First you must download the "Administrative templates" for the version of Office you use. Here are some links:
Office 2003: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ba8bc720-edc2-479b-b115-5abb70b3f490
Office 2007: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7
Office 2010 beta: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3436a99-5c80-48ce-83e8-481f9c3d2288
Extract the files to a temporary folder.
Launch "Active Directory Users and Computers" (aka ADUC) and right-click the domain or OU you want to add the policy to. Select Properties and go to the "Group Policy" tab. You can then edit an existing policy or create a new one.
Once inside your GPO, right-click "Administrative templates" and select "Add/Remove Templates...". Click Add and browse to the temporary folder where you extracted your templates. The name of the template you need to load varies with the version of Office. For Office 2007 the file you need is "office12.adm". Click Close.
Back in your GPO, you will see settings that were not listed before. Browse to "Microsoft Office System 2007", Security Settings and the policy you need to enable is the third last.
At the next policy refresh (you can force a refresh on a client computer by typing "gpupdate" at a command prompt), the "read-only password" option in the "Save as..." dialog box of Word and Excel will be grayed out !
BTW if someone sets an edit password on a document, don't worry. Open the file as read-only and copy and paste the content in a new document.