train
users about the
security settings that
are available to
protect their
There are no administrative settings that allow you to enforce
security preferences that you specify. Even if you set and
deploy security preferences, users can change these
preferences at a later time. Therefore, if you are deploying
security settings as part of your organization's policy, you must
educate your users about the risks associated with changing
default settings.
documents.
Install all available
updates.
Turn on AutoUpdate to receive security patches or updates.
For more information about how to use the automatic update
feature in Office 2008, see Configuring AutoUpdate for Office
2008 in the Office 2008 Deployment section.
107
Office 2008 Security
Best practice
Consideration
Preset security
preferences.
You can preset security preferences and deploy these settings.
For more information about the security preferences that you
can configure, see the following topics in the Office 2008
Security section:
•
•
•
For more information about how to deploy your security
Office 2008 Security section.
Download files only
from trusted sources.
When you download a file from a Web site, make sure that you
know the source. When in doubt, don't download the file.
Install software only
from authentic
CDs/DVDs.
For example, all Microsoft CDs/DVDs have holograms to prove
their authenticity. In general, installing software from
authentic, commercially distributed CDs/DVDs is the safest
method.
Back up your data
regularly.
If a virus erases or corrupts files on your hard disk, a recent
backup might be the only way to recover your data. Back up
important files, such as documents, pictures, favorite links,
address books, and important e-mail messages.
For information about how to back up your Entourage
database, see Compacting and backing up the Entourage
database in the Office 2008 Operations section.
Don't open suspicious Even though the Entourage 2008 junk e-mail filter helps
e-mail messages or
files.
protect your Inbox from spam and phishing messages, it is a
good idea to avoid opening any attachment in a message that
you did not expect to receive, especially if the message is from
an unknown source.
108
Office 2008 Security
Best practice
Consideration
Reduce the access of
external network
connections to open
ports on your local
network.
Knowing which ports are open can help you assess the security
of your system or troubleshoot any connection issues. You
should close the ports that you do not use.
For more information about the ports that are used by
Office 2008 Planning section.
Implement password-
controlled access to
the network.
For more information about security in Mac OS X, see the
following topics in the Office 2008 Security section:
•
•
Use the password
protection features in
Office 2008 for
Word 2008 and Excel 2008 provide password protection
features.
For more information about how to use the password
protection features in Word 2008 and Excel 2008, see
Office 2008 Security section.
accessing documents.
Use executable files
with valid signatures.
Executable files purchased from software manufacturers should
always have a valid digital signature as part of a certificate
obtained from a certification authority. If a product does not
have a valid certificate of trust, we recommend that you do not
install it. However, if that is not an option, evaluate the product
before you distribute it to users to make sure that it performs
only as expected and does not intentionally or unintentionally
distribute a virus.
109
Office 2008 Security
Configuring and deploying security settings for Office 2008
Configure privacy options in Office 2008
Preference settings can help you mitigate privacy threats and control the disclosure of personal
information. For example, document metadata may contain the author's name and contact
information. To help ensure a high level of privacy, we recommend that users edit or remove any
author and contact information that is associated with documents.
Important
There are no administrative settings that allow you to enforce security preferences that
you specify. Even if you set and deploy security preferences, users can change these
preferences at a later time. Therefore, if you are deploying security settings as part of
your organization's policy, you must educate your users about the risks associated with
changing default settings.
Configure privacy options as recommended in the following table:
Privacy option
Description
Customer
If you choose to participate in the Customer Experience Improvement
Program (CEIP), which is a recommended best practice, Microsoft collects
anonymous feedback including application usage patterns and the
hardware configuration of the user's system. By default, users are not
enrolled in CEIP and they are not required to participate in the program.
Experience
Improvement
Program
Note Microsoft does not collect your name, address, or any other
personally identifiable information when you participate in CEIP.
Document
If users share copies of an Excel workbook or a Word document, they
should review any personal and hidden information and decide whether it is
appropriate to include. Users can configure personal information removal in
the Office 2008 Preference settings.
metadata that
contains user
information
Note Removing personal information affects the following areas:
•
Send to Mail Recipient.
•
Word 2008 comments and tracked changes.
110
Office 2008 Security
Maximize protection for private and personal information in the Office 2008
release
By default, users are not enrolled in the Customer Experience Improvement Program (CEIP). When
you run Office Setup Assistant, the default selection in the CEIP page is No, I don't want to
participate at this time. You can choose to leave the option selected as is. Your settings are
stored in /Library/Preferences/com.microsoft.instantfeedback.plist. When you deploy your
preferences, the settings that you specify are installed on the user computers. You can also specify
the preference settings for CEIP from any one of the Office 2008 applications.
Configure preference settings for CEIP
1. Open Word 2008, Excel 2008, PowerPoint 2008, or Entourage 2008.
2. On the Word, Excel, Powerpoint, or Entourage menu, click Preferences.
3. Do one of the following:
To
Do this
Word
Under Personal Settings, click Feedback.
Under Sharing and Privacy, click Feedback.
Click Feedback.
Excel
PowerPoint
Entourage
UnderGeneral Preferences, click Feedback.
4. Select No, I don't want to participate at this time.
Maximize protection for private and personal information in Word 2008
To help maintain the level of privacy that you want, you can edit or remove any of the author and
contact information that is associated with Office documents. The author and contact information
that you specify appears automatically in all of your Office documents, including those you share
with others, unless you remove your personal information from a document.
In Word 2008, you can also set options to receive warnings before printing, saving, or sending a
file with tracked changes or comments.
