You might choose not to deploy the public folder that applies settings to your Outlook clients (although by not doing so you re skipping a valuable security feature). If you don t, then Outlook 2003 will still apply the Level 1 and Level 2 restrictions discussed earlier, but with a twist: each user can customize his or her own copy of Outlook to control the Level 1 and Level 2 lists. The trick is to add a new string value named Level1Remove to the HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security key. The extensions you add here (separated by semicolons if there s more than one) are removed from the list of blocked Level 1 attachments, so creating a value of exe; pl would allow executables and Perl scripts to be saved to disk instead of blocking them completely. Actually, the extensions you specified are demoted from Level 1 to Level 2; they re not unblocked completely. End users cannot demote file types from Level 2 to being unprotected ; only administrators can do so.
If you want to add a new file type to the Level 1 list, you can do so by creating a new string value named Level1Add beneath the HKEY_CURRENT_USER\ Software\Microsoft\Office\10.0\Outlook\Security key.
Tip | Sue Mosher maintains a page that includes links to tools that your users can use to customize their local attachment settings without directly editing the registry. See http://www.slipstick.com/outlook/esecup/getexe.htm . Alternatively, you can always set a value for Level1Remove as part of a GPO or system policy; that way, users get the values you want without having to spend time fiddling with their local settings. |
Note | To check whether a user has customized his or her Outlook security settings, use the Help About Microsoft Outlook command. Above the license information, Outlook displays the security mode (mine says Security Mode: Default); a user-customized machine will say Security Mode: User Controlled. |
Of course, it is more likely that you ll want to prevent users from customizing their own security settings. The easiest way to do this is to add a new REG_DWORD value named DisallowAttachmentCustomization to the Outlook key at HKCU\Software\Policies\Microsoft\Office\11.0\Outlook . When this value is present, Outlook will ignore the Level1Add and Level1Remove keys mentioned earlier.