The following is tip #11 from "20 Tips on securing Outlook in 20 minutes," excerpted from a chapter in Paul Robichaux's book, Secure Messaging with Microsoft Exchange Server 2003 © 2004, published by Microsoft Press. Return
to the main page for more tips on this topic.
After you configure the settings you want by creating items on the Exchange server, you still have to force Outlook to use those settings. To enable this behavior, you'll need to deploy a new registry key to the client computers; that's why this is best done during your initial rollout of Office or Outlook.
The simplest way to do this is to use the Custom Installation Wizard to include the registry key in a transform when you deploy the Office System. If you've already deployed Office, you can use the Custom Maintenance Wizard to add the registry key information to the client. However, neither of these methods is enforced, so clients can manually change their local settings. If you want the new registry key to be enforced, you'll need to deploy it with a system or group policy.
If you're managing your Office installation with policies, adding this behavior is simple. Just add the correct policy template (.adm file) so that your policy object includes the necessary key, then set the policy to apply to the target users. If you use the System Policy Editor provided with the Office Resource Kit Toolbox, the correct templates are already loaded. If you use the Active Directory Group Policy Object snap-in, you'll need to add the templates manually. The policy file automatically passes your customized security settings to client computers each time users log on to the system.
So, what's the magic key you have to modify? The registry value is a DWORD named CheckAdminSettings and located under HKEY_CURRENT_USER\Software \Policies\Microsoft\Security\. The value you put here determines where Outlook searches for security settings. Table 1 shows which values do what.
Table 1: CheckAdminSettings Values
|Value||What Outlook 2003 Does|
|Key not present||Uses its default settings.|
|0||Uses its default settings.|
|1||Looks for settings in the Outlook Security Settings folder, applying them according to the defaults and specific users you've specified.|
|2||For Outlook 2002 and Outlook 2003 only: Looks for settings in the Outlook 10 Security Settings folder, ignoring any settings in the Outlook Security Settings folder. Use this value when you want Outlook 2002 or Outlook 2003 and Outlook 2000 to use different settings.|
|Anything else||Uses its default settings.|
Get more "20 Tips on securing Outlook in 20 minutes!" Return to the main page.
About the author: Paul Robichaux is a partner at 3sharp LLC, author of several books on Exchange, Windows, and security, a Microsoft MVP for Exchange Server and a frequent speaker and presenter at IT industry conferences. He's written software for everyone from the U.S. National Security Agency to scientists flying their experiments aboard the Space Shuttle, fixed helicopters in the desert and spent way too much time playing video games.