Set privacy options in Word 2008
1. On the Word menu, click Preferences.
2. Under Personal Settings, click Security.
3. Under Privacy options, do any of the following:
111
Office 2008 Security
To
Do this
Avoid unintentionally distributing
information about the document author or
the names associated with comments or
tracked changes
Select the Remove personal
information from this file on save
check box.
Receive warnings before printing, saving, or
sending a file that contains tracked changes
or comments
Select the Warn before printing,
saving, or sending a file that
contains tracked changes or
comments check box.
Maximize protection for private and personal information in Excel 2008
To help maintain the level of privacy that you want, you can edit or remove any of the author and
contact information that is associated with Office documents. The author and contact information
that you specify appears automatically in all of your Office documents, including those you share
with others, unless you remove your personal information from a document.
Set privacy options in Excel 2008
1. On the Excel menu, click Preferences.
2. Under Sharing and Privacy, click Security.
3. Under Privacy options, select the Remove personal information from this file on
save check box.
Maximize protection for private and personal information in
PowerPoint 2008
To help maintain the level of privacy that you want, you can edit or remove any of the author and
contact information that is associated with Office documents. The author and contact information
that you specify appears automatically in all of your Office documents, including those you share
with others, unless you remove your personal information from a document.
Set privacy options in PowerPoint 2008
1. On the PowerPoint menu, click Preferences.
2. Click Advanced, and then under User information, clear the Name field.
112
Office 2008 Security
You should also clear the user information from the document properties.
1. On the File menu, click Properties, and then click the Summary tab.
2. Clear the fields that you do not want to share.
Configure document protection settings in Office 2008
You can restrict access to documents by using password protection features for Word and Excel.
Review these features with users who send sensitive documents outside the organization or who
want to manage document content in a collaborative environment.
Here are some considerations for improving security in Word or Excel documents by using
passwords.
•
A user can require other users to enter a password to open or modify a document. A
user who does not have permission to modify a document can save the document only
by using a different file name.
•
•
Passwords are case-sensitive, so users must type a password exactly as it was created by
the document owner.
Users can protect specific elements in a sheet, protect an entire sheet, or protect an
entire workbook. They can also use passwords to restrict access to an entire workbook
or to restrict users to read-only access to a workbook.
Note Users should store Excel workbooks and sheets in locations that are available
only to authorized users. Hidden or locked data is not encrypted in a workbook. Given
sufficient time and knowledge, any user can obtain and modify any data in any
workbook he or she has access to. To help prevent this, and to help protect
confidential information, store workbooks and sheets in secure locations.
•
When users prepare a document for review by using the Track Changes feature in
Word, they can specify that others can change the document only by inserting
comments, or by inserting comments and tracked changes with revision marks. For
added security, users can assign a password to ensure that reviewers do not remove this
type of protection.
Configure password protection in Word
1. Open the document that you want to protect.
2. On the Word menu, click Preferences.
3. Under Personal Settings, click Security.
113
Office 2008 Security
4. Do any of the following:
To
Do this
Configure passwords for opening or
modifying the Word document
In the Password to open box or the Password to
modify box, type the password that you want.
Configure password protection for
specific document elements
Click Protect Document, and then select the type
of protection that you want.
Configure password protection in Excel
1. Open the workbook that you want to protect.
2. On the Excel menu, click Preferences.
3. Under Sharing and Privacy, click Security.
4. Do any of the following:
To
Do this
Configure passwords for opening or
modifying the workbook
In the Password to open box or the Password to
modify box, type the password that you want.
Configure password protection for
specific sheet elements
Click Protect Sheet, and then select the type of
protection that you want.
Note To learn more about the different options for protecting elements of a sheet, see
Excel 2008 Help.
Configure security settings for macros in Excel 2008
Excel 2008 includes specific settings that help you control how users are notified of potentially
unsafe macros. You cannot enable or disable macros or prevent encrypted macros from being
scanned for viruses. You can only set notification options that will warn users about macros.
After you configure notification options for macros in preferences, you can deploy the settings to
user computers. However, you should warn users about the risks associated with changing any
default security settings because their changes may override the settings that you have specified.
114
Office 2008 Security
Configure security settings for macros
You can use the following procedure to configure the default security setting for macros.
1. On the Excel menu, click Preferences.
2. Under Sharing and Privacy, click Security, and then select the Warn before opening a
file that contains macros check box.
Deploy Office 2008 security preferences
You can deploy the privacy options, document protection settings, and security settings for macros
by using Workgroup Manager or as part of a .pkg file. For more information about how to deploy
section.
Important
There are no administrative settings that allow you to enforce security preferences that
you specify. Even if you set and deploy security preferences, users can change these
preferences at a later time. Therefore, if you are deploying security settings as part of
your organization's policy, you must educate your users about the risks associated with
changing default settings.
Mac OS X security
Mac OS X passwords
In order to ensure a more secure computing environment, it is important to secure your computer
by choosing a good password for your user account. Mac OS X provides different types of
passwords, such as User account passwords, Administrator passwords, master passwords, and the
keychain passwords. For more information about Mac OS X passwords, see your server
documentation.
Mac OS X firewall
You can configure the Mac OS X firewall to permit or deny incoming network communications. To
use the Mac OS X services, such as file sharing, Windows Sharing, or File Transfer Protocol (FTP)
access, you must open specific ports to enable network communication for that service. For more
information about the Mac OS X firewall, see your server documentation.
