Administrator information about the Outlook e-mail security update

Article translations Article translations
Article ID: 263296 - View products that this article applies to.
This article was previously published under Q263296
Expand all | Collapse all

On This Page

Summary

This article provides information for Information Technology (IT) professionals and administrators about the Microsoft Outlook E-mail Security Update that was released on June 7, 2000.

IMPORTANT: This article does not include general information about the security update. Before you read this article, Microsoft recommends that you become familiar with the information in the following Microsoft Knowledge Base article:
262617 Information about the Outlook e-mail security update

More information

Overview

The Microsoft Outlook E-mail Security Update provides many security features that are designed to prevent the spread of malicious attachments and custom code. If you are using Microsoft Exchange Server, administrators can control the behavior of these new features. However, for administrators to customize settings, users must have their mail delivered to an Exchange Server mailbox. Any configuration that has incoming mail delivered to a Personal Folders (.pst) file cannot use customized settings (for example, if you are using Outlook in Internet Mail Only (IMO) mode).

Users cannot control any of the customizable settings because the administrator controls all of the settings. The settings are stored in a public folder on the Exchange Server computer, and only the administrator has full access to the folder; all other users are given read-only permissions. When a user starts Outlook, Outlook checks a Windows registry key to see if the administrator has specified that the user can use customized settings. If the registry key is not found, or the registry key is not set to enable customized settings, Outlook uses the default maximum security settings and all of the features of the security update are enabled. If the registry key exists, however, and it is set to enable custom settings, Outlook retrieves the user's settings from the public folder on the Exchange Server computer.

Once custom security settings are set up and work correctly, Outlook can automatically synchronize these custom security settings if users are working offline by using an offline folders file (.ost). To do this, users need to add the Outlook Security Settings public folder to the Favorites folder and then synchronize the folders.
For more information about offline folders and how to use them, click the following article number to view the article in the Microsoft Knowledge Base:
182158 (CW) What are offline folders and how do you use them?

How to Obtain Administrator Information and Tools

The Microsoft Office Resource Kit (ORK) Web site contains information and files that administrators can download. General information about how to administer the security update is located at the following Microsoft Web site:
Office 2000 Outlook 98/2000 E-mail Security Update White Paper
The Admpack.exe file contains the following files:
  • A Readme.txt file that contains documentation for administrators.
  • The Outlook Security Form template (OutlookSecurity.oft).
  • A policy file (Outlk9.adm) for computers that are set up with system policies. This file is for use with Microsoft Outlook 2000 and should not be used with Outlook 98.

How to Set Up the Outlook Security Settings Folder

NOTE: Using custom settings with the Outlook E-mail Security Update is only supported on Microsoft Exchange Server version 5.0 or later. Microsoft Exchange Server version 4.x is not supported.

An organization's Outlook security settings are stored in the Outlook Security Settings folder. The settings are configured by an administrator, and each individual client computer can optionally retrieve settings from this folder every time that Outlook starts.

Section 2.2 of the Readme.txt file describes how to set up the public folder. You must name the folder "Outlook Security Settings" (without quotation marks) and it must be located in the All Public Folders folder.

How to Create the Folder

To create the Outlook Security Settings folder:
  1. In the Folder List pane, right-click All Public Folders, and then click New Folder.

    NOTE: If you do not see the Folder List pane, click Folder List on the View menu.
  2. Type Outlook Security Settings as the name of the folder.
  3. Keep the default settings in the Properties dialog box, and then click OK.

How to Set Permissions on the Outlook Security Settings Folder

After you create the Outlook Security Settings folder, you must set the proper permissions on the folder. As the folder's creator, you automatically have owner permissions on the folder. If you want to let other people set Outlook security settings, you can give other users owner permissions on the folder. Microsoft recommends that you do this with discretion. To change permissions on the folder:
  1. In the Folder List pane, right-click the Outlook Security Settings folder, click Properties, and then click the Permissions tab.
  2. In the list of permissions, click Default, and then change the role to Reviewer because users need only basic read permissions on the folder.
  3. If you want to let other people administer the folder, click the Add button to add their names. Assign owner permissions to the users that you added.
  4. Click OK.
All users can see the Outlook Security Settings folder in the list of public folders. In addition, users can open the items that contain the settings and therefore see how all of the other users are configured.

