Customizing Outlook Security Settings for End Users


You might choose not to deploy the public folder that applies settings to your Outlook clients (although by not doing so you re skipping a valuable security feature). If you don t, then Outlook 2003 will still apply the Level 1 and Level 2 restrictions discussed earlier, but with a twist: each user can customize his or her own copy of Outlook to control the Level 1 and Level 2 lists. The trick is to add a new string value named Level1Remove to the HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security key. The extensions you add here (separated by semicolons if there s more than one) are removed from the list of blocked Level 1 attachments, so creating a value of exe; pl would allow executables and Perl scripts to be saved to disk instead of blocking them completely. Actually, the extensions you specified are demoted from Level 1 to Level 2; they re not unblocked completely. End users cannot demote file types from Level 2 to being unprotected ; only administrators can do so.

If you want to add a new file type to the Level 1 list, you can do so by creating a new string value named Level1Add beneath the HKEY_CURRENT_USER\ Software\Microsoft\Office\10.0\Outlook\Security key.

Tip  

Sue Mosher maintains a page that includes links to tools that your users can use to customize their local attachment settings without directly editing the registry. See http://www.slipstick.com/outlook/esecup/getexe.htm . Alternatively, you can always set a value for Level1Remove as part of a GPO or system policy; that way, users get the values you want without having to spend time fiddling with their local settings.

Note  

To check whether a user has customized his or her Outlook security settings, use the Help About Microsoft Outlook command. Above the license information, Outlook displays the security mode (mine says Security Mode: Default); a user-customized machine will say Security Mode: User Controlled.

Of course, it is more likely that you ll want to prevent users from customizing their own security settings. The easiest way to do this is to add a new REG_DWORD value named DisallowAttachmentCustomization to the Outlook key at HKCU\Software\Policies\Microsoft\Office\11.0\Outlook . When this value is present, Outlook will ignore the Level1Add and Level1Remove keys mentioned earlier.




Secure Messaging with Microsoft Exchange Server 2003
Secure Messaging with MicrosoftВ® Exchange Server 2003 (Pro-Other)
ISBN: 0735619905
EAN: 2147483647
Year: 2004
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net