115
Office 2008 Technical Reference
Office 2008 Technical Reference
Messaging reference
About Project Center
The Project Center helps users manage their projects by collecting all project information,
including e-mail messages, calendar events, contacts, tasks, and documents, in a single
consolidated view. Users can create a project, share it, and invite other Entourage users to
subscribe to it.
Project subscribers can add, remove, and modify project information. Subscribers can also invite
others to subscribe. To modify information in a shared project, users must have permission to
access both the shared project file and the location where it is stored. If the project folder is on a
network file server, you must provide users access to the file server where the project information
is shared. If users are invited to subscribe but do not have access to the file server, they will not be
able to join the project.
Users can use Project Center to save or archive a project by exporting it to a folder on their
computer or on a file server. We recommend that you encourage users to archive their projects
periodically to maintain a record of the items that are associated with a project, and the original
locations of those items.
Important
Because projects can contain sensitive information, you should require secure login
access to the network file server that is used to share and archive project information.
About phishing detection in Entourage 2008
Entourage 2008 helps protect users against issues created by phishing e-mail messages and
deceptive domain names. By default, Entourage 2008 screens phishing e-mail messages (e-mail
that appears to be legitimate but is designed to capture personal information, such as a user's
bank account number and password). Entourage 2008 also helps prevent unwanted e-mail
messages from deceptive users by warning about suspicious domain names in e-mail addresses.
116
Office 2008 Technical Reference
The following list shows the various ways that Entourage 2008 identifies links as potentially
dangerous and displays warnings in different situations.
•
Displays a pop-up ScreenTip with the full URL of the link when users hover over links in
e-mail messages.
•
•
Warns users when they click a link from a message that is in the Junk Mail Folder.
Warns users when they click links in HTML messages that have a domain name
mismatch.
•
•
Warns users when they click links in HTML messages that have mismatched protocols.
Warns users when they click links in HTML messages that use non-standard URLs,
including IP addresses, hexadecimal, octal, or DWORD representations.
•
Warns users about clicking links in HTML messages that have login information as part
of the URL.
Entourage 2008 phishing detection capabilities are not configurable.
About public folders
Public folders are a Microsoft Exchange Server feature that provide an effective way to collect,
organize, and share information with others in an organization. Public folders are synchronized
regularly and updated even when users are not connected to their Microsoft Exchange accounts.
Typically, project teams or user groups use public folders to share information about a common
area of interest.
When an Entourage 2008 user subscribes to an Exchange public folder, folders labeled Public
Folders appear in the Entourage 2008 folder list under the Microsoft Exchange mail account.
For more information about how users can subscribe to an Microsoft Exchange public folder, see
"Subscribe to an Exchange public folder" in Entourage 2008 Help.
Note Entourage 2008 does not support automatic mapping from subscribed public folders in
Entourage to public folder favorites in Microsoft Office Outlook. That means that subscribed
public folders in Entourage are not automatically designated as favorites in Outlook, and vice
versa.
117
Office 2008 Technical Reference
About delegation and sharing
Users can share or delegate their Microsoft Exchange account calendars, address books, and e-mail
folders.
Important
To use sharing and delegation, users must have mailboxes on a server running Microsoft
Exchange Server.
By using sharing, an account owner can give another user access to his or her Microsoft Exchange
calendars, address books, or mail folders. The shared folder appears under a separate account in
the designated user's mail folder list, and this user can read the other person's events, contacts, or
mail messages. Users can also give permission for another user to create, edit, and delete items in
the shared folder.
By using delegation, a delegate can view mail messages that are sent to the account owner. With
the account owner's permission, the delegate can send and reply to invitations and messages on
his or her behalf. Both the owner's account name and the delegate's account name appear on the
invitation or message.
When users share a folder, they can set permission levels that define what each user sharing the
folder can do:
Permission
level
Activities that a sharing user can perform
Owner
Create, read, modify, and delete all calendar, address book, private and public
folder, and mail folder items. As an owner, a user can change the permission
levels others have for the folder.
Publishing
Editor
Create, read, modify, and delete all items, and create subfolders.
Editor
Create, read, modify, and delete all items.
Publishing
Author
Create and read items, create subfolders, and modify and delete items.
Author
Create and read items, and modify and delete items.
Create and read items, and delete items.
Nonediting
Author
118
Office 2008 Technical Reference
Permission
level
Activities that a sharing user can perform
Read items only.
Reviewer
Contributor
Custom
Create items only.
Perform activities defined by the folder owner.
None
Not perform any activity. The user remains on the permissions list but has no
permission and cannot open the folder.
When users add a delegate, they can give the delegate separate permission levels for calendar,
inbox, and address book folders:
Permission
level
Activities a delegate can perform
Author
Read and create items, and modify and delete items that he or she creates. For
example, a delegate with Author permissions can create meeting requests
directly in the account owner's calendar and respond to meeting requests on the
account owner's behalf.
Editor
Do everything an author can do, plus modify and delete items that the account
owner created.
Reviewer
Read items only. For example, the delegate can read messages in the account
owner's inbox.
About data synchronization
Users can synchronize their Entourage data with other computers and devices by using different
synchronization methods, including Sync Services, Live Sync, or automatic synchronization features
in Microsoft Exchange Server. For example, by using Sync Services, users can synchronize their
Entourage address book, calendar, tasks, and notes with MobileMe, iCal, the Macintosh Address
Book, or with a handheld device such as a mobile phone or PDA.
