Ask the Expert

Prevent users from opening encrypted messages

We have found and enabled the Outlook 2003 group policy objects that prevent our users from sending signed and/or encrypted messages. How do we prevent our users from opening encrypted messages?

    Requires Free Membership to View

I'm most curious as to the reason you do not want encrypted or at least digitally signed e-mail. But we can save that for another time.

As you stated, the group policy objects for Outlook allows you to control the creation but not the viewing. If you are intent on not allow any S/MIME certificates, which are used for encrypting and digitally signing e-mail, you can actually configure your information stores in Exchange so they will not be able store S/MIME; this will also prevent the delivery of signed and encrypted items.

  1. Using the Exchange System Manager, navigate to the mailbox store that has your user mail on it.
  2. Now go to the properties page for the mailbox store.
  3. On the General tab, de-select the checkbox "Clients support S/MIME signatures."

This option was designed to allow compatibility for legacy clients but will have the affect that you are after. On the downside a non-delivery report will be returned to the originator of the encrypted or digitally signed message.

In my humble opinion, though, this is not to be done for security reasons. If you are doing this because your antivirus software doesn't support scanning encrypted e-mail, you should look for one that does, or simply look for one that uses the latest VSAPI (2.5 with Exchange 2003) where S/MIME scanning is supported natively.


Do you have comments on this Ask the Expert Q&A? Let us know.

This was first published in July 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: