Deploying Outlook security settings |
 |
By Paul Robichaux
17 May 2004 | SearchExchange.com |
|
|
The following is tip #11 from "20 Tips on securing Outlook in 20 minutes," excerpted from a chapter in Paul Robichaux's
book, Secure Messaging with Microsoft Exchange Server 2003 © 2004, published by Microsoft Press.
Return to the main page for more tips on this
topic.
After you configure the settings you want by creating items on the Exchange server, you still have to force Outlook to use
those settings. To enable this behavior, you'll need to deploy a new registry key to the client computers; that's why this is
best done during your initial rollout of Office or Outlook.
The simplest way to do this is to use the Custom Installation Wizard to include the registry key in a transform when you
deploy the Office System. If you've already deployed Office, you can use the Custom Maintenance Wizard to add the registry
key information to the client. However, neither of these methods is enforced, so clients can manually change their local
settings. If you want the new registry key to be enforced, you'll need to deploy it with a system or group policy.
If you're managing your Office installation with policies, adding this behavior is simple. Just add the correct policy
template (.adm file) so that your policy object includes the necessary key, then set the policy to apply to the target users.
If you use the System Policy Editor provided with the Office Resource Kit Toolbox, the correct templates are already loaded.
If you use the Active Directory Group Policy Object snap-in, you'll need to add the templates manually. The policy file
automatically passes your customized security settings to client computers each time users log on to the system.
So, what's the magic key you have to modify? The registry value is a DWORD named CheckAdminSettings and located under
HKEY_CURRENT_USER\Software \Policies\Microsoft\Security\. The value you put here determines where
Outlook searches for security settings. Table 1 shows which values do what.
Table 1: CheckAdminSettings Values
| Value |
What Outlook 2003 Does |
| Key not present |
Uses its default settings. |
| 0 |
Uses its default settings. |
| 1 |
Looks for settings in the Outlook Security Settings folder, applying them according to the defaults and specific users
you've specified. |
| 2 |
For Outlook 2002 and Outlook 2003 only: Looks for settings in the Outlook 10 Security Settings folder, ignoring any
settings in the Outlook Security Settings folder. Use this value when you want Outlook 2002 or Outlook 2003 and Outlook 2000
to use different settings. |
| Anything else |
Uses its default settings. |
Get more "20 Tips on securing Outlook in 20 minutes!" Return to the main page.
About the author: Paul Robichaux is a partner at 3sharp LLC, author of several books on Exchange, Windows, and
security, a Microsoft MVP for Exchange Server and a frequent speaker and presenter at IT industry conferences. He's written
software for everyone from the U.S. National Security Agency to scientists flying their experiments aboard the Space Shuttle,
fixed helicopters in the desert and spent way too much time playing video games.
|
|
|
|