The following list shows the different synchronization methods users can use to synchronize their
Entourage data with other applications and devices.
119
Office 2008 Technical Reference
Sync Services
Sync Services is a central database on the user's computer that keeps track of all the applications
and devices that share information. Users can use Sync Services to synchronize Entourage calendar
events, tasks, notes, and address book contacts with other applications, such as the Macintosh
Address Book, iCal, and MobileMe.
After users synchronize their Entourage contacts with the Macintosh Address Book and their
Entourage events and tasks with iCal, users can use iSync, an application that is included with Mac
OS X, to synchronize all of these items with an iSync-compatible mobile phone or PDA, or use
iTunes to synchronize them with iPod.
With a MobileMe account, users can use Sync Services to share Entourage items with others or
with Entourage on another computer.
Notes
•
•
•
•
To use Sync Services, users must have Mac OS X version 10.4.3 or later.
Only one Entourage identity can use Sync Services at a time.
Entourage can synchronize only one calendar and one address book at a time.
Fields that exist in other applications but not in Entourage are not synchronized.
Users can use Sync Services to synchronize the following Entourage items with the following
applications:
Entourage item
Events
Other application
iCal and MobileMe
Tasks
iCal and MobileMe
Notes
Entourage through MobileMe
Macintosh Address Book and MobileMe
Contacts
Microsoft Exchange Server
When they are using a Microsoft Exchange account in Entourage, users' e-mail messages, contacts,
calendar items, and other Microsoft Exchange folders are synchronized automatically. User
information is always up to date in Entourage and on the server running Microsoft Exchange
Server. However, there are other Entourage items that are not automatically synchronized. The
following sections list Entourage items that synchronize and do not synchronize with the Exchange
server.
120
Office 2008 Technical Reference
Entourage items that synchronize with the Exchange server
Entourage
item
Exchange server
Messages
All Microsoft Exchange mail folders, including subfolders, can be accessed by using
Entourage and are continually synchronized with the Exchange server
automatically. Depending on the network, new messages either display
automatically as they arrive or display after Entourage completes a check for new
messages on the server once every minute.
Address
Book
All Microsoft Exchange account address books and their contacts in Entourage are
continually synchronized with the Exchange server automatically.
contacts
Calendar
events
All Microsoft Exchange account calendars and their events in Entourage are
continually synchronized with the Exchange server automatically.
Note Entourage 2008 does not support Microsoft Office Outlook counter-
proposal invitations. If an Entourage user sends a meeting request to an
Outlook user and the invitee makes a counter proposal, the counter proposal
appears as text in the Entourage message body. The Entourage user must make
any meeting time adjustments manually.
To Do flags
Messages and contacts that have been flagged as To Do Items are synchronized
with the Exchange server, along with due dates, start dates, reminder dates, and
completed dates.
Entourage items that do not synchronize with the Exchange server
Entourage
item
Exchange server
Rules
Although rules stored on the Exchange server will run, users cannot change or
create new Exchange server-based rules by using Entourage.
Notes
Entourage notes are not synchronized with the Exchange server.
Entourage tasks are not synchronized with the Exchange server.
Tasks
Categories
Category information that users set in Entourage is not synchronized with the
Exchange server.
121
Office 2008 Technical Reference
User information is also available to any other applications that they use to connect to the
Exchange server, such as Microsoft Outlook on a Windows-based computer. If users are using both
Outlook and Entourage to access the same Microsoft Exchange account, they should be aware of
some differences in how the two applications display information:
Type of
information
Difference between Outlook and Entourage
Contacts' e-
In Entourage, users can store up to 13 e-mail addresses in a single contact. In
mail addresses Outlook on a Windows-based computer, users can store up to three e-mail
addresses. When contacts are synchronized, Entourage synchronizes the default
e-mail address with the E-mail field in Outlook. The next two addresses listed in
the Entourage contact are synchronized with the E-mail 2 and E-mail 3 fields in
Outlook.
Contacts'
mailing
addresses
A contact created in Outlook can have a mailing address labeled "other." This
label is unavailable in Entourage. When contacts are synchronized, Entourage
displays an address labeled as "other" as the "work" address. If users edit this
address in Entourage, then the next time contacts are synchronized, the address
label in Outlook changes to "business."
Contacts'
children's
names
In Entourage, users can store up to 10 children's names for each contact. If a user
has an Outlook contact with more than 10 children listed, you should advise
them against editing this contact in Entourage or all but the first 10 names will
be deleted when Entourage synchronizes the contact with the Exchange server.
Travel time in
The travel time in a calendar item created in Entourage does not appear in
calendar items Outlook. For example, if a user schedules an item for 1:00 P.M. to 2:00 P.M. with
a travel time of 15 minutes, the Outlook Calendar blocks out only the one-hour
scheduled time and does not include the travel time.
IMAP
With IMAP accounts, there are two synchronization options: using Live Sync and creating schedules
for subscribed folders. Users can use Live Sync to maintain the connection to the IMAP server and
apply changes they make to the read, unread, or flagged status of messages on the server, but
they can maintain the connection to only one folder at a time. Users can also create schedules that
synchronize their subscribed folders in Entourage with the IMAP mail server.
Users can use Live Sync and schedules to perform the following actions:
122
Office 2008 Technical Reference
Use
To
Live Sync
Live Sync
Maintain connection to the IMAP server for one folder.
Apply changes to the read, unread, and flagged message status of messages on the
IMAP server.
Schedules Receive new mail messages or news from the server at a set time.
