Customizing Microsoft Outlook email security settings for end users

In this tip from "8 tips in 8 minutes: A Microsoft Outlook email security tutorial," you'll learn tricks to allow or prevent your users from customizing their own Microsoft Outlook email security settings.

You might choose not to deploy the public folder that applies settings to your Outlook clients (although by not doing so you're skipping a valuable security feature). If you don't, then Outlook 2003 will still apply the Level 1 and Level 2 restrictions discussed earlier, but with a twist: each user can customize his or her own copy of Outlook to control the Level 1 and Level 2 lists. The trick is to add a new string value named Level1Remove...

to the HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security key. The extensions you add here (separated by semicolons if there's more than one) are removed from the list of blocked Level 1 attachments, so creating a value of exe; pl would allow executables and Perl scripts to be saved to disk instead of blocking them completely. Actually, the extensions you specified are demoted from Level 1 to Level 2; they're not unblocked completely. End users cannot demote file types from Level 2 to being unprotected; only administrators can do so.

If you want to add a new file type to the Level 1 list, you can do so by creating a new string value named Level1Add beneath the HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security key.

You are reading tip #3 from "8 tips in 8 minutes: A Microsoft Outlook email security tutorial," excerpted from Chapter 13 of Secure Messaging with Microsoft Exchange 2003 by Paul Robichaux, copyright 2004, published by Microsoft Press.

Tip: Sue Mosher maintains a page that includes links to tools that your users can use to customize their local attachment settings without directly editing the registry. Alternatively, you can always set a value for Level1Remove as part of a GPO or system policy; that way, users get the values you want without having to spend time fiddling with their local settings.

Note: To check whether a user has customized his or her Outlook security settings, use the Help | About Microsoft Outlook command. Above the license information, Outlook displays the security mode (mine says Security Mode: Default); a user-customized machine will say Security Mode: User Controlled.

Of course, it is more likely that you'll want to prevent users from customizing their own security settings. The easiest way to do this is to add a new REG_DWORD value named DisallowAttachmentCustomization to the Outlook key at HKCU\Software\Policies\Microsoft\Office\11.0\Outlook. When this value is present, Outlook will ignore the Level1Add and Level1Remove keys mentioned earlier.


8 tips in 8 minutes: A Microsoft Outlook email security tutorial 

 Home: Introduction
 Tip 1: An overview of Microsoft Outlook email security features
 Tip 2: Customizing the Microsoft Outlook Security Update
 Tip 3: Customizing Outlook email security settings for end users 
 Tip 4: Setting up RPC over HTTP for Microsoft Outlook 
 Tip 5: Using S/MIME in Microsoft Outlook
 Tip 6: Using Information Rights Management in Microsoft Outlook
 Tip 7: Reaching into Microsoft Outlook's email security toolbox
 Tip 8: Related resources on Microsoft Outlook email security
 

Microsoft Exchange Server 2003 Delta GuideThis chapter is an excerpt from Secure Messaging with Microsoft Exchange 2003 by Paul Robichaux, copyright 2004, published by Microsoft Press.

Click here for the chapter download or purchase the book here.

This was first published in May 2007

Dig deeper on Microsoft Outlook

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close