Security zone changes |
 |
By Paul Robichaux
17 May 2004 | SearchExchange.com |
|
|
The following is tip #3 from "20 Tips on securing Outlook in 20 minutes," excerpted
from a chapter in Paul Robichaux's book, Secure Messaging with Microsoft Exchange Server
2003 © 2004, published by Microsoft Press.
Return to the main page for
more tips on this topic.
In Outlook 2002 and Outlook 2003, the default security zone setting is Restricted Sites,
rather than Internet. Within the Restricted Sites zone, active scripting is also disabled by
default. This security zone disables most automatic scripting and prevents Microsoft ActiveX
controls from opening without permission. This change is designed to protect against
malware that might be contained in HTML messages. As long as you leave the default Outlook
zone set to Restricted Sites, Outlook won't run scripts in HTML messages, and ActiveX
controls in those messages are deactivated. You should ensure that you always apply
Internet Explorer patches to all machines running Outlook, because Outlook uses Internet
Explorer to render HTML messages.
Get more "20 Tips on securing Outlook in 20 minutes!" Return to the main
page.
About the author: Paul Robichaux is a partner at 3sharp LLC, author of several
books on Exchange, Windows, and security, a Microsoft MVP for Exchange Server and a
frequent speaker and presenter at IT industry conferences. He's written software for
everyone from the U.S. National Security Agency to scientists flying their experiments aboard
the Space Shuttle, fixed helicopters in the desert and spent way too much time playing
video games.
|
|
|
|