Schedules Send all messages at a set time.
Schedules Delete mail messages from the Deleted Items folder or another folder at a set time
when the messages are older than a set number of days.
Schedules Delete junk e-mail at a set time.
POP
With a POP account, users can use schedules to set when they want Entourage to synchronize with
the POP mail server by sending or receiving mail messages.
Users can also set a POP account's server options to leave a copy of each message on the server,
delete messages after a set number of days, or delete messages after they are deleted from
Entourage.
Users can use schedules or server options to perform the following actions:
Use
To
Schedules
Schedules
Server options
Server options
Receive new mail messages at a time that the user sets.
Send all messages at a time that the user sets.
Leave a copy of each message on the server.
Delete messages from the server after they are deleted in
Entourage.
Schedules and server
options
Delete mail messages that are older than a set number of days.
123
Office 2008 Technical Reference
About Open XML Formats
Open XML Formats are the new default file formats for Word 2008, Excel 2008, and PowerPoint
2008. They are also the default file formats for the 2007 Microsoft Office system for the Windows
operating system. The new formats create smaller files that take up less space than the previous
formats, and they also make it easier to recover damaged files and share files.
For more information about how to open a file that is in a different file format, see "Open a file
that is in a different format" in Word 2008 Help. For more information about how to save a file to
a different file format, see "Save a document in a different format" in Word 2008 Help.
The default Open XML file name extensions for Office 2008 include the following:
File Name
Application
File Type
Extension
.pptx
Description
PowerPoint
2008
PowerPoint
Presentation
The default, XML-based presentation format
for PowerPoint 2008 for Mac and PowerPoint
2007 for Windows. Cannot store VBA macro
code.
PowerPoint
2008
PowerPoint
Template
.potx
.ppsx
Saves the presentation as an XML-based
template that you can use to start new
presentations. Saves presentation settings such
as fonts, color schemes, slide layouts, and
graphics.Cannot store VBA macro code.
PowerPoint
2008
PowerPoint
Show
Saves as an XML-based presentation that
always opens in slide show view. Compatible
with PowerPoint 2008 for Mac and PowerPoint
2007 for Windows.
PowerPoint
2008
PowerPoint
Macro-Enabled
Presentation
.pptm
.potm
The XML-based presentation format that
preserves VBA macro code. VBA macros do
not run in PowerPoint 2008.
PowerPoint
2008
PowerPoint
Macro-Enabled
Template
Saves the presentation as an XML-based
template that preserves VBA macro code.
Saves presentation settings such as fonts, color
schemes, slide layouts, and graphics.VBA
macros do not run in PowerPoint 2008.
124
Office 2008 Technical Reference
File Name
Extension
Application
File Type
Description
PowerPoint
2008
PowerPoint
Macro-Enabled
Show
.ppsm
The XML-based presentation format that
always opens in slide show view and preserves
VBA macro code. VBA macros do not run in
PowerPoint 2008.
PowerPoint
2008, Excel
2008, Word
2008
Office Theme
.thmx
Saves the font, color scheme, and background
of the file for you to use as a new theme.
Excel 2008
Excel Workbook .xlsx
The default, XML-based workbook format for
Microsoft Excel 2008 for Mac and Excel 2007
for Windows. Cannot store VBA macro code or
Excel 4.0 macro sheets.
Excel 2008
Excel Template
.xltx
Saves the workbook as an XML-based
template that you can use to start new
workbooks. Saves settings such as formatting,
headings, formulas, and custom toolbars.
Cannot store VBA macro code or Excel 4.0
macro sheets.
Excel 2008
Excel 2008
Excel 2008
Excel Binary
Workbook
.xlsb
.xlsm
.xltm
Stores data in binary format. Takes less time to
save, and helps keep sensitive data more
secure. Preserves VBA macro code and Excel
4.0 macro sheets. VBA macros do not run in
Excel 2008.
Excel Macro-
Enabled
Workbook
The XML-based workbook format for
Microsoft Excel 2008 for Mac and Excel 2007
for Windows that preserves VBA macro code
and Excel 4.0 macro sheets. VBA macros do
not run in Excel 2008.
Excel Macro-
Enabled
Template
Saves the workbook as an XML-based
template that preserves VBA macro code and
Excel 4.0 macro sheets. VBA macros do not run
in Excel 2008.
125
Office 2008 Technical Reference
File Name
Extension
Application
Excel 2008
File Type
Description
Excel Add-In
.xlam
Saves the active sheet as an XML-based add-
in, a supplemental program that is designed to
run additional code. Preserves VBA macro
code and Excel 4.0 macro sheets. VBA macros
do not run in Excel 2008.
Word 2008
Word 2008
Word
Document
.docx
.dotx
The default, XML-based document format for
Word 2008 for Mac and Word 2007 for
Windows.
Word Template
Saves the document as an XML-based
template that you can use to start new
documents. Saves document content and
settings such as styles, page layout, AutoText
entries, custom keyboard shortcut
assignments, and menus.
Word 2008
Word 2008
Word Macro-
Enabled
Document
.docm
.dotm
The XML-based document format that
preserves VBA macro code. VBA macros do
not run in Word 2008.
Word Macro-
Enabled
Template
Saves the document as an XML-based
template that preserves VBA macro code. VBA
macros do not run in Word 2008.
Attachment file types in Entourage 2008
Entourage 2008 does not allow users to receive attachments from certain file types that could
potentially carry a virus to their computers. The default list of unsafe file types is located in the
Attachment Policy property list (.plist) file. This file is located in Microsoft
Entourage.pkg/Contents/Resources/.
