Customizing Microsoft Outlook email security settings for end users

You might choose not to deploy the public folder that applies settings to your Outlook clients (although by not doing so you're skipping a valuable security feature). If you don't, then Outlook 2003 will still apply the Level 1 and Level 2 restrictions discussed earlier, but with a twist: each user can customize his or her own copy of Outlook to control the Level 1 and Level 2 lists. The trick is to add a new string value named Level1Remove to the HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security key. The extensions you add here (separated by semicolons if there's more than one) are removed from the list of blocked Level 1 attachments, so creating a value of exe; pl would allow executables and Perl scripts to be saved to disk instead of blocking them completely. Actually, the extensions you specified are demoted from Level 1 to Level 2; they're not unblocked completely. End users cannot demote file types from Level 2 to being unprotected; only administrators can do so.

If you want to add a new file type to the Level 1 list, you can do so by creating a new string value named Level1Add beneath the HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security key.

    Requires Free Membership to View

You are reading tip #3 from "8 tips in 8 minutes: A Microsoft Outlook email security tutorial," excerpted from Chapter 13 of Secure Messaging with Microsoft Exchange 2003 by Paul Robichaux, copyright 2004, published by Microsoft Press.
Tip: Sue Mosher maintains a page that includes links to tools that your users can use to customize their local attachment settings without directly editing the registry. Alternatively, you can always set a value for Level1Remove as part of a GPO or system policy; that way, users get the values you want without having to spend time fiddling with their local settings.

Note: To check whether a user has customized his or her Outlook security settings, use the Help | About Microsoft Outlook command. Above the license information, Outlook displays the security mode (mine says Security Mode: Default); a user-customized machine will say Security Mode: User Controlled.

Of course, it is more likely that you'll want to prevent users from customizing their own security settings. The easiest way to do this is to add a new REG_DWORD value named DisallowAttachmentCustomization to the Outlook key at HKCU\Software\Policies\Microsoft\Office\11.0\Outlook. When this value is present, Outlook will ignore the Level1Add and Level1Remove keys mentioned earlier.

8 tips in 8 minutes: A Microsoft Outlook email security tutorial

 Home: Introduction
 Tip 1: An overview of Microsoft Outlook email security features
 Tip 2: Customizing the Microsoft Outlook Security Update
 Tip 3: Customizing Outlook email security settings for end users
 Tip 4: Setting up RPC over HTTP for Microsoft Outlook
 Tip 5: Using S/MIME in Microsoft Outlook
 Tip 6: Using Information Rights Management in Microsoft Outlook
 Tip 7: Reaching into Microsoft Outlook's email security toolbox
 Tip 8: Related resources on Microsoft Outlook email security

This chapter is an excerpt from Secure Messaging with Microsoft Exchange 2003 by Paul Robichaux, copyright 2004, published by Microsoft Press.

Click here for the chapter download or purchase the book here.

This was first published in May 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: