Outlook Administrator Pack

If you utilize custom forms in your organization, you might want to implement the Outlook Administrator Pack. This pack is installed on the Exchange Server and enables you to customize some of the behavior of the security features in Outlook 2003, such as attachment blocking and the object model guard.

The Outlook Administrator Pack is not accessible from the main program menu of the Office Resource Kit. You must navigate to c:\Program Files\ORKTOOLS\ORK11\TOOLS\Outlook Administrator Pack. That folder contains one executable file: ADMPACK.exe. When installed, this package copies four files to a location you choose. Those files are

  • OutlookSecurity.oft This Outlook template enables you to customize the security settings on the Exchange Server.

  • Readme.doc This file contains instructions for using the OutlookSecurity.oft template and describes the values and settings needed to accomplish the desired security level.

  • Hashctl.dll This file is used for the Trusted Code control. This tool is used to specify trusted COM add-ins.

  • Comdlg32.ocx This ActiveX control provides a user interface to select trusted COM add-ins.

After you've extracted those four files, you can install the Administrator Pack on the Exchange Server. To install the Trusted Code control, use the following steps:

  1. Copy the Hashctl.dll file from your computer to the \windows\system32 folder on a computer with administrative privileges running Windows 2000 or Windows XP.

  2. Choose Run from the Start menu and type regsvr32 hashctl.dll.

  3. Copy the Comdlg32.ocx file to the \winnt\system32 directory.

  4. From the Start menu, choose Run and type regsvr32 comdlg32.ocx.

NOTE

Some installations of Windows 2000 and Windows XP have their Windows files stored in a WinNT directory. These machines are typically those that have been upgraded from Windows Me.


To configure the security settings using your Exchange Server, install the custom form in an Exchange public folder using the following steps:

  1. The administrator must create a folder named Outlook Security Settings or Outlook 11 Security Settings in the root folder of the Public Folder tree (directly under All Public Folders).

  2. Configure the folder permissions so that all users can read items in the folder. If users in addition to the administrator need to edit security settings, give them permissions to create, edit, and delete items in the folder.

  3. You can create security groups on the server that contain groups of users that need the same security settings. For example, if you have a set of power users who should be able to access Access database attachments, you can put them all in one security group. Then you can grant access to Access database files to just the one security group.

  4. On a computer with Outlook 2003 installed, open OutlookSecurity.oft from the directory you created when extracting the Administrator Pack.

  5. Choose the public folder created in step 1 when you're asked to choose a folder. This opens the template in compose mode.

  6. Select Tools, Forms, and choose Publish Form. This will publish the form to the current folder.

  7. When asked to enter a name for your form, choose Outlook Security Form and click Publish.

  8. Close the Outlook Security template and do not save changes.

  9. In Outlook 2003, select File, New, Choose Form.

  10. Navigate to the public folder and choose the Outlook Security Form. Click Open to display Figure B.1.

    Figure B.1. You can use the security form to customize Outlook's security settings.

    graphics/bfig01.jpg

  11. You can have multiple instances of the security form for different groups in your organization. Click Default Security Settings for All Users to create a basic security baseline for all users. You can then create another security form for the users who need their settings relaxed further. To create security settings for a group of users, select Security Settings for Exception Group. Then click Edit, Revise Contents to enter the names of individuals in your group. You can also enter the names of security groups in Active Directory.

  12. Some of the features you can control with the Security form are access to Level 1 attachments, restricting Level 2 attachments, and enabling scripts in one-off Outlook forms. Use the check boxes and option buttons on the Outlook Security Settings tab of the form to customize the form. When you're done, click the Programmatic Settings tab to display Figure B.2.

    Figure B.2. Use this tab to control programmatic access to the Outlook object model behind custom forms and VBA code.

    graphics/bfig02.jpg

  13. Use the option buttons on the second page of the form to control when users will see the security prompt for programmatic access to Outlook code, when programmatic access will be approved, and when programmatic access will be denied.

  14. The third page of the form, Trusted Code, is shown in Figure B.3. This page enables you to specify COM add-ins that you want Outlook to trust. No security prompts will be displayed for code that uses the default Application object in those COM add-ins. To add a COM add-in to the trusted list, click the Add button. Browse to the location of the add-in's DLL, select the DLL, and click Open. This will add the DLL to the trusted COM add-ins list.

    Figure B.3. Use this page to specify trusted COM add-ins.

    graphics/bfig03.gif

  15. When you're done making changes to the form, click the Close button located on any of the pages of the form. Outlook will prompt you twice for your username and password. The username and password you enter must be someone with full permissions on the public folder in order to update the form. After the form is updated, you must then edit the Registry on the user's machine to take advantage of the new security settings.

Now that you've configured the public folder form, you must modify the client to access this form and synchronize the security settings down to the local machine. To modify the client, use the following steps:

  1. Open the Registry Editor by clicking Start, Run, and typing Regedit. Click OK.

  2. Navigate to HKEY_CURRENT_USER\Software\Policies\Microsoft\Security\CheckAdminSettings.

  3. If the CheckAdminSettings key isn't there, you must add it as a DWORD. Its value should be one of the choices in Table B.1.

  4. Exit the Registry Editor and restart Outlook.

Table B.1. Registry Settings for Outlook Security

Key Value

Description

None, 0, any other value

Outlook uses the default administrative settings.

1

Outlook looks for the custom administrative settings in the Outlook Security Settings folder.

2

Outlook looks for the custom administrative settings in the Outlook 2003 Security Settings folder.

NOTE

In Outlook 2003, all COM add-ins are trusted by default. However, you can still use the Trusted COM add-ins section of the security form. If you do, you can restrict all but the COM add-ins you list from running with unrestricted access to the Outlook object model. If you don't use the public folder form, all COM add-ins are inherently trusted.




Special Edition Using Microsoft Office Outlook 2003
Special Edition Using Microsoft Office Outlook 2003
ISBN: 0789729563
EAN: 2147483647
Year: 2003
Pages: 426

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net