You can choose to edit the Attachment Policy .plist file to create a supplementary .plist file that
overrides or extends the policy to block or allow file types that you specify. You then can deploy
this file to users' computers. For more information about how to customize the attachment policy
126
Office 2008 Technical Reference
The following tables identify the file types that Entourage 2008 blocks.
Mac OS file types
Mac OS file type
Description
APPL
Executable Application
UDIF Raw Device Image
Disk Copy 4.2 Disk Image
NDIF Disk Image
devr
dImg
dimg, hdcm, hdro, rohd
DMdf, DMd0 - DMd7
DART Disk Image
dseg
hdrv
mpkg
pkg1
Plmg
osas
NDIF Disk Image Segment
Raw Disk Image
Installer Metapackage
Installer Package
DVD Master
Compiled AppleScript
Self-mounting Image
PC Drive Container
Safari Web Location
oneb
OPCD
ilht
127
Office 2008 Technical Reference
Mime content types
Mime content types
Description
application/x-csh
application/hta
C Shell Script
Hypertext Application
JavaScript Source Code
application/x-javascript,
application/javascript
text/javascript
application/x-sh
text/vbscript
Shell Script
VBScript Script File, Visual Basic for Applications Script
File name extensions
File name extension
Description
.ade
.adp
.app
.asp
Access Project Extension
Access Project
Executable Application
Active Server Page
BASIC Source Code
Batch Processing
.bas
.bat
.cer
Certificate File
.chm
.cmd
.com
.command
.cpl
Compiled HTML Help
Command Script File
Command Script File
Command Script File
Windows Control Panel Extension
Certificate File
.crt
128
Office 2008 Technical Reference
File name extension
Description
.csh
C Shell Script
.dart
.dc42
.der
DART Disk Image
Disk Copy 4.2 Disk Image
DER Encoded X509 Certificate File
Disk Copy 4.2 Disk Image
Safari download File
.diskcopy42
.download
.gadget
.exe
Windows Vista gadget
Executable File
.fxp
FoxPro Compiled Source
Windows Help File
.hlp
.hta
Hypertext Application
.img
NDIF Disk Image
.imgpart
.inf
NDIF Disk Image Segment
Information or Setup File
IIS Internet Communications Settings
IIS Internet Service Provider Settings
Internet Document Set, Internet Translation
JavaScript Source Code
JScript Encoded Script File
All Keychain Items
.ins
.isp
.its
.js
.jse
.keychain
.ksh
UNIX Shell Script
.lnk
Windows Shortcut File
129
Office 2008 Technical Reference
File name extension
.mad
Description
Access Module Shortcut
Access File
.maf
.mag
Access Diagram Shortcut
Access Macro Shortcut
Access Query Shortcut
Access Report Shortcut
Access Stored Procedures
Access Table Shortcut
Media Attachment Unit
Access View Shortcut
Access Data Access Page
.mam
.maq
.mar
.mas
.mat
.mau
.mav
.maw
.mda
Access Add-in, MDA Access 2 Workgroup
Access Application, MDB Access Database
Access MDE Database File
Access Add-in Data
.mdb
.mde
.mdt
.mdw
.mdz
Access Workgroup Information
Access Wizard Template
.mpkg
.msc
Installer Metapackage
Microsoft Management Console Snap-in Control File
Microsoft Shell
.msh
.msh1
.msh1xml
Microsoft Shell
Microsoft Shell
130
Office 2008 Technical Reference
File name extension
Description
msh2
msh2xml
mshxml
.msi
Microsoft Shell
Microsoft Shell
Microsoft Shell
Windows Installer File
Windows Installer Update
.msp
.mst
Windows SDK Setup Transform Script
NDIF Disk Image
.ndif
.ops
Office Profile Settings File
All keychain Items
.p10
.p12
.pcd
.pem
.pfx
All keychain Items
Visual Test
All keychain Items
All keychain Items
.pif
Windows Program Information File
Installer Package
.pkg
.pl
Perl Script File
.plg
Developer Studio Build Log
Windows System File
Program File
.prf
.prg
.ps1
Windows PowerShell
Windows PowerShell
Windows PowerShell
.ps1xml
.ps2
131
Office 2008 Technical Reference
File name extension
Description
.ps2xml
.psc1
.psc2
.pst
Windows PowerShell
Windows PowerShell
Windows PowerShell
Microsoft Exchange Address Book File, Outlook Personal
Folder File
.reg
Registration Information/Key for Windows 95/98, Registry
Data File
.scf
Windows Explorer Command
Compiled AppleScript
.scpt
.scr
Windows Screen Saver
Windows Script Component, Foxpro Screen
Shell Script
.sct
.sh
.shb
.shs
Windows Shortcut into a Document
Shell Scrap Object File
.smi
.sparseimag
.term
.tmp
.trm
.udif
.url
Self-mounting Image
Sparse Disk Image
Windows Terminal Script File
Temporary File/Folder
Terminal Script File
UIDF Disk Image
Internet locator
.vb
VBScript File or Any Visual Basic Source
VBScript Encoded Script File
.vbe
132
Office 2008 Technical Reference
File name extension
Description
.vbs
VBScript Script File, Visual Basic for Applications Script
Visual Studio .NET Binary-based Macro Project
Visio Workspace File
.vsmacros
.vsw
.webloc
.ws
Safari Web Location
Windows Script File
.wsc
Windows Script Component
Windows Script File
.wsf
.wsh
Windows Script Host Settings File
Exchange Public Folder Shortcut
.xnk
For information about the file types that are blocked by Microsoft Office Outlook 2007 for
Windows, see Blocked attachments in Outlook
(office.microsoft.com).
on the Microsoft Web site
Play voice mail messages received from Exchange Server
2007 Unified Messaging
If users are unable to play voice mail messages received from Exchange 2007 Unified Messaging,
do one of the following:
•
Ask users to download the Windows Media Player 9 for Mac OS X from the Windows
then play the voice mail message. The message will play in Windows Media Player
instead of from within Entourage.