How to Use the Outlook Security Form

When you use the Outlook Security form, you can change security settings for Outlook users. Section 2.3 of the Readme.txt file provides detailed steps about how to install the form. After the form is installed, it is the default form for the Outlook Security Settings folder, and you can click New to open the form and create a new security setting.

When you use the Outlook Security Form, you can create one item in the folder that stores the default security settings for the users. In addition, you can use the form to create additional items in the folder; each item is an exception to the default security settings. For example, you can create a "Power Users" item in the folder that contains a list of members in that group and the custom settings that they have. The form stores the user's name in the Members box of the form, and the settings are stored in a variety of Outlook user-defined fields in the item. Settings that you can configure include attachments, the Outlook object model, Simple Messaging Application Programming Interface (MAPI), Collaboration Data Objects (CDO), and the type of file extensions that are in the Level 1 or Level 2 lists. The Readme.txt file contains more detailed information about the individual settings.

When you use the Members box on the form, type resolvable e-mail addresses that are semicolon-delimited so that the entire list can be resolved, just as if you were typing the text in the To box of an e-mail message. The data from the Members box is actually stored in the To field of the item.

When you type file extensions on the form, as you are instructed to do in the Readme.txt file, make sure that each file extension does not include a period (.) before the file extension, that each extension is separated with a semicolon (;), and that you do not have spaces between the file extensions. For example:
xyz;yxz;zyx
NOTE: The form includes settings for the CDO object model, but these settings do not function unless you install the CDO E-mail Security Update. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
268462 Information about the CDO e-mail security update
Note that the folder operates on a "most recently created item" basis. If you add a user to more than one group, when Outlook starts it finds and uses the most recently created item that contains that user. Outlook does not retrieve all of the items from the folder, and Outlook does not evaluate all of the permissions that the user has been granted over the folder's history. Therefore, it is important that you carefully plan the security settings groups and which users are members of each group.

How to Update an Administrative Installation Point

If the users in your organization are running Outlook or Microsoft Office from a server location the ORK provides details about how to apply the Outlook E-mail Security Update to a server-based installation (the "setup /a" command).

Information About the Windows Registry Key

When a user starts Outlook, Outlook checks to see if a registry key is set and configured to use custom security settings. If it is, Outlook retrieves the user's settings from the Outlook Security Settings public folder.

The registry key holds a DWORD value and is in the following location:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Security\CheckAdminSettings
The CheckAdminSettings value can contain the following values:
Collapse this tableExpand this table
Key stateDescription
No keyOutlook uses default administrative settings.
Set to 0Outlook uses default administrative settings.
Set to 1Outlook looks for custom administrative settings in the Outlook Security Settings folder.
Set to 2Outlook looks for custom administrative settings in the Outlook 10 Security Settings folder.
Set to anything elseOutlook uses default administrative settings.
IMPORTANT: The behavior that is described may seem different from the behavior that is described in section 2.4 of the Readme.txt file. The Readme.txt file implies that if you have no key or if the key has a value of zero, Outlook checks for settings on the server. This is not correct; the default Outlook "lock-down" settings are used, not the settings that are stored in the Default Security Settings folder in the public folder.

Section 2.4 of the Readme.txt file provides details about how to deploy the registry to the user's computers. The method that you use to deploy the registry varies depending on configuration and whether or not policies are in effect.

How to Manually Create the Registry Key

For information about how to create the registry key, see section 2.4.3 of the Readme.txt file.

How to Implement the Security Update on Third-Party Mail Servers

For more information about implementing the security update on third-party mail servers, click the following article number to view the article in the Microsoft Knowledge Base:
265717 How to implement the Outlook e-mail security update on other mail servers

References

For more information about the Outlook E-mail Security Update, click the following article numbers to view the articles in the Microsoft Knowledge Base:
262617 Information about the Outlook e-mail security update
262700 Developer information about the Outlook e-mail security update
263296 Administrator information about the Outlook e-mail security update
262618 Known issues with the Outlook e-mail security update
264566 Known setup issues with the Outlook e-mail security update
264127 Known interoperability issues with the Outlook e-mail security update
264129 Known third-party issues with the Outlook e-mail security update for Outlook 98

Properties

Article ID: 263296 - Last Review: September 4, 2013 - Revision: 5.0
Applies to
  • Microsoft Outlook 98 Standard Edition
Keywords: 
kbinfo KB263296
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com