You might choose not to deploy the public folder that applies settings to your Outlook clients (although by not...
doing so you're skipping a valuable security feature). If you don't, then Outlook 2003 will still apply the Level 1 and Level 2 restrictions discussed earlier, but with a twist: each user can customize his or her own copy of Outlook to control the Level 1 and Level 2 lists. The trick is to add a new string value named Level1Remove to the HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security key. The extensions you add here (separated by semicolons if there's more than one) are removed from the list of blocked Level 1 attachments, so creating a value of exe; pl would allow executables and Perl scripts to be saved to disk instead of blocking them completely. Actually, the extensions you specified are demoted from Level 1 to Level 2; they're not unblocked completely. End users cannot demote file types from Level 2 to being unprotected; only administrators can do so.
If you want to add a new file type to the Level 1 list, you can do so by creating a new string value named Level1Add beneath the HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security key.
You are reading tip #3 from "8 tips in 8 minutes: A Microsoft Outlook email security tutorial," excerpted from Chapter 13 of Secure Messaging with Microsoft Exchange 2003 by Paul Robichaux, copyright 2004, published by Microsoft Press.
Tip: Sue Mosher maintains a page that includes links to tools that your users can use to customize their local attachment settings without directly editing the registry. Alternatively, you can always set a value for Level1Remove as part of a GPO or system policy; that way, users get the values you want without having to spend time fiddling with their local settings.
Note: To check whether a user has customized his or her Outlook security settings, use the Help | About Microsoft Outlook command. Above the license information, Outlook displays the security mode (mine says Security Mode: Default); a user-customized machine will say Security Mode: User Controlled.
Of course, it is more likely that you'll want to prevent users from customizing their own security settings. The easiest way to do this is to add a new REG_DWORD value named DisallowAttachmentCustomization to the Outlook key at HKCU\Software\Policies\Microsoft\Office\11.0\Outlook. When this value is present, Outlook will ignore the Level1Add and Level1Remove keys mentioned earlier.
8 tips in 8 minutes: A Microsoft Outlook email security tutorial
Tip 1: An overview of Microsoft Outlook email security features
Tip 2: Customizing the Microsoft Outlook Security Update
Tip 3: Customizing Outlook email security settings for end users
Tip 4: Setting up RPC over HTTP for Microsoft Outlook
Tip 5: Using S/MIME in Microsoft Outlook
Tip 6: Using Information Rights Management in Microsoft Outlook
Tip 7: Reaching into Microsoft Outlook's email security toolbox
Tip 8: Related resources on Microsoft Outlook email security
This chapter is an excerpt from Secure Messaging with Microsoft Exchange 2003 by Paul Robichaux, copyright 2004, published by Microsoft Press.
Dig Deeper on Microsoft Outlook