133
Office 2008 Known Issues
•
Change the format of the audio codec on the Exchange 2007 Unified Messaging from
.wma to .wav, and then play the voice mail message from within Entourage. Exchange
2007 Unified Messaging can use any of the following three audio codecs to create and
store voice messages: Windows Media Audio (WMA), Group System Mobile (GSM)
06.10, or G.711 Pulse Code Modulation (PCM) Linear. The WMA audio codec creates
.wma audio files and the GSM 06.10 and G.711 PCM Linear audio codecs produce .wav
audio files. For more information about Exchange 2007 Unified Messaging audio
codecs, see Understanding Unified Messaging Audio Codecs
on the Microsoft
TechNet Web site (technet.microsoft.com). For more information on how to modify the
audio codec on the Exchange 2007 Unified Messaging dial plan, see How to Change the
(technet.microsoft.com).
on the Microsoft TechNet Web site
Office 2008 Known Issues
Security issue in Office 2008 remote installation
to Mac OS X v10.4 (Tiger)
Issue
When you deploy Office 2008 by using a remote connection, such as Apple Remote Desktop, to a
client computer at a login window, a postflight script in the Office Installer causes the Dock
application to open with root user privileges. Any applications subsequently opened from the
Dock will also be run with root user privileges. Under these conditions, someone with physical
access to the client computer can gain local elevation of privilege. This security issue can only
occur when Office 2008 is deployed to computers that run Mac OS X v10.4.9 or a later version of
Mac OS X v10.4 (Tiger). This is not an issue for computers that run Mac OS X v10.5 (Leopard). For
more information about this security issue, see Apple KB304131: "Remote Desktop: Installing a
. For information about how to install by using
134
Office 2008 Known Issues
Solution
Before you use the Office 2008 installer, delete the postflight script file from Office
Installer.mpkg/Contents/Packages/Office2008_<language>_dock.pkg/Contents/Resources/. A
prevents network deployment of Office 2008 Dock icons. However, a postflight
script, which is in the package that attempts to install icons in the Dock, runs successfully. The
postflight script causes the Dock application to close and then reopen. To delete the postflight
script, perform the following steps:
1. Copy Office Installer from the Office 2008 DVD to a writable volume.
2. Hold down CONTROL and click the Office Installer icon.
3. Click Show Package Contents.
4. Double-click Contents, and then double-click Packages, and then locate
Office2008_<language>_dock.pkg.
Note Replace <language> with the relevant two-letter language code, such as en, ja,
or fr.
5. Hold down CONTROL and click Office2008_<language>_dock.pkg, and then click
Show Package Contents.
6. Double-click Contents, and then double-click Resources, and then delete postflight.
Mitigations
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default
state, which could reduce the severity of exploitation of vulnerability. The following mitigating
factors may be helpful in your situation:
•
•
•
Mac OS X v10.5 (Leopard) is not vulnerable to this issue.
Restarting the client computers after the installation removes the vulnerability.
If you use Apple Remote Desktop 3 or later to deploy Office 2008, choose the options
to lock the screens during installation. If the screen is locked during installation, then
this vulnerability is not exposed.
Apple Web site (www.apple.com/remotedesktop). For detailed information, see the Apple
Resources page in the same area of the Apple Web site.
on the
135
Office 2008 Known Issues
I can't download the volume license version
of Office 2008 for Mac by using Safari
Cause: Downloading the volume license version of Microsoft Office 2008 for Mac is unsuccessful
when you use the Safari browser.
Solution: We recommend that you use the latest version of Mozilla Firefox Web browser
http://www.mozilla.com) to download the volume license versions of the Microsoft
Office 2008 for Mac suite or stand-alone applications.
Restricted users might have unauthorized access
to Office 2008 for Mac program files
Cause: An installation issue in Office 2008 for Mac could allow unauthorized access to Office 2008
program files.
Solution: Change the ownership permissions for Office 2008 files after installation.
Microsoft is aware of an issue with Office 2008 installation that could allow a local user that does
not have administrator privileges to access Office 2008 program files. The issue grants ownership
permissions to only the user account that is assigned user ID (uid) 502. This issue affects only
computers that have more than one local user account, and primarily affects environments, such as
public computer labs and workplace networks, where access to program files is restricted. This
issue will be corrected in a future update to Office 2008.
To fix this issue, a user with administrator privileges can manually adjust the ownership permissions
of Office 2008 by using the following procedure.
1. Log in to the computer by using a user account with administrator privileges.
2. In /Applications/Utilities, open Terminal.
3. In the Terminal window, type the following command on one line, and then press
RETURN.
/usr/bin/sudo /bin/chmod -R a-st "/Applications/Microsoft Office 2008"
"/Library/Automator" "/Library/Fonts/Microsoft" "/Library/Application Support/Microsoft"
4. When prompted, enter the password for the user account that you used to log in in
step 1.
