Tip

Outlook's protection against harmful files gives a one-two punch

Outlook 2003 has some mechanisms in place that sniff out potentially harmful file types and then deal with them.

Microsoft has set up two different mechanisms, known as Level 1 protection and Level 2 protection. Here's how they work.

For Level 1 protection, when a new e-mail arrives in a user's Inbox, Outlook looks at the attachment's extension to determine what type of protection should be applied to it. Microsoft has a list of about 50 different file extensions that are considered potentially harmful. If an inbound message contains an attachment with one of these extensions, then Outlook will block the attachment. (For the complete list of blocked file extensions, go to

    Requires Free Membership to View

http://www.microsoft.com/office/ork/2003/three/ch12/OutG07.htm.)

Level 2 protection is disabled by default. The idea behind Level 2 protection is that if you consider a file type to be potentially harmful, but occasionally have a legitimate business need for users to be able to open files of that type, then you can assign those file types Level 2 Protection. Level 2 protection prevents the file from being opened directly through Outlook, but does allow the file to be saved to an alternate location where it can then be opened. By assigning Level 2 protection, you remove the possibility of a macro automatically opening a potentially harmful file from within Outlook.

Both Level 1 and Level 2 protection are controlled through the system's registry. The main difference is the location. If you simply want to control Level 1 security, you can do so directly from a user's workstation. Level 2 security can only be implemented directly from an Exchange Server, though.

Edit the registry with extreme care
I will show you how to manipulate file protection, but you must remember that editing the registry is dangerous. Making an incorrect modification can destroy Windows and/or your applications. You should, therefore, make a full system backup before trying any of the modifications that I am about to show you.

Now let's take a look at how you assign Level 2 protection to a file. The actual technique that you would use depends on what you are trying to accomplish. If you simply want to remove Level 1 protection from a few file extensions, it is possible to do so without manually modifying the registry if you buy one of the third party add-ons for Outlook. If, however, you don't want to spring for the extra software, then you will have to change the restrictions manually.

To open the Registry Editor, enter the REGEDIT command at the Run prompt. After doing so, navigate through the registry to HKEY_CURRENT_USERSoftwarePoliciesMicrosoftOffice11.0OutlookSecurity. There is a chance that this registry location won't even exist, but if it does, then you need to look for a key in this location named DisallowAttachmentCustomization. If this key exists and has a value of 1, then a group policy is preventing the currently logged-in user from modifying the behavior associated with file attachments within Outlook.

Make blocked extensions welcome
You can also make a file extension that was previously blocked available. Microsoft's official recommendation is that if someone needs to send you a file of a type that is blocked, then the file should be either zipped or renamed so that the file will have a different extension. If this isn't an option, though, you can remove Level 1 protection from a file extension by opening the Registry Editor and navigating to HKEY_CURRENT_USERSoftwareMicrosoftOffice11.0Outlook. Beneath Outlook, there should be a Security container. If it exists, select it. If it doesn't exist, create it. Now select the New and String Value commands from the Registry Editor's Edit menu. Create a new string value named Level1Remove.

After you create this value, right click on it and select the Modify command from the resulting shortcut menu. Now enter a list of the extensions that you want to exclude from Level 1 protection. Each extension must be preceeded with a period and extensions must be separated by a semi colon. For example, if you wanted to exclude the extensions EXE, BAT and PIF, you would enter: .exe;.bat;.pif.

Now let's take a look at how to implement Level 2 protection. As I said earlier, Level 2 protection can only be set from an Exchange Server. To do so, go to your Exchange Server and open the Registry Editor. Navigate through the Registry to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMSExchangeWebOWA. At this location, you will find a key named Level2FileTypes. Simply modify the key to include the file extensions you want to assign Level 2 protection. File extensions should be separated by a comma and should not include the period. For example, if you wanted to assign the extensions EXE, BAT, and PIF, it would look like this: exe,bat,pif.

In case you are wondering, this same registry location contains another key called Level1FileTypes. You can use this key to control Level 1 protection directly from the server. All of the same basic syntax rules apply to this key as applied to the Level2FileTypes key.

Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Posey has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and numerous other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.

This was first published in April 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.