136
Office 2008 Known Issues
5. In the Terminal window, type the following command on one line, and then press
RETURN.
/usr/bin/sudo /usr/sbin/chown -h -R root:admin "/Applications/Microsoft Office 2008"
"/Library/Automator" "/Library/Fonts/Microsoft" "/Library/Application Support/Microsoft"
6. If prompted, enter the password for the user account that you used to log in in step
Known issues for installation and removal of Office 2008
Last updated: July 2009
Dock icons are not installed during a remote installation
If you use Apple Remote Desktop to install Office 2008 on another computer on your network,
Dock icons are not installed.
Duplicate fonts are moved to the Fonts Disabled folder during installation
Fonts that are replaced by Office Installer are moved to either the /Library/Fonts Disabled folder or
the /Users/username/Library/Fonts Disabled folder so that you can save them or restore them, if it
is necessary.
Information in running applications might not be displayed correctly after
Office 2008 is installed
Office Installer makes changes to fonts, and if you have an earlier version of Office on your
computer, the Office Installer replaces old Office fonts with new fonts. If any running application is
using a font that is replaced by the Office Installer, that application could become unstable or
display information incorrectly.
If you encounter these issues, quit and then restart the application. If quitting and restarting the
application does not resolve the issue, restart the computer.
137
Office 2008 Known Issues
To change Office Installer settings so that Office Installer doesn't install new fonts, do the
following:
1. Insert the Office 2008 installation DVD in the DVD drive.
2. On the desktop, double-click the Microsoft Office 2008 DVD.
3. Double-click Office Installer, and then follow the instructions on the screen until you
reach the Installation Type page.
4. On the Installation Type page, click Customize.
5. Clear the Office Fonts check box.
6. Click Install, and then follow the instructions on the screen to complete the installation.
For more information about how fonts are installed by Office 2008, see KB948736 - Information
Office 2008 updates cannot be installed if the Microsoft Office 2008 folder
was moved, renamed, or modified
Office Installer installs Microsoft Office 2008 for Mac in the Applications folder. If you move the
Microsoft Office 2008 folder to another location on your computer, or if you rename or modify
any of the files in the Microsoft Office 2008 folder, you cannot install product updates. To correct
this issue so that you can install product updates, drag the Microsoft Office 2008 folder to the
Trash, and then reinstall Office 2008 from your original installation disk.
Office 2008 cannot be installed with the Office 2008 for Mac Trial Edition
If you currently have Office 2008 Trial Edition on your computer, you must remove it because this
free version will interfere with the Office 2008 installation.
Perform the following steps to remove Office 2008 Trial Edition:
1. In the Finder, open the Microsoft Office folder.
The default location of the Office folder is /Applications/Microsoft Office.
Note If you saved any documents in the Microsoft Office folder, move them to
another location.
2. In the Microsoft Office folder, open Additional Tools/Remove Office, double-click
Remove Office, and then follow the instructions on the screen.
3. Open /Users/user_name/Library/Preferences/Microsoft/Office 2008, click Microsoft
Office 2008 Settings.plist, and then on the File menu, click Move to Trash.
138
Office 2008 Known Issues
Office Installer cannot find a version of Office to upgrade or remove
If Office Installer does not find an upgrade-eligible version of Office, click Continue to skip the
search process. You will be given another opportunity to browse to the folder or CD that contains
the upgrade-eligible version of Office.
Office Installer and Remove Office use Spotlight to locate versions of Office that are installed on
your computer. If Spotlight is disabled or does not search folders where a version of Office is
located, Office Installer and Remove Office cannot find versions of Office that are eligible for
upgrade, or versions of Office that you might want to remove. Also, the search might take longer if
your computer has a slower processor or a very large hard disk.
Office Setup Assistant cannot import identities that were created in
Office v. X, Office 2001, or Office 98
Office Setup Assistant cannot import identities that were created in Office 98, Office 2001, or
Office v. X. To import these identities after installation, open Entourage 2008, and then on the File
menu, click Import.
Remove Office cannot remove versions of Office that are installed on a
network volume
Remove Office does not remove versions of Office that are installed on a network volume. To
remove these versions, drag the Microsoft Office 2008 folder to the Trash.
Remove Office moves templates in the My Templates folder to the Rescued
Items folder
Remove Office moves user-created templates that are stored in the My Templates folder of any
earlier version of Office to the Rescued Items folder on the desktop.
See also
139
Office 2008 Troubleshooting
Office Setup Assistant quits unexpectedly during
installation of Office 2008 for Mac to network home folders
Cause
There is insufficient available disk space for the login account.
Solution
Before you install Office 2008, make sure that the login account for a network home folder has at
least 20 MB of available disk space.
When I deploy Office 2008 for Mac SP1, the update is not
installed on client computers
Cause
When you use Apple Remote Desktop or the command line to deploy Office 2008 SP1 Update, a
script error in the installation package prevents deployment. Although Apple Remote Desktop or
the command line indicate that Office 2008 SP1 Update was deployed successfully, the update is
not installed on client computers.
Solution
Download the updated Office2008-1210Update.dmg file again from the Downloads
the Microsoft Web site (www.microsoft.com/mac).
Office 2008 Troubleshooting
Troubleshooting Entourage
Calendar issues
•
•
•
140
Office 2008 Troubleshooting
•
Connectivity issues
•
•
Database issues
Mail and other issues
•
•
•
•
•
•
•
•
•
